Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 12-03-2004, 11:44 AM   #1 (permalink)
Psycho
 
vox_rox's Avatar
 
Location: Comfy Little Bungalow
Id The CIA Really This Dumb?

I just read an article here http://www.washingtontimes.com/funct...1-114750-6381r that talks about how security on the Internet is such a problem that they should consider how to crack down onit, allowing only "those who take securtiy seriously" to have access. the whole article goes like this:

Quote:
Tenet calls for Internet security
By Shaun Waterman
UNITED PRESS INTERNATIONAL
Published December 2, 2004

--------------------------------------------------------------------------------
Former CIA Director George J. Tenet yesterday called for new security measures to guard against attacks on the United States that use the Internet, which he called "a potential Achilles' heel."
"I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability," he told an information-technology security conference in Washington, "but ultimately the Wild West must give way to governance and control."
The former CIA director said telecommunications -- and specifically the Internet -- are a back door through which terrorists and other enemies of the United States could attack the country, even though great strides have been made in securing the physical infrastructure.
The Internet "represents a potential Achilles' heel for our financial stability and physical security if the networks we are creating are not protected," Mr. Tenet said.
He said known adversaries, including "intelligence services, military organizations and non-state actors," are researching information attacks against the United States.
Within the federal government, the Department of Homeland Security has the lead role in protecting the Internet from terrorism. But the department's head of cyber-security recently quit amid reports that he had clashed with his superiors.
Mr. Tenet, who retired in July as director of the CIA after seven years, warned that al Qaeda remains a sophisticated group, even though its first-tier leadership largely has been destroyed.
It is "undoubtedly mapping vulnerabilities and weaknesses in our telecommunications networks," he said.
Mr. Tenet pointed out that the modernization of key industries in the United States is making them more vulnerable by connecting them with an Internet that is open to attack.
The way the Internet was built might be part of the problem, he said. Its open architecture allows Web surfing, but that openness makes the system vulnerable, Mr. Tenet said.
Access to networks like the World Wide Web might need to be limited to those who can show they take security seriously, he said.
Mr. Tenet called for industry to lead the way by "establishing and enforcing" security standards. Products need to be delivered to government and private-sector customers "with a new level of security and risk management already built in."
The national press, including United Press International (UPI), were excluded from yesterday's event, at Mr. Tenet's request, organizers said.
So, I guess my questions are:
1) what do they think they can do?
2) IF they could do something, would they in the face of looking like a totalitarian regime?
3) what does this mean for Microsoft, the world's least secure yet most used operating system?

I find it ironic that it is the RETIRING chief saying all this, as if he has any pull anymore anyway. But conspiracy theorists always say that for every uttered sentence, there is a word of truth. So, what is the truth here? Go ahead, tell me. I CAN handle the truth.

Peace,

Pierre
__________________
---
There is no such thing as strong coffee - only weak people.
---
vox_rox is offline  
Old 12-03-2004, 12:30 PM   #2 (permalink)
42, baby!
 
Dragonlich's Avatar
 
Location: The Netherlands
I'd say he's right. There should be some sort of effort to crack down on insecure computers, which are directly responsible for a lot of problems right now (DDOS attacks, spam, viruses, etc). They might be abused by someone, including terrorists, to further a political goal. I think it's rather irresponsible to go online with a system that's insecure, because you're not only risking your own system, but are potentially harming other people's computers too.

Now, if your OS is insecure and you can't do anything about it, that's one thing; but if there are patches to make it more secure, and you simply refuse to install them, you are being irresponsible. There are in fact many unpatched systems out there, systems that could have been secure, if only the end user cared. And no, I don't think ignorance is an excuse; if you don't know how to use a computer, you shouldn't be using it!

If we're talking about more critical systems (companies, utilities, etc), it's even worse: the owners have an obligation to protect their data and their computer systems. At the very least it's an obligation to their stockholders. I'd say governments can and should demand that such systems are properly protected, in the interest of national security. There are many laws and rules that govern what you can and can't do in the physical world (environmental demands, safety demands, etc), so why would computer security be something different? I think it's rather stupid if a company spends millions to physically protect their buildings, but won't spend a fraction of that money protecting their computer system! (Especially stupid, given the fact that a lot of secret corporate data is on those computers!)

My answers to your questions:

1) I think the government can talk to companies such as Microsoft, and ask them to improve the security. They can also go to ISPs, and ask them to take a more pro-active role in this area. After that, they can create laws that force companies to implement a bare minimal amount of computer security.

