August 17, 2005
Oregon governments lead nation in welcoming open source
Between Oregon State University's Open Source Lab, and the hosting of latest GOSCON (Governmental Open Source Conference), things couldn't be better for the state of Oregon. But it does get better.
Apparently the State has recently published a white paper documenting how they use Asterisk to run 500 conference calls a week. The join Portland's regional area government, Metro, in governmental institutions that use Asterisks.
Will our local or regional government(s) actually hear the call and come a-running? I doubt it but one can always hope.
Via Slashdot
Posted by darkmoon at 09:05 PM | Comments (0) | TrackBack
August 15, 2005
TSA looking to opt-out of Congressional oversight for Secure Flight
DHS is looking for some senator to front a bill that would allow the elimination of congressional oversight of the Secure Flight program. This is brought up after GAO found that TSA's Secure Flight plans broke nine of ten congressional criteria.
This would also allow use of commercial data (ie. passenger lists) even though previous bills have not used such due to the findings that it is not effective.
While on the subject of law breaking, TSA also deleted some three million personal records used in Secure Flight testing (of which they were not allowed to beforehand). Upon the deletion of these records, they have violated the Privacy Act.
So in summary: TSA is looking to use a senator as a loophole instead of fulfilling criterias set by Congress. These guys probably never learned to play by the book back in elementary school.
BruceSchneierBruceSchneier < Wired
Posted by darkmoon at 07:03 PM | Comments (0) | TrackBack
July 31, 2005
The incompentency of governmental IT
I will say that the Information Technology staff that I have "heard" about in most governments could probably be compared side-by-side to the Australian IT staff (management included.)
But this is the exact reason I have despised many-a-IT staff member for their incompetency by flinging around certifications like they actually meant something. Usually these are the same numbskulls that have never touched a linux box in their life, don't know what CLI means, think open-source software means no support, and are paid somewhere between 50k-100k for technical fervor equivalent to a wet blanket.
And you ask, why all this animosity? Case in point. Slashdot posts that eighteen AIX servers from the Australian government were not wiped, with ALL financial, payroll and other records still intact, along with backup tapes. All this for fourteen US dollars a server.
While most geeky people would just laugh at the government for such a stupid mistake, I point my finger at the IT management and staff for blame. Why? Management should know better. I have never liked technical positions managed by a bunch of suits that couldn't tell you what the difference between RAM and ROM was. IT staff should get fired for not knowing better to security wipe those AIX servers. Backup tapes were given? They should have gone to a secure waste disposal facility.
Harsh? Perhaps. But Information Technology has been long overdue for a change in the ranks. As we push further into the Information Age, those that are not willing to look for alternative solutions and be open to all solutions need to be filtered out. IT is not an easy money field as most tend to think. Then again, you could always act like the Australian IT guys.
Posted by darkmoon at 10:35 AM | Comments (0) | TrackBack
July 25, 2005
SecureFlight: GAO says TSA disregarded law of Congress
GAO still remains the top dog in my book for best government agency that actually does some good great work. Bruce Schneier goes over the latest GAO report on how the TSA has blatantly disregarded the law of Congress and turned a simple plan for Secure Flight back into the complex monster that it was not supposed to be.
Via BruceSchneier
Posted by darkmoon at 11:42 PM | Comments (4) | TrackBack
July 12, 2005
Homeland Security chief has no clue about "security"
Security expert Bruce Schneier wrote today about Scott Henson's response to Homeland Security Chief Michael Chertoff. In it, Henson tells of how Chertoff says the United States needs to invest in security cameras and police dogs to deter terrorism.
Then the counterpoint begins with how security cameras are abused, they don't reduce crime and how they didn't stop the atrocities in London or Atlanta.
Could be just me, but sounds like the chief of Homeland Security doesn't seem to have a clue about how to protect the Homeland.
