Submitted via IRC for TheMightyBuzzard
The Democratic National Committee (DNC), still reeling from the hack on its computer system that resulted in a bunch of leaked emails and the resignation of basically all of its top people, has now created a "cybersecurity advisory board" to improve its cybersecurity and to "prevent future attacks." .
"To prevent future attacks and ensure that the DNC's cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field," interim DNC Chairwoman Donna Brazile wrote in a memo. "The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces—today and in the future."
Sure. That sounds like a good idea. But, then there's this:
Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.
[...] But none of them are actual cybersecurity experts. I have no problem with these people being on this advisory board, but it's insane to put together a cybersecurity advisory board that doesn't include at least a single (and probably more) actual technologist with experience in cybersecurity.
Related Stories
Back in 1998, Paul Strassmann, a former CIO of Xerox, NASA, and the US Department of Defense, wrote in Computerworld about how Microsoft's overly complex, defective, and vulnerable systems which were already a threat to national security even back then. The intervening time has shown Strassmann to have been more than correct as the problems he identified with Microsoft and its products worsen monatonically. Mitchel Lewis writes a guest post at Techrights about the current situation and how Microsoft remains a security threat against national security and systematic reliability of our computer-based society today:
That said, I think enough time has elapsed to confirm that Paul Strassmann is an authority on such matters and that Microsoft is precisely who he said they were. Further and with hindsight in our pocket, it seems as if Microsoft was merely projecting when they said Strassmann's paper was flawed and that he made errors in analyzing the state of computer security and its causes in light of their 95–99% monopoly on ransomware infections alone and that ransomware is already considered to be a national security threat.
[...] However, I'd like to think that Microsoft would get creative if the government were to sanction Microsoft by allowing allow citizens and businesses impacted by ransomware to bill Microsoft for the cost of the ransom and their losses in productivity. And although Microsoft cannot be faulted for the attacks, they can be faulted for their shit-in-hand approach to quality and security while sanctioning them until they actually take a common-sensical approach to quality and security appears to be the simplest means of combating ransomware and mitigating the threat it poses to our national security.
While 2% of known ransomware affects Android, which makes 72% of the mobile market and 41% of all clients, the rest is for Microsoft's product line which weighs in at 32% of the market nowadays. So far Microsoft's response has been weak and based on strawman fallacies with the occasional feeble ad-hominem fallacy thrown in.
Previously:
Many posts about Windows ransomware
(2021) The State Department and Three Other US Agencies Earn a D for Cybersecurity
(2016) DNC Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert
(2016) Execs: We're Not Responsible for Cybersecurity
(Score: 2, Insightful) by Anonymous Coward on Tuesday August 16 2016, @09:29PM
How to build a large empire is probably on the agenda at *some* point. But for now make sure people who need a favor get a job.
(Score: 4, Insightful) by Absolutely.Geek on Tuesday August 16 2016, @09:31PM
The job titles of these people sound so impressive; we must instantly be more secure just from forming the team.
Don't trust the police or the government - Shihad: My mind's sedate.
(Score: 2, Insightful) by Anonymous Coward on Tuesday August 16 2016, @09:34PM
It depends upon the purpose of the board. I doubt they are the ones who are supposed to come up with the detailed nuts-and-bolts technical answers. I would bet that they would have cybersecurity people they task to address issues. Just like with rockets. The board of directors of Boeing, or whomever, are not the ones designing the rockets.
(Score: 2) by tibman on Tuesday August 16 2016, @09:38PM
But then what sort of advice can this advisory board give? Their advice will be to ask someone who actually knows! lol
SN won't survive on lurkers alone. Write comments.
(Score: 1, Interesting) by Anonymous Coward on Tuesday August 16 2016, @09:51PM
Scott Adams has been talking about exactly this point.
http://blog.dilbert.com/post/148197490846/the-inexperienced-voter [dilbert.com]
http://blog.dilbert.com/post/148152679301/experience-is-overrated [dilbert.com]
It is an interesting theory. It fits the evidence of how people like Trump and Clinton actually work. Take Trump for example. He has built many large buildings. He may have a passing knowledge of welding and pouring cement. But he knows a guy he can go to to get the right advice on that sort of thing to hire the right people.
This board does seem a bit light on tech people though. You probably want someone who has a passing knowledge of what is going on. A gang of lawyers does not seem like the right set of credentials for this job. They do have a couple of CTOs in there so maybe they will be fine? My guess is the lawyers are there to help write laws to make doing what happened have a harsh criminal penalty. Then grab one of their favored congress critters and push it out under a 'get tough on crime' bill.
