...thread this is really bothering people.

Details of “Einstein” Cyber Shield Disclosed by White House (http://blogs.wsj.com/digits/2010/03/02/%E2%80%9Ceinstein%E2%80%9D-program-disclosed-as-us-cyber-shield/?blog_id=100&post_id=11601)

What? All of a sudden, spying on Americans is okay?

Spying on Americans by the government without a court order is not only wrong, but illegal. There's really not much more to add than that.

Spying on Americans by the government without a court order is not only wrong, but illegal. There's really not much more to add than that.
So, no demands the Obama administration be brought up on criminal charges?

So, no demands the Obama administration be brought up on criminal charges?Whom did he torture?

So, no demands the Obama administration be brought up on criminal charges?

What makes you think that criminal charges will not be brought up if this system violates the law?
I'm sure the ACLU is filing FOIA requests on this as we speak.

What makes you think that criminal charges will not be brought up if this system violates the law?
I'm sure the ACLU is filing FOIA requests on this as we speak.
I was speaking specifically of the lack of outrage expressed in this forum. It's a bit different than was experienced when it was thought the Bush administration was committing a similar "outrage."

Personally, I'm cool with this "Einstein" program.

I was speaking specifically of the lack of outrage expressed in this forum. It's a bit different than was experienced when it was thought the Bush administration was committing a similar "outrage."Like your "outrage" at Obama's doing the same thing Reagan did concerning a conflict between Argentina and the UK?

I was speaking specifically of the lack of outrage expressed in this forum. It's a bit different than was experienced when it was thought the Bush administration was committing a similar "outrage."

Personally, I'm cool with this "Einstein" program.

Actually, the fact that the government has come forward explaining what they were planning on doing in front of an audience of civilians who happen to be security specialists is the reason there's no outrage. Yet.

The article points out that the data is to be scrubbed of personally identifiable information, which basically gets rid of privacy concerns. The only part that makes me uneasy is that the DHS is in charge of that, and I want to hear more details about the oversight on that function specifically. Other than that, I don't see privacy concerns.

You also need to understand the context. Most cyber attacks come from machines that are zombied out. The extent of the investigation is to know what and where are those machines to be prepared for an attack from them.
There's really little interest on individuals, thus the reason you can conduct this type of investigation by scrubbing personally identifiable information.

I was speaking specifically of the lack of outrage expressed in this forum. It's a bit different than was experienced when it was thought the Bush administration was committing a similar "outrage."

Personally, I'm cool with this "Einstein" program.

I would like you to point out where any poster who decried these programs under Bush have suddenly expressed support for them on these forums.

Or perhaps you think posters should have to scour the web in order to expressly voice our distaste on every subject that comes up?

Actually, the fact that the government has come forward explaining what they were planning on doing in front of an audience of civilians who happen to be security specialists is the reason there's no outrage. Yet.

The article points out that the data is to be scrubbed of personally identifiable information, which basically gets rid of privacy concerns. The only part that makes me uneasy is that the DHS is in charge of that, and I want to hear more details about the oversight on that function specifically. Other than that, I don't see privacy concerns.

You also need to understand the context. Most cyber attacks come from machines that are zombied out. The extent of the investigation is to know what and where are those machines to be prepared for an attack from them.
There's really little interest on individuals, thus the reason you can conduct this type of investigation by scrubbing personally identifiable information.

ElNono, I know you know enough about security to have a good opinion on this program. In my mind, the government would be much better off hardening their systems than trying to find every zombot out there. What do you think? Systems are advanced enough to recognize DDoS attacks for the most part and prevent them, so I see no need to discover the source of each botnet, especially since another one would replace it soon enough...

Whom did he torture?

Good point! Although it's hard to pour water up someone's nose after you've shot a Predator drone missile into their house.

http://news.bbc.co.uk/2/hi/7847423.stm

"Four Arab militants were killed in the strikes, officials said. Their identities were not immediately clear but officials said one was a senior al-Qaeda operative."

At least they didn't put panties on his head.

"But officials told the BBC that the drone actually hit the house of a pro-government tribal leader, killing him and four members of his family, including a five-year-old child."

Move along. Nothing to see here...

Report: Drone Strikes Increased Dramatically Under Obama
http://pubrecord.org/world/5801/report-drone-strikes-increased/

"Since taking office, President Obama has sanctioned at least 41 Central Intelligence Agency drone strikes in Pakistan that have killed between 326 and 538 people, many of them, critics say, “innocent bystanders, including children,” according to a published report."

But, but, BUSH LIED! PEOPLE DIED! :rolleyes

Report: Drone Strikes Increased Dramatically Under Obama
http://pubrecord.org/world/5801/report-drone-strikes-increased/

"Since taking office, President Obama has sanctioned at least 41 Central Intelligence Agency drone strikes in Pakistan that have killed between 326 and 538 people, many of them, critics say, “innocent bystanders, including children,” according to a published report."

But, but, BUSH LIED! PEOPLE DIED! :rolleyes

Good point about the drone strikes, which brings up another valid point.

I believe Obama wanted to lessen the outcry about soldiers going to war. To do so, he's authorized more predator attacks, which of course lessens the risk of soldiers dying.

However, this backlashes in two significant ways. First off, less humans = less bonding with the local populace. Second, his base isn't just concerned about the deaths of soldiers, but about deaths of innocents IN GENERAL.