Posted by darkmoon at 09:57 AM | Comments (0) | TrackBack
June 07, 2005
FBI conducts Feasibility study for Project Sentinel
FBI conducts feasibility study to outsource Project Sentinel. This is the software that they couldn't write after using over $100 million of taxpayers money and received intense criticism for it. Now they're searching for a contractor.
Personal note: Government inefficiencies, but come on. Give it to Carnegie Mellon's Computer Science Department and have them do it for a $10 million grant. I bet some freshman could write that from ANY Computer Science department if they were bright enough. This is a ridiculous waste of money. You know what else is amusing? I'm willing to bet NO ONE GOT FIRED.
Posted by darkmoon at 08:53 PM | Comments (0) | TrackBack
May 19, 2005
Government has shoddy wireless security
The GAO has found that nine of twenty four major governmental agencies have not released wireless-security plans and of the six agencies tested, the WiFi signals were not masked (meaning they were broadcasting SSIDs probably) and there was evidence of unauthorized activity as well on all six tested networks.
Personal note: Did you expect anything else from the government? I've heard stories that would make most system administrators cringe on the shoddy IT policies and staff within the government.
Posted by darkmoon at 12:37 PM | Comments (0) | TrackBack
May 16, 2005
National ID Card: Learn from Japan's mistakes
Joi Ito has been reappointed to the Yokohama Committee for the Protection of Identification Information. Basically, this Committee allows citizens to opt-out of being within the database where they are currently pushing a National ID system.
Also, my main concern has always been the risk of the data being collected and abused OUTSIDE of the core network and these issues have not been addressed. There have been some fraudulent cards, but major crimes have not been committed. I warned that this is because barely anyone is using the network. If the government comes up with some useful application for the ID system, I'm sure fraud will increase. I also pointed out that at this level of usage, it can't be making any financial sense for the local governments who have installed and are running the system. Yokohama is one of the largest cities, but in small towns, there are still only dozens of users. I added rather bluntly that considering the cost and the potential risk because of the ill-conceived architecture, I still think they should shut the whole thing down and start from scratch building something useful using modern privacy technology to address specific needs rather than continue to use this expensive and pointless system.
It is unfortunate that in the wake of 9/11, the United States treads down the same path that Japan is already on. Will we learn from others' mistakes or could we reinvent the wheel?
Via JoiIto
Posted by darkmoon at 10:37 AM | Comments (0) | TrackBack
May 11, 2005
RealID passes Senate 100-0.
RealID passes the Senate 100-0. It's pretty obvious that the senators in my state, never read my fax. The National Governor's Association is considering a lawsuit to challenge the RealID provisions, mainly because it requires states to comply to a federal mandate (HR 1628), without providing any monetary help. Currently, the NGA is looking for at least half of the governor's to agree that they're not standing for these provisions.
Personal note: Say goodbye to whatever rights we did have. This along with Rosum's new prototype technology allows Big Brother to covertly track citizens anywhere at any time. People often tell me, "I have nothing to hide." It's a matter of freedoms being squished out of existence.
Posted by darkmoon at 12:31 AM | Comments (2) | TrackBack
May 09, 2005
More perspective on RealID
More perspective and in-depth analysis from Bruce Schneier on RealID. Definitely a worthwhile read to understand what RealID is about and how it doesn't work from a security analyst's perspective.
Via Schneier
Posted by darkmoon at 11:44 AM | Comments (0) | TrackBack
Less than 48 hours before the US might as well be Communist with RealID
Less than 48 hours away and RealID has not even been debated by the Senate, much less been read by many of the senators. Political analysts are saying that this will probably breeze through the Senate without another eye looking at it... unless we do something bout it.
Fax your comments to your senators on RealID. Let them know that we want to be Land of the Free, and not Legend of the Free. National ID cards have been tried in many nations and is primarily only working in China.
Do your part and help stop the insanity of RealID before it befalls all Americans.