2) They wouldn't look like a totalitarian regime. It's time people started realizing that owning a computer also gives you some responsibilities. I'd say it'd be perfectly reasonable to cut internet access to computers that aren't well protected, on the basis that these computers can and will be abused. It's kind of like the government making rules about car travel, such as maximum speeds, minimum safety guidelines; if you don't follow the rules, they'll give you a ticket. Do you consider that a sign of a totalitarian regime too?

3) That's a rather biased statement, isn't it? MS' operating systems may not be perfect, but they're hardly the "least secure" OSes. But yes, they'll need to (further) improve their security, as they're doing right now. On the other hand, it's still the end user that has to update his system, and if this user fails to do that, you can hardly blame Microsoft. Which brings us right back to my initial statement: the end user is at least partly responsible.
Dragonlich is offline  
Old 12-03-2004, 12:34 PM   #3 (permalink)
Getting Medieval on your ass
 
Coppertop's Avatar
 
Location: 13th century Europe
It would seem to me that this would be a logistical impossibility for any one entity.

Last edited by Coppertop; 12-03-2004 at 12:35 PM.. Reason: spelling
Coppertop is offline  
Old 12-03-2004, 12:49 PM   #4 (permalink)
Psycho
 
vox_rox's Avatar
 
Location: Comfy Little Bungalow
Quote:
Originally Posted by Dragonlich
My answers to your questions:

2) They wouldn't look like a totalitarian regime. It's time people started realizing that owning a computer also gives you some responsibilities. I'd say it'd be perfectly reasonable to cut internet access to computers that aren't well protected, on the basis that these computers can and will be abused. It's kind of like the government making rules about car travel, such as maximum speeds, minimum safety guidelines; if you don't follow the rules, they'll give you a ticket. Do you consider that a sign of a totalitarian regime too?
Well, when it comes to travelling by car where there is imminent risk of death or injury, of course rules are important and I would never call any govenment totalitarian nased only on the fact that they implement and enforce traffic laws. Further to my comment, I realize I may have overstated my case using words that may have been too sweeping. However, I do not think that forcing individuals in their homes to have certain software on the computers is either realistic, nor is that the role of government, and I would certainly NOT allow a government to tell me what I should and should not be runing on my computer, or in my stereo, or what books I read, or anything that falls under the realm of Home Electronics. Period.


Quote:
Originally Posted by Dragonlich
3) That's a rather biased statement, isn't it? MS' operating systems may not be perfect, but they're hardly the "least secure" OSes. But yes, they'll need to (further) improve their security, as they're doing right now. On the other hand, it's still the end user that has to update his system, and if this user fails to do that, you can hardly blame Microsoft. Which brings us right back to my initial statement: the end user is at least partly responsible.
I can see your point here, but there is one key weakness here that you have not though about, and that is my Mother. Or yours for that matter. She is unaware of what kind of technology is invloved in Internet communcaitions. In fact, she's fairly oblivious to almost every aspect of computer technology, but since the "every home with a PC" con has gained speed, she has one, whether she knows how to use it or not, or even needs it or not. So she basically has no clue what a "patch" is, what constitutes a secure system, or even the consequneces of sending a piece of e-mail. And I would be willing to bet that there are millions, maybe tens of millions of people just like her, who will NEVER know what is going on with their computer.

So, your suggestion would be that anyone without some level of computer certification would be prohibited from owning/operating a computer in their house until such time as they can demonstrate that they know how to use one safely. Is that correct?

Peace,

Pierre
__________________
---
There is no such thing as strong coffee - only weak people.
---

Last edited by vox_rox; 12-03-2004 at 01:10 PM..
vox_rox is offline  
Old 12-04-2004, 02:07 AM   #5 (permalink)
42, baby!
 
Dragonlich's Avatar
 
Location: The Netherlands
Quote:
Originally Posted by vox_rox
However, I do not think that forcing individuals in their homes to have certain software on the computers is either realistic, nor is that the role of government, and I would certainly NOT allow a government to tell me what I should and should not be running on my computer, or in my stereo, or what books I read, or anything that falls under the realm of Home Electronics. Period.
I think that's all fine and dandy, but have you considered the consequences? Suppose I were to exercise my right not to install a firewall and virus scanner, and as a result, I get infected with a worm that sends massive amounts of data to other computers, infecting them in the process (after all, they exercised their rights too). I would be criminally negligent, and should be held accountable for the results of me exercising my "rights".

I do not suggest that the government should be allowed to force you to install a certain program (no way!); I'm suggesting that the government can expect you to provide at least *some* protection. I'd say they can ask you install *a* firewall and *a* anti-virus program. They could probably go to the ISP for this, who can be legally required to provide such programs free of charge.

