This morning on CBS, a former CIA exec was on, he was appointed to
Obama's council to review the NSA.
This idiot, thinks that instead of the NSA holding the data, we should
give this data to a private consortium and then the NSA will need to get
a judges order to query the data.
Two problems with this.. I don't trust the NSA, but I don't trust
private business either, to do the right thing. I am responsible for
massive amounts of data, and I keep coming across passwords to data that
are so simple... the password is password in many databases. These are
systems that are supposed to be so tight... and here I find some idiot
made a service account a simple password (yes we have complexity rules,
but I find someone turned it off to set this, it predates me)... Many
companies are trying to fix this, but it is a half assed job, as many
will file for an exception and be granted it.
Also the testing of passwords is just too simple... they only test a
very limited list.
I don't trust most companies (the people in them) to do the right thing.
So the last thing I want to do is see this mess be handed over to the
private sector.
Now do I trust the NSA, NO!!! But if we are going to keep this program
going, we need to keep it at the NSA.. These guys while not perfect, are
certainly more secure than the private sector. Of course you have
Snowden who proved it's not very secure.. but add more people and more
entities in, and watch it be so open that it's a joke.
The biggest danger is from within..
The next biggest danger is arrogance, in thinking you are
inpenetratable, so you protect everything inside, so if you are a little
loose, it's ok.
The next biggest danger is the outside, because there are always groups,
people, or terrorists that want your info, or to take you down.
Stupid rules...
Now lets talk about drones.. military and otherwise.. Eventually someone
will hack a drone and attack us with our own drone..
Too many think technology is the answer and you can protect it..
You can't believe its secure... you have to think it's insecure.
You need a secondary system that even monitors the primary system and
protects it, then a system that protects that, and a system that
protects that... .... you get the point... you can't be sure..
My former office mate was tasked with breaking into the phone systems to
find the vulnerabilities... He was good and did so quite easily..
Sometimes the phone companies were slow to close the hole thinking it
wasn't an easy hack... Stupid right??? If he did it, why wasn't it
easy.. Arrogance..
--
Jeff
On 12/22/2013 10:07 AM, woodchucker wrote:
> Too many think technology is the answer and you can protect it..
> You can't believe its secure... you have to think it's insecure.
> You need a secondary system that even monitors the primary system and
> protects it, then a system that protects that, and a system that
> protects that... .... you get the point... you can't be sure..
http://www.techdirt.com/articles/20131220/14143625655/nsa-gave-rsa-10-million-to-promote-crypto-it-had-purposely-weakened.shtml
--
eWoodShop: www.eWoodShop.com
Wood Shop: www.e-WoodShop.net
google.com/+KarlCaillouet
http://www.custommade.com/by/ewoodshop/
KarlCaillouet@ (the obvious)