Posted by darkmoon at 01:59 AM | Comments (0) | TrackBack
May 08, 2005
Vonage getting sued by another uneducated state
Connecticut jumping on the bandwagon for a lawsuit against Vonage after the state of Texas tried to bust the VoIP corporation for not providing 911 services (we spoke about it here). After seeing the screenshots that AuntySpam took, you would definitely wonder where these Attorney Generals get the information for these lawsuits. For a corporation that isn't ALLOWED on the telco corporation networks because the Bells don't allow them on the E911 services, they have done everything in their power to provide this service.
HOODWINKLES I say! HOODWINKLES!
Posted by darkmoon at 02:39 PM | Comments (0) | TrackBack
May 05, 2005
After millions of dollars are spent on the war on terror...
Glenn Reynolds (Instapundit) speaks of the government's inability to get things completed:
WE'RE AT WAR AGAINST TERRORISTS, and the Oklahoma City bombing case is still unimpressive ("FBI agents searched the Herington home on March 31. Officials said agents found blasting caps and other explosive materials, apparently related to the 1995 attack, buried in a crawl space that hadn't been checked earlier." Good work guys -- missing explosives for ten years that had been hidden in a house they had already searched!). This makes me wonder if the agents looking for Al Qaeda sleeper cells might not need some additional resources -- and some remedial education. But instead, the Justice Department is devoting additional resources to stepping up obscenity prosecutions?
Someone tell Gonzales that there's a war on.
Via Instapundit
Personal note: That REALLY scares me. Why? As a taxpayer, we expect that we are paying top dollar for the best available protection from terrorism. Unfortunately, this type of news seems to point at the scenario of paying top dollar for mediocre to poor protection. Perhaps the GAO (Government Accountability Office) needs to get involved and stop the funding of these agencies that seem to have a hole in their pockets but keeps at the poor performance category.
Posted by darkmoon at 11:11 AM | Comments (0) | TrackBack
April 05, 2005
FBI crack WEP key in 3 minutes
FBI demonstrated at an ISSA (Information Systems Security Association) meeting recently that it is possible to crack a WEP key in three minutes.
Personal note: NOW? WEP key cracking has been simplistic for ages. What's even more amusing is that they did the three minute crack by kicking off an authorized user from the network to collect the packets. They might have gotten into the network in three minutes, but with that many reauthentications from the authorized user, that would red flag to any system administrator. BAD way to hack. First rule of hacking: if you're going to break into a network, make sure that you're not detected. Idiocy.
Then the FakeAP gimmick was stupid also, since by the screenshot, I can eyeball which was a good network. FakeAP is a fun program, but if you don't name the fake access points well, it chooses names and keeps throwing out similar ones. A better way is to create evil twin effects with a hostapd. Note that they're using a GUI also, even though kismet and all wireless cracking tools are written in CLI. Obviously, speed is not an issue with the government and they're not in tune with the hacker criteria of having console windows. Looks like KDE in fact. Ew.
Only thing that I can claim at least the FBI do get somewhat. They used Linux.
Posted by darkmoon at 03:07 PM | Comments (0) | TrackBack
March 29, 2005
Schneier's analysis of the GAO report on Secure Flight
Schneier has an analysis of the GAO report on Secure Flight. Some interesting points to note in the report:
Via Schneier
Posted by darkmoon at 06:14 PM | Comments (0) | TrackBack
March 28, 2005
Dept of State plans to tag all new passports with RFID
The United States Department of State is looking to tag all new passports with RFID. The information contained on the RFID will be the same information in your passport.
Terrorists won't even have to look for US citizens now.
Update:
Bill Scannell says:
I don't expect my country to actively protect me when I am abroad, but I do expect it to not put me actively in harm's way. I don't need a beacon that is an advertisement for my potential victimhood, "Look, over here, an American! Need cash? Credit cards? Want to make a splashy political statement for the news? Act now!"
Personal note: Talk about technologically clueless people pushing technology.
