Posted on 06/10/2013 12:10:36 PM PDT by nickcarraway
What happens when your change control system is down because of a systems crash. There always has to be a known root password or otherwise bad things happen. At the very least, it should be written down and stored off-site.
“I would assume/hope that if you’re working with top secret data, that other methods are in place to insure that you’re still one of the “good guys” (periodic reviews of your clearance status, etc.).”
I have had two classified jobs. What Snowden did chills me to the bone. Because virtually all of our security relies on trusting the cleared people to be honest. People on FR who hate Obama think he’s a hero, that he did something wonderful. Individuals do not get to make decisions of national importance. We hire a president and Congress for that. (Such as he is and they are. It’s still their job.) Snowden has committed treason and he has damaged America by informing our enemies of what we have and therefore how to avoid it. This will cost American lives.
So far I don’t understand how it will cost American lives, since he didn’t reveal anything we didn’t already know.. except for the fact that Obama is doing all this illegally. As far as the technical capabilities described, those aren’t a surprise to anyone.
“So far I don’t understand how it will cost American lives, since he didn’t reveal anything we didn’t already know.. except for the fact that Obama is doing all this illegally. As far as the technical capabilities described, those aren’t a surprise to anyone.”
Our enemies are 9th century barbarians with cell phones, computers, email, etc. For the most part they don’t have a clue how any of that stuff works. Now Snowden has revealed it to them. They will start using couriers or carrier pigeons or smoke signals. They will not be as easy to track. Recently, bombings in London were stopped by this very technology.
But more importantly, there are perhaps 100k people with access to material that could get people killed. Names and addresses of sources, for example. If Snowden gets away with this, if he gets a book contract and a movie deal then how safe will all that information be with the latest generation of 20-somethings?
And, as was pointed out to me when Jimmy Carter revealed all there was to know about a program I was working on, as far as we were concerned it was still secret. WE were not allowed to fill in the gaps that he left. (Carter even mentioned the name of a source in Libya at a Washington dinner and the man was executed.) Revealing classified information can have huge global consequences far beyond the little fact you let drop.
If they're that out of the loop, then they probably won't be seeing Snowden's high-level conceptual PowerPoint presentations. Otherwise, they are probably going on what they know from James Bond movies... which is that governments can (and could, for a long time) listen in on anything they please.
The only damage done so far is to Obama's pristine reputation.
“Our enemies are 9th century barbarians with cell phones, computers, email, etc”
At first, I thought your were referral to 0bama and his Leftist totalitarian friends.
The totalitarian world wide Leftist movement is infinitely more threatening than Islam. I fear my government way, way more than Islamic terrorists. In fact, our current government is in bed with the Islamic radicals.
If a sysadmin needs to make a change that requires root access, he needs a valid approved change number, where the exact change to be made is documented. He enters that number into a password control system, and draws the root password. That password is only good for the time period specified in the change control.
Not all companies have that level of access control, however, we have systems that log every change to Active Directory, and we have to document every single change. Those changes are then audited by our Sarbanes-Oxley 3rd party audit firm. Any change MUST be justified by management.
Mark
We got nailed with RIAA and MPAA cease and desist letters that scared our leadership into immediate and radical action. Funny thing was that the worst offenders were the employees with the biggest paychecks.
When I was interviewing for this job we reached the silly point and my to-be boss got this glint in his eye and asked me in front of the hiring committee, "Are you a people person?"
"Heck no, I'm not a people person!" I said. "I'm a system administrator! I have this job because I hate people and I want them to suffer!"
Jaws dropped but he gave it away when he started laughing. They hired me.
Bwahahahah. That’s awesome.
And the collection/storage of such information is clearly not lawful, by the 4th Amendment to the Constitution — wouldn't this PRISM indicate that the majority of classified people who knew about PRISM and did nothing are the ones who are dishonest?
LOL - Awesome story.
My relative prosecutes pedophiles among other freaks. His experience is that most people have no idea how easy it is to retrieve or reconstruct files from PCs and handheld devices.
He particularly enjoys the look on their faces when the police show them the files they said they never had or viewed.
Didn't use any of this for personal gain -- it's too risky and not worth it. More interesting is seeing the way how data flowed through. Now THAT was worth it -- I didn't want to jeopardize my access by being stupid.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.