(Score: 3, Informative) by mechanicjay on Wednesday August 17 2016, @12:06AM
My VMS box beat up your Windows box.
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @12:23AM
CTOs are the worst because they think they're technical people and that their grasp of internet plumbing and system security must be so utterly superior because they're C*O and you're just a peon.
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @09:33PM
I have no problem with not populating the board with hands-on types, who would probably be bored, annoyed and/or incompetent at handling the duties of board members.
(Score: 5, Insightful) by hemocyanin on Tuesday August 16 2016, @11:00PM
Dead weight of the 1%. That seems to be the root of so many problems in America -- the people who actually do the work get none of the glory, little of the money, and shafted or imprisoned if anything goes wrong. Those on top get richer and more powerful.
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 17 2016, @10:36AM
Dead weight of the 1%. That seems to be the root of so many problems in the world -- the people who actually do the work get none of the glory, little of the money, and shafted or imprisoned if anything goes wrong. Those on top get richer and more powerful.
There.... fixed it for you.
(Score: 0) by Anonymous Coward on Thursday August 18 2016, @06:40AM
America is even more ass-backwards than most countries. In America, we make the poor pay extra taxes in order to give tax breaks to the rich. Our government is a Reverse Robin Hood, stealing from the poor and giving to the rich. Nowhere else are the poorest of the poor so enthusiastic to increase their own tax burden so that the top 1% can withhold even more money from the economy.
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @05:35PM
That's the way it's always been. Most of Edison's "inventions" came from the toiling grunt work of his staff. Edison got the fat royalty checks and his workers only got a regular paycheck. Being the 1% is about perfecting the art of bullshitting and credit swiping. We've only tolerated it because trickle-down mostly worked, and worked better than the alternatives. But trickle-down is now teetering.
(Score: 3, Insightful) by bob_super on Tuesday August 16 2016, @09:37PM
Do I really need to link to the background of the various members of scientific and tech committees in the US congress?
For the DNC (and the RNC), getting appropriately knowledgeable members is not a requirement. It's not even on the criteria list.
Business as usual
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @10:04PM
As seen on Mr. Robot, the way to ensure security is to beat up the IT guy.
Or as seen in real life, the way to secure a government network is to throw the IT guy in jail, such as happened to Terry Childs (who? nobody remembers that loser).
To ordinary people, security means violence. Nothing more.
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @10:16PM
Scientists are among the only people capable of destroying humanity. Maybe we should let them.
(Score: 1, Funny) by Anonymous Coward on Tuesday August 16 2016, @10:22PM
Scientists never actually go through with it. The most they do is build doomsday devices and snigger about how they could destroy humanity.
(Score: 2, Insightful) by Anonymous Coward on Wednesday August 17 2016, @01:57AM
Different AC here. The problem is they have this "ethics" thing. They need to ditch it. Stop believing in the goodness of humanity or "progress," whatever the hell that is.
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @02:01AM
I remember Terry Childs.
As I recall, he was a network administrator working for the City and County of San Francisco whose management changed and who took his job too seriously.
When the incompetent management demanded the passwords, he refused to reveal them to people whom he thought were incompetent.
Whether they were competent or not was not Terry Child's decision to make. And that was his mistake.
He should have given them the passwords and let them fuck things up. THAT would have been justice.
Terry Childs made the same mistake EVERY information technology professional makes, at least once.
I infer that he treated the invitation from his previous management, to "own" the infrastructure and make it his, as a literal invitation, not a metaphor for responsibility.
As a systems and network administrator I deal with people every day who say that it is "their" laptop or "their" desktop computer or "their" office or "their" desk or "their" chair - even taping crap all over to mark it as "theirs".
I say, grow up. We are here to make money, and add value ... not fight over what's yours.
~childo
PS: I was going to sarcastically suggest that I was surprised there was no Wikipedia page covering this breathless sequence of events ... but I am slightly nauseated to see that there IS web page.
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @03:13AM
I knew it. I knew someone would reply with the Nazi following orders meme.
"Do what you're told when you're told, because money."
Fuck you.