Posted by darkmoon at 04:05 PM | Comments (2) | TrackBack
Schneier says it: TSA lied
The Acting Inspector General of the TSA wrote that the agency misinformed individuals (media and Congress) during 2003 and 2004. Schneier includes both documents of the report by the Inspector General, and the report by the Government Accountability Office on how TSA has NOT met the criteria set by Congress to pursue SecureFlight.
Apparently TSA doesn't care.
More on SecureFlight here.
Personal note: I have to admit. Of all of the governmental offices lately that are riddled with inconsistency and inefficiency, I have great respect for the GAO. I'm sure they operate like any other governmental office, but they're the only ones that have actually gone out and said: You said you'd play by these rules, you didn't, here's why. So far, GAO has no issues with taking on big dogs like the CIA, TSA, and other departments. Good for them.
Posted by darkmoon at 03:38 PM | Comments (0) | TrackBack
March 25, 2005
Some Silliness of SSI
Needless to say, SSI (Sensitive Security Information) is a very needed and useful thing, especially after the disastrous events of 9/11. But overclassification has thrown our government into a tailspin of trying to cover-up public records.
Ever since Sept. 11, 2001, the federal government has advised airplane pilots against flying near 100 nuclear power plants around the country or they will be forced down by fighter jets. But pilots say there's a hitch in the instructions: aviation security officials refuse to disclose the precise location of the plants because they consider that "SSI" -- Sensitive Security Information.
"The message is; 'please don't fly there, but we can't tell you where there is,'" says Melissa Rudinger of the Aircraft Owners and Pilots Association, a trade group representing 60% of American pilots.
Determined to find a way out of the Catch-22, the pilots' group sat down with a commercial mapping company, and in a matter of days plotted the exact geographical locations of the plants from data found on the Internet and in libraries. It made the information available to its 400,000 members on its Web site -- until officials from the Transportation Security Administration asked them to take the information down. "Their concern was that [terrorists] mining the Internet could use it," Ms. Rudinger says.
Personal note: What I find the most amusing is that terrorists would not go and call up a government official to find out where whatever they're seeking lies. The first source would definitely be a public library, or the Internet.
So, as proven by AOPA that the information is very easily researched from public sources and the Internet, what's to stop terrorists (if they were going to anyways) to do the same?
Also, if the government starts tightening the ropes on public information/records, then where does it end? Will the solution be eventually setting up a Ministry of Information like China to filter all information and censorship based on SSI?
There are so many questions, but not very many answers. However, in this particular case, common sense rules.
Posted by darkmoon at 07:28 PM | Comments (0) | TrackBack
March 23, 2005
Texas AG suing Vonage over 911 service
Texas attorney general is suing Vonage Holdings Inc. over their lack of 911 service. Or at least the fact that you have to set it up.
Personal note: I have to agree with the Engadget staff. When I signed up for Vonage service a long while ago, I was berrated by emails and other forms of service notices (snail mail) on setting up my 911 service online. If I'm not mistaken, there is even a huge warning letter in the box itself that I received. What the Texas attorney general is accusing (of Vonage not having adequate warnings for setting up 911 service, just does not exist.
The only bad thing about Vonage - 911 is routed through a generic call center that does not have your current location unless you provided it via the Vonage site beforehand. This is because the current E911 system is controlled by the regional telecom in the area, and everyone knows that they aren't willing to play nice with current VoIP carriers (even though they have been edging their way into this niche market also).
Posted by darkmoon at 03:44 PM | Comments (0) | TrackBack
Government in midst of scrapping E-Rate program
While E-Rate has been mismanaged (pulled in $14.6 billion a year, but schools and libraries only received $9.2 billion), certain members Congress has decided that this program isn't worth pursuing anymore and are looking to pull it to help the whole tax refund bit. E-Rate was the 1996 program that took surcharges on phone bills and converted them into funding to get schools and libraries online.
