tag:blogger.com,1999:blog-8591018003444406729.post6891347112878363912..comments2023-10-25T06:13:28.265-04:00Comments on The Conservative Wahoo: We Focus on Flags While China Robs Us BlindThe Conservative Wahoohttp://www.blogger.com/profile/17818674434286683162noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8591018003444406729.post-53937998626166660542015-06-25T15:40:52.457-04:002015-06-25T15:40:52.457-04:00When are all those Republicans running for the nom...When are all those Republicans running for the nomination in 2016 going to stand up and say to the press, "Look, you guys passed on vetting Obama in 2008, and you have failed to hold him responsible for ANYTHING bad that happened on his watch. As such, you are no longer credible, so I will no longer answer any of your 'gottcha' questions."JBnoreply@blogger.comtag:blogger.com,1999:blog-8591018003444406729.post-87883390081780726472015-06-24T12:17:43.008-04:002015-06-24T12:17:43.008-04:00I work in cybersecurity now. OPM ignored the bulk ...I work in cybersecurity now. OPM ignored the bulk of the FISMA (Federal Information and Security Management Act) rules, the ones we citizens and private companies can get fined or sued for not complying with.<br /><br />The OMP hack comes down to 4 major points of failure:<br />- Old systems, layer upon layer of patchwork and plaque to keep them functioning, often using systems which are no longer made by companies and integrators which no longer exist. But, even old stuff can be encrypted.<br />- No encryption on the 43 major databases used by OPM. Which would have helped, except....<br />- To have encryption, each end upser needs two-factor authentication, like a military CAC card, or an RSA token with a code generator. OPM didn't have that. They were fixin' to. It was on the roadmap.<br />- Once on the network, they could pretty much go anywhere. And as government has outsourced to other companies, the perimeter is extended - and you're only as weak as the weakest link.<br />Good article here: http://arstechnica.com/security/2015/06/epic-fail-how-opm-hackers-tapped-the-mother-lode-of-espionage-data/<br />NavyAustinnoreply@blogger.comtag:blogger.com,1999:blog-8591018003444406729.post-70828133477400718502015-06-24T09:13:18.266-04:002015-06-24T09:13:18.266-04:00And what about OPM's assertion in Congressiona...And what about OPM's assertion in Congressional testimony that "no one" was at fault for the leak. They blamed the hackers! Even my liberal friends, who purport to believe government is competent, did not defend that. The dereliction of the press is arresting.TigerHawkhttps://www.blogger.com/profile/07478818024748287426noreply@blogger.com