Now, if you still choose not to install such programs, it's your choice. However, any resulting damage is *your* responsibility too. I'd say a solution would be to force ISPs to remove internet access from computers that are spreading viruses, worms, spam, etc. Just like some companies are shutting down websites with illegal content. After all, when your (in)action results in damage to others, you are responsible for the results, and your damaging (in)activity should be stopped.

As I said: the end user is at least partly responsible.

Quote:
I can see your point here, but there is one key weakness here that you have not though about, and that is my Mother. Or yours for that matter. She is unaware of what kind of technology is involved in Internet communications. In fact, she's fairly oblivious to almost every aspect of computer technology, but since the "every home with a PC" con has gained speed, she has one, whether she knows how to use it or not, or even needs it or not. So she basically has no clue what a "patch" is, what constitutes a secure system, or even the consequences of sending a piece of e-mail. And I would be willing to bet that there are millions, maybe tens of millions of people just like her, who will NEVER know what is going on with their computer.

So, your suggestion would be that anyone without some level of computer certification would be prohibited from owning/operating a computer in their house until such time as they can demonstrate that they know how to use one safely. Is that correct?
No, that's not what I'm suggesting. I'd certainly think a lot of helpdesk people would applaud such a thing, though.

No, I'm suggesting your mother should be assisted. She should be told by her computer what not to do (like Windows XP's new firewall/security center). She should also be given free programs by her ISP, to help her secure her computer. If she truly can't understand how to read help files from XP, or install provided programs, I think it's fair to say that she should indeed not be using a computer. Why should everyone else suffer the negative consequences of her ignorance? Why should ISPs pay millions of dollars to solve a virus/spam/worm problem because a lot of computer users don't understand how to use their computer responsibly?

I'm certainly not suggesting that someone should physically take away her computer. I am suggesting that she shouldn't have (full) internet access if she can't understand the consequences.

Last edited by Dragonlich; 12-04-2004 at 02:10 AM..
Dragonlich is offline  
Old 12-05-2004, 06:09 PM   #6 (permalink)
Insane
 
trache's Avatar
 
He is the <i>former</i> director for the CIA.

He is nothing but a civilian with an (informed) opinion on the subject. He could advise the CIA on their future operations, but he can do nothing to put it into action directly.
__________________
"You looked at me as if I was eating runny eggs in slow motion." - Gord Downie of The Tragically Hip
trache is offline  
Old 12-05-2004, 08:30 PM   #7 (permalink)
Banned
 
... i have read the statement, and I have but one comment.

MS.. is.. Screwed
xerraire1 is offline  
Old 12-06-2004, 07:55 AM   #8 (permalink)
Psycho
 
vox_rox's Avatar
 
Location: Comfy Little Bungalow
Quote:
Originally Posted by Dragonlich
I'm certainly not suggesting that someone should physically take away her computer. I am suggesting that she shouldn't have (full) internet access if she can't understand the consequences.
Well, I still don't see how this has anything whatsoever to do with american national security. It wouls seem to me that as long as all government ans military computer installations, as well as publicly funded systems were all protected, then whatever else happens is moot. who cares if someones mother doesn't have a virus checker and ends up unwittingly sending malicious code here and there.

Besides, I think we're only speaking hypothetically anyway. There is no way that anyone, even the American government, could possibly put in place any type of logistics to accomplish what you are saying. Plus, Microsoft as the maker of the operating system, would also end up being liable in certain cases and there is no way that any pro-business gov't like the republicans would enter that realm.

Nope, the truth is, my mother, and milloins like her, will remain clueless, and the CIA, especially the FORMER CIA management, will not ever inact any form of public compliance of virus or firewall standards.

Now, working from the ISP perspective, there may be room to implement things at that point, but that is the furtherst down the chain such concepts will ever go.

Peace,

Pierre
__________________
---
There is no such thing as strong coffee - only weak people.
---
vox_rox is offline  
Old 12-06-2004, 08:23 AM   #9 (permalink)
42, baby!
 
Dragonlich's Avatar
 
Location: The Netherlands
Quote:
Originally Posted by vox_rox
Well, I still don't see how this has anything whatsoever to do with american national security. It wouls seem to me that as long as all government ans military computer installations, as well as publicly funded systems were all protected, then whatever else happens is moot. who cares if someones mother doesn't have a virus checker and ends up unwittingly sending malicious code here and there.
I care. Because that malicious code spreads to other computers, and these can be used in DDOS attacks, as has happened in the past. That option costs a lot of time and money, and can be stopped by proper security measures.

If you want a more dangerous scenario: Suppose your mother's computer gets infected with a virus written by a terror group. By this route, you get infected by this new and unknown virus. You happen to be a government official with access to sensitive information, and you happen to use a VPN connection to that computer. Using keyloggers, the terror group now has access to your computer's password, and access to that VPN connection.