Posted by darkmoon at 03:27 PM | Comments (0) | TrackBack
Social Engineering and the IRS
Apparently, over one-third of IRS employees happily provided their usernames and changed their passwords at the request of Treasury Department inspectors that posed as computer technicians.
Personal note: Schneier recommends two-factor authentication. I happily agree, although biometrics would work splendidly also. Everyone knows that the government's IT department is sorely some of the skills that corporate procedures introduce. Interesting that despite this, there hasn't been more information theft. Hopefully someone is wising up to the internal government report by the Treasury department.
Posted by darkmoon at 03:05 PM | Comments (0) | TrackBack
March 08, 2005
U.S. Justice Department chooses Corel over Microsoft
Could Microsoft be losing their grip on the government? The Department of Justice has chosen Corel for the next five years to provide business software to certain divisions of their department. The deal is worth up to $13.2 million to Corel.
Back in the day, Wordperfect was Goliath and Microsoft held David. In the current age, the positions have switched. Perhaps it's almost time for another changing of the guard.
Via Slashdot
Posted by darkmoon at 12:40 AM | Comments (0) | TrackBack
February 17, 2005
Government Agencies still get bad computer security ratings
US government agencies are still getting bad computer security ratings.
...seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks.
Scary how these are the agencies in charge of making our Internet safer. Obviously they only practice the "do as we say, not as we do".
Via CNN
Posted by darkmoon at 05:29 PM | Comments (0) | TrackBack
February 11, 2005
Government says that your fingerprints expire
This goes to show that some government workers lack a bit of competency and common sense. Apparently Karl's fingerprints have expired with the United States Customs and Immigration Services.
Posted by darkmoon at 11:05 AM | Comments (0) | TrackBack
February 05, 2005
Hacking the FBI public e-mail system
There was a hacking of the FBI public e-mail system. Non-sensitive information comes across that system for press releases and other information that the government agency uses to communicate to the public. Another backlash of bad management as the agency deals with many critiques of waste in upgrading their computer systems.
Posted by darkmoon at 12:46 AM | Comments (0) | TrackBack
January 21, 2005
Government employees used diploma mills?
Diploma mills? Government? Should I be scared? And I thought I was a slacker in college.
Agencies tasked with defending America from terrorism were among the top employers of workers with phony diplomas identified by the GAO. The Department of Defense employs 257 of them. Transportation has 17. Justice has 13; Homeland Security, 12; Treasury, eight.
Read on at Instapundit to get the full story.
Posted by darkmoon at 03:12 AM | Comments (0) | TrackBack
January 19, 2005
FCC looking into Olympic indecency due to 9 complaints: Greece PO'd
FCC is sticking their noses where it should not be... AGAIN. Apparently there is an indecency issue with the Olympic broadcast and the government agency asked NBC for the tapes. All of this because of nine complaints out of the 3.9 billion viewers globally. Greece is somewhat annoyed with this, and has every right to be. Really FCC... the Greeks created the Olympics.
From the commentary by Gianna Angelopoulos-Daskalaki (President of the Athens 2004 Organizing Committee for the Olympic Games):
Don't punish NBC or Greece for accurately portraying Greek culture in your living rooms.
Some idiocy in judgment? You decide.
Posted by darkmoon at 02:44 PM | Comments (0) | TrackBack
California seeks to ban the Internet
In a brilliant move by California state senator Kevin Murray, a proposal was put on the table consisting of a state version of the federal INDUCE Act. BoingBoing puts is so well here. While we're at it we should ban blogging, meat, and Hollywood and all sing around a campfire. Obviously Mr. Murray's REAL reason is to turn Silicon Valley into a wasteland, and start a new super secret cult of luddites. Arnold should really terminate this guy.
...a law that proposed to make the very Internet itself illegal, for it bans producing, selling, offering, descirbing or building a network that can be used to share files unless "reasonable care" is taken to ensure that the files shared won't infringe upon copyright. This, of course, includes email, IM, Web-browsers, and every other tool for exchanging data on the Internet. Nice one, Kevin!