(Score: 0) by Anonymous Coward on Thursday August 18 2016, @06:54AM
There's a difference between breaking the law/doing obviously immoral things because you're ordered to and doing your fucking job. If your boss orders you to do something immoral/illegal, its your moral and legal responsibility to ignore that order because following it will result in you being fucked, but if its something thats neither immoral nor illegal then you sure as shit are supposed to do your damn job. The Nuremburg Trials were about "following orders" not being a valid defense or justification for criminal misconduct. This is all completely unrelated to Terry Child's criminal misconduct because he was not asked or ordered to break the law or commit immoral acts, and in fact his refusal to follow orders is where he started breaking the law. There is no doubt that his refusal to divulge the passwords to the actual owners constituted a crime.
(Score: 3, Funny) by SanityCheck on Tuesday August 16 2016, @10:20PM
A victory for transparency. Soon we will know all their secrets.
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @10:25PM
Buzzard sleeps with a penismightier.
(Score: 3, Funny) by The Mighty Buzzard on Tuesday August 16 2016, @10:47PM
Gussy it up however you want, Trebek, what matters is does it work?
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @11:34PM
explanation:
http://mashable.com/2015/05/15/celebrity-jeopardy-pen-is-mightier/ [mashable.com]
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @11:37PM
Don't ! explain ! the ! joke !
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @11:48PM
You wouldn't fault a website for linking to some torrents, would you? Don't fault me for linking to an explanation.
(Score: 1, Funny) by Anonymous Coward on Tuesday August 16 2016, @10:40PM
... and that’s TheMightyBuzzard. I hope he’s willing.
(Score: 3, Insightful) by Dunbal on Tuesday August 16 2016, @11:44PM
Who needs security when 'Because Russia' gives them massive poll boosts? They're just dying to get hacked again. Democrat voters apparently don't even care about what is being revealed.
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @03:11AM
They didn't even care when Hillary Clinton said "Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.”
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 17 2016, @04:09PM
Who needs security when 'Because Russia' gives them massive poll boosts? They're just dying to get hacked again. Democrat voters apparently don't even care about what is being revealed.
I'll bite... so what was so bad that was revealed? People keep talking about there being some horrible secret, but I only know of two things.
1) The conspiracy against Bernie Sanders. It's terrible (mainly because it violates what the party had verbally claimed and it violates their charter). The party is trying to push an agenda (much like the Republicans, the Greens, and every political party), and they are doing things to do that. In my mind, morally a political party can use any legal means it wants to in order to select who it wants to present to the general electorate. All of this is party-internal, proverbial sausage-making.
2) Shuffling money around from local to Clinton's campaign. Again this seems like party-internal politics. They want to push an agenda, they are doing so in the way they think best. It's no more smarmy than how the Republican candidates were selling contact lists of voters to their rivals during the primaries. It's definitely creepy, but far from an indictment of how well or poorly a person would govern.
Was there some smoking gun (e.g. Clinton bribing people, embezzling or redirecting money, arranging assassinations, or something else) which I don't know about? For that matter, is there anything *Clinton* (as opposed to officers of the DNC) has been shown as wrongdoing in these emails?
(Score: 2) by DeathMonkey on Wednesday August 17 2016, @05:03PM
Wait, you mean to tell me the Democratic Party preferred the Democratic candidate to the Independents one? SHOCKING!
(Score: 0) by Anonymous Coward on Thursday August 18 2016, @07:12AM
What Independent one? Bernie was a Democrat. The Democrat party is not some elite club where they can pick and choose who gets to be a member, if somebody chooses to associate with the Democrat party then they're a Democrat, period. A significant portion of the party's base (you know, the people the party is supposed to be representing) made it clear that, instead of being a less bigoted clone of the GOP, they want their party to be less right wing, less authoritarian and more libertarian, less conservative and more liberal, less neoconservative, less neoliberal, and a lot more progressive, and the party told about half their constituents to fuck off (and continue to say "fuck you" and rub it in). Democracy is not a top-down affair, its a bottom-up one. The "party leaders" are supposed to listen to their base, not tell their base what to think and do, which is exactly what they're doing. This is an example of elitism and wannabe-aristocracy at its finest. If you don't understand the outrage over a small group of elites hijacking democracy and replacing it with an oligarchy then I don't know what else to say.
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @04:44AM
The name is Chopra, Aneesh Chopra.
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @02:07PM
I mean, that word must mean it's hyper-cool and advanced beyond 21st century tech [nationalinterest.org], right? Right? RIGHT [youtube.com]???
(Score: 0) by Anonymous Coward on Wednesday August 17 2016, @04:02PM
so it takes a clique of feds and lawyers to hire some bootlicking "IT firm" that will probably decide to still put windows computers on the internet? i don't think they're really as stupid as they want everyone to think they are. they want to be compromised for more laws/control, as another poster has mentioned.