If humans go into war and kill indiscriminately, left-leaning voters will be pissed. They will be no less pissed off if soldiers are spared but predator drones instead are taking innocent lives.

If anything, his increasing use of predator drone attacks should garner him support from the RIGHT wing.

ElNono, I know you know enough about security to have a good opinion on this program. In my mind, the government would be much better off hardening their systems than trying to find every zombot out there. What do you think? Systems are advanced enough to recognize DDoS attacks for the most part and prevent them, so I see no need to discover the source of each botnet, especially since another one would replace it soon enough...
Agreed.

I find it rather dumb on the government's part that anyone can hack into their systems.

The article points out that the data is to be scrubbed of personally identifiable information, which basically gets rid of privacy concerns. The only part that makes me uneasy is that the DHS is in charge of that, and I want to hear more details about the oversight on that function specifically. Other than that, I don't see privacy concerns.

Bullshit.

It can remove the headers of an email, but what about personal information that can be in millions or random forms?

Please stop apologizing for them when you are one who attacks things similar under the Bush administration.

ElNono, I know you know enough about security to have a good opinion on this program. In my mind, the government would be much better off hardening their systems than trying to find every zombot out there. What do you think? Systems are advanced enough to recognize DDoS attacks for the most part and prevent them, so I see no need to discover the source of each botnet, especially since another one would replace it soon enough...

You can recognize DDoS attacks fairly quickly, but you also need to know in advance what part of the network you need to divert or shut down in order to stop them. If you don't know this beforehand, then you need to start guessing as the attack happens, you might just switch off large areas unnecessarily, and cause more damage in the process. This is not merely about protecting government systems, but the overall integrity and availability of the Internet.

I think it's time we start taking security seriously when it comes to the Internet, because we simply cannot pretend is not a vital part of our economy and everyday lives. The important part with these programs is disclosure and transparency. So far these people have been forthcoming with their intentions. I don't know that their entire program is or will be like that (I'm a tin foil hat wearer by nature), but what they've done so far indicates that at least they care enough about the issues to go public with them.

I find it rather dumb on the government's part that anyone can hack into their systems.

This is not about hacking into the government systems...

Bullshit.
It can remove the headers of an email, but what about personal information that can be in millions or random forms?
Please stop apologizing for them when you are one who attacks things similar under the Bush administration.

Please refrain from making comments if you don't know how the system works. Your complete oversimplification of what you think they're doing simply tells me you don't know what you're talking about.

And I'm not apologizing for anybody. What I've attacked the Bush administration for is the fact that they kept the entire system in the dark and that they sought to obtain actual personal information from it without a court order, which was, and still is, illegal. I said I still have reservations on part of this program, but you're just butthurt these people are actually doing it now by actually adhering to the law.

You can recognize DDoS attacks fairly quickly, but you also need to know in advance what part of the network you need to divert or shut down in order to stop them. If you don't know this beforehand, then you need to start guessing as the attack happens, you might just switch off large areas unnecessarily, and cause more damage in the process. This is not merely about protecting government systems, but the overall integrity and availability of the Internet.

I would hope that most government systems have this identified, though I am sure that a large amoutn do not. Sadly, the priority on security in most government systems seems weak. For instance, most bases I've been to don't have an IT security guy assigned. (Of course, many firewalls are now being managed at a regional level rather than base... but that just means if someone breaks in, they have access to ALOT more data.)

I'm actually semi-in-charge of a process at Hickam AFB to help harden the base network. It's quite a pain. :D


I think it's time we start taking security seriously when it comes to the Internet, because we simply cannot pretend is not a vital part of our economy and everyday lives. The important part with these programs is disclosure and transparency. So far these people have been forthcoming with their intentions. I don't know that their entire program is or will be like that (I'm a tin foil hat wearer by nature), but what they've done so far indicates that at least they care enough about the issues to go public with them.

I think the one thing protecting the internet is it's usefulness to many different varieties of people. This spreads the risk out to the world instead of one company/country.
I also wear a tin foil hat at times. I'm very skpetical about collecting info in any one place, regardless of the benevolent intentions.

I would hope that most government systems have this identified, though I am sure that a large amoutn do not. Sadly, the priority on security in most government systems seems weak. For instance, most bases I've been to don't have an IT security guy assigned. (Of course, many firewalls are now being managed at a regional level rather than base... but that just means if someone breaks in, they have access to ALOT more data.)

I'm actually semi-in-charge of a process at Hickam AFB to help harden the base network. It's quite a pain. :D


I feel your pain. :D
Truth be told, I think entities are just now starting to realize the actual problem domain. There's much more than deploying mere firewalls or antivirus. When what you're protecting is valuable enough, you enter in a completely different arena. Social engineering is used just as much as hacking to penetrate large and well protected interests. Ultimately, once your weakest link falls, you're in deep shit. Without going into much detail, actual risk assessment on those weak links becomes very valuable, and sometimes as important as the surrounding security.


I think the one thing protecting the internet is it's usefulness to many different varieties of people. This spreads the risk out to the world instead of one company/country.
I also wear a tin foil hat at times. I'm very skpetical about collecting info in any one place, regardless of the benevolent intentions.

Well, yeah, that's the key