Posted by darkmoon at 11:56 AM | Comments (1) | TrackBack
January 18, 2005
Big Brother can now track you by GPS with no court order
Engadget reports:
...last week’s ruling by a New York judge that it’s okay for cops to plant GPS units on people they want to tail, without getting a court order or notifying the suspect.
Can we expect a Supreme Court ruling on this soon? Next thing you know, we are going to be living 1984.
Posted by darkmoon at 11:17 AM | Comments (0) | TrackBack
January 15, 2005
Trending to 2020
The National Intelligence Council has posted an amusing interactive tool that shows future world trendings. Mapping the Global Future, is an interesting read although it states some obvious truths about current technologies and the technological battlefront.
The International Futures model is now available for public play.
Personal note: Since I have little strength in the socio-economic realm, I'll pursue the issues with this project from a technological standpoint. 1) I hope that we (taxpayers) didn't spend a lot of money to produce a website that was written in Microsoft's ASP, which looks like a kindergartener designed it. 2) Knowing that if that modeling system was written in PHP, that would have taken about 2 weeks maximum to pull off, I truly hope it wasn't similar to the FBI 4 year scenario for their piece of software mentioned here.
Posted by darkmoon at 12:03 PM | Comments (0) | TrackBack
FBI retires Carnivore
SecurityFocus tells of the FBI retiring Carnivore, a customizable packet sniffer that is part of the Dragonware suite. Written in 1999, it was the third generation of packet sniffers, with the previous one called Omnivore in 1997. The first generation is thought to be based off a well-known commercial program called Etherpeek.
A Windows NT/2000 system base, documents have been shown that the FBI has not used this tool in 2002/2003 at all and in place used a undisclosed commercial piece of software.
Carnivore itself has been the hot topic for a number a years, due to the nature of infiltration of privacy, and how the FBI could use this tool alongside the 2001 PATRIOT ACT that is stated by the Security focus article:
Under section 216 of the act, the FBI can conduct a limited form of Internet surveillance without first visiting a judge and establishing probable cause that the target has committed a crime. In such cases the FBI is authorized to capture routing information like e-mail addresses or IP addresses, but not the contents of the communications.
Personal note: While this is interesting, Carnivore has been side-stepped by hackers of many generations for better tools (all Unix based). My question is: Will the rest of the Dragonware Suite be retired, and what commercial software is the replacement? Perhaps there's a new version of DIRT by Codex Data Systems that is being used.
Posted by darkmoon at 11:18 AM | Comments (0) | TrackBack
January 13, 2005
After 4 Years and $581 million, FBI software might not work
After 9/11, FBI took great pains to chase after some software to share information so that there wouldn't be information that would fall through the cracks anymore. Unfortunately, after $581 million dollars, and 4 years of working on this software project: it just plain might not work.
Now, it has taken steps to solicit outside contractors.
Yahoo covers the bitter news, while Slashdot hammers it home.
Personal note: Half a billion dollars? We could have bought some armor for our troops in Iraq with that money. An academic program would have dropped dead at a grant like that, and any computer science program could have written that program for you in their sleep. Makes you wonder who the heck the FBI hires internally to write this software. Waste is expected from a government source, but after half billion dollars, and it doesn't work, obviously you need to 1) give the money to someone that knows how to do things the first time or 2) train your employees to write software.
Posted by darkmoon at 10:55 AM | Comments (2) | TrackBack
January 10, 2005
FCC can't count when it comes to broadband
CNET's Declan McCullagh writes that although the figures seem to show that the US is trailing in broadband connectivity, the FCC's findings that 94.3% of Unites States zip codes have broadband.
While Slashdot chewed on it, Obviously the FCC's got low-income housing covered so I won't need my 501(c)(3) anymore. Wait a minute...
Posted by darkmoon at 08:44 PM | Comments (0) | TrackBack