Is this scenario likely? Nope. But if terror groups are as dangerous and hightech as some CIA guys claim (I don't think they are, by the way), then this will happen eventually. The goal is to go for the weakest link, and if that link happens to be your mother, so be it.

Quote:
Originally Posted by vox_rox
Now, working from the ISP perspective, there may be room to implement things at that point, but that is the furtherst down the chain such concepts will ever go.
I also think makers of operating systems will be "asked" to follow certain guidelines and safety protocols when designing their new software. The government could easily demand that any government-owned computer has to meet those regulations. Software companies are then pretty much forced to implement them, or lose a large customer.
Dragonlich is offline  
Old 12-06-2004, 08:36 AM   #10 (permalink)
Banned from being Banned
 
Location: Donkey
I think you should have a license in order to own a computer. Not necessarily operate, but own... this way SOMEONE in the household knows how to keep it updated and secure.

A test should be given to challenge the potential owner's knowledge in security, how to update the system, and other basic computer literacy questions.

If they don't pass, they don't get a license and can't own a computer: simple!

I'm serious, too.
__________________
I love lamp.
Stompy is offline  
Old 12-06-2004, 08:52 AM   #11 (permalink)
Upright
 
Location: Edge of the civilized world
Quote:
Originally Posted by Dragonlich
I think that's all fine and dandy, but have you considered the consequences? Suppose I were to exercise my right not to install a firewall and virus scanner, and as a result, I get infected with a worm that sends massive amounts of data to other computers, infecting them in the process (after all, they exercised their rights too). I would be criminally negligent, and should be held accountable for the results of me exercising my "rights".

I do not suggest that the government should be allowed to force you to install a certain program (no way!); I'm suggesting that the government can expect you to provide at least *some* protection. I'd say they can ask you install *a* firewall and *a* anti-virus program. They could probably go to the ISP for this, who can be legally required to provide such programs free of charge.

Now, if you still choose not to install such programs, it's your choice. However, any resulting damage is *your* responsibility too. I'd say a solution would be to force ISPs to remove internet access from computers that are spreading viruses, worms, spam, etc. Just like some companies are shutting down websites with illegal content. After all, when your (in)action results in damage to others, you are responsible for the results, and your damaging (in)activity should be stopped.
I agree with Dragonlich!
Everything in life has a consequence weather it be good or bad... and computing/internet surfing should be no different.

What Vox_Rox says is true to a point... the government/military systems are protected and monitered, but they utilize the very same web you and I use.
As such they can be and are under constant attack. This results in millions of tax payer dollars being spent on what Dragonlich has been trying to point out.
Common Sense Computing.... you don't get behind the wheel of a car without knowing a little something about it first... the same should apply to computers.
__________________
The Happy Pirate - AARRGGHH!!
DukeNukem4ever is offline  
Old 12-06-2004, 09:01 AM   #12 (permalink)
Psycho
 
vox_rox's Avatar
 
Location: Comfy Little Bungalow
Quote:
Originally Posted by Dragonlich
If you want a more dangerous scenario: Suppose your mother's computer gets infected with a virus written by a terror group. By this route, you get infected by this new and unknown virus. You happen to be a government official with access to sensitive information, and you happen to use a VPN connection to that computer. Using keyloggers, the terror group now has access to your computer's password, and access to that VPN connection.
Again, I have to say that this is not my mother's responsibility. I already stated that the most important thing is for government and military installations to be secure, anfd if they are no "terrorist" (gawd that word is overused!) is going to gain access to any info, VPN or not. And you, too, should protect your own computer. It's all a matter of taking control of your data, especially on the Internet.

Besides, even with some kind of standards or licensing, what makes you think that a computer from another country is not going to be able to send some malicious code around.

Now, both Stompy and DukeNukem4ever make good points about the cost of this kind of thing, and the chance of granting "lisences" and that sort of thing, but if you're worried about cost of governmentand and escalating bureaucracy, then issuing permits to operate a computer will be a nightmare of proportions never before seen. And I can tell you right now that OS developers, software developers, computer manufactures and computer retailers will fight that with ever lawyer who'll listen, especially when no one could possibly say with any certainty that it would do any good.

I still say that sensitive installations are the only ones who truly need this kind of protection, and I would hope that they already have it.

Peace,

Pierre
__________________
---
There is no such thing as strong coffee - only weak people.
---
vox_rox is offline  
Old 12-06-2004, 10:43 AM   #13 (permalink)
Getting Medieval on your ass
 
Coppertop's Avatar
 
Location: 13th century Europe
It comes down to this: what's more fun? Personal responsibility or the government regulating your life away?
Coppertop is offline  
 

Tags
cia, dumb

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 06:41 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360