SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
The Federal Communications Commission has told members of Congress that it won't reveal exactly how it plans to prevent future attacks on the public comment system.
FCC Chairman Ajit Pai and Democratic lawmakers have been exchanging letters about a May 8 incident in which the public comments website was disrupted while many people were trying to file comments on Pai's plan to dismantle net neutrality rules. The FCC says it was hit by DDoS attacks. The commission hasn't revealed much about what it's doing to prevent future attacks, but it said in a letter last month that it was researching "additional solutions" to protect the comment system.
[...] "Given the ongoing nature of the threats to disrupt the Commission's electronic comment filing system, it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred," the FCC chief information officer wrote. "However, we can state that the FCC's IT staff has worked with commercial cloud providers to implement Internet‐based solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs."
[...] When responding to another question about what hardware resources are being committed to improve the comment system's uptime, the CIO again said that revealing specific details would undermine the FCC's security.
[...] There are apparently no law enforcement agencies involved in the FCC's ongoing investigation because the attacks weren't significant enough. "The FCC consulted with the FBI following this incident, and it was agreed this was not a 'significant cyber incident' consistent with the definition contained in Presidential Policy Directive-41 (PPD-41)," the FCC said in its letter to House Democrats.
[...] Pai told House Democrats to trust him that the situation is under control.
-- submitted from IRC
(Score: 2) by The Mighty Buzzard on Tuesday August 01 2017, @11:49PM (9 children)
Some people still think security by obscurity is a viable option. Mostly because HR droids aren't capable of hiring good generic IT staff, much less security pros.
My rights don't end where your fear begins.
(Score: 2) by krishnoid on Wednesday August 02 2017, @12:04AM (1 child)
Much less informed FCC chairmen.
(Score: 0) by Anonymous Coward on Wednesday August 02 2017, @01:25AM
"They gave me an 84 page Power Point presentation back in April. I'm stuck on page six trying to figure out what some of these symbols are and why they used a serif font when the first five pages used a sans serif font."
(Score: 2) by kaszz on Wednesday August 02 2017, @12:20AM
It seems there is a more or less different species of people deeply into the social and rhetorical thing. Occasionally they formally learn management skills in various shapes. But the core of it is the same. They are impediments and parasites. There ought to be a way to change the fundamentals so their base of existence is eroded for all practical purposes?
(Score: 2) by Runaway1956 on Wednesday August 02 2017, @12:38AM (3 children)
Although obscurity is over-hyped in some circles, it does have value. If you determined to attack my network, and I've never given you any details about my OS's, or any of the software I use, you'll have to do some homework before you even begin to "hack" me. In and of itself, obscurity is not a "bad thing". Over reliance on obscurity most definitely is a "bad thing".
(Score: 3, Interesting) by Azuma Hazuki on Wednesday August 02 2017, @01:20AM (2 children)
Agreed, but it's about on the same level as avoiding predation by looking inconspicuous. You need to look inconspicuous *and* actually be carrying six-inch venomous fangs and a hide made of iron. Obscurity can be one small component of a defense in depth strategy but that's all.
I am "that girl" your mother warned you about...
(Score: 2) by Runaway1956 on Wednesday August 02 2017, @02:48PM (1 child)
guy# apt-cache search fangs
fonts-cwtex-fs - TrueType Font from cwTeX - FangSong
golang-github-spf13-viper-dev - Go configuration with fangs
https://github.com/spf13/viper [github.com]
I guess I won't be doing apt-get install venomous-fangs . . .
(Score: 0) by Anonymous Coward on Wednesday August 02 2017, @04:53PM
You don't want fangs that were compiled by someone else, they probably neutralized the venom. I say use the vampire package to compile, that way your computer gets stronger after every attack.
(Score: 4, Interesting) by stretch611 on Wednesday August 02 2017, @01:02AM (1 child)
Most companies don't want to PAY for good IT staff...
Sadly, security is something that companies pay to add to something after they get hacked, it isn't worth the budget before there is a problem. And the security budget gets cut significantly after the original problem is only a distant memory.
Good IT staff knowledgeable in keeping things secure can save a lot of money in the long run, but companies are too short sighted only looking for short term profits to please investors before the executives jump ship to the next company.
While this is the FCC, not a corporation, Pai is definitely looking to get a great paying, no-work job at one of the cable companies when he leaves.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by kaszz on Thursday August 03 2017, @12:15AM
Sounds like the "rescue consulting" is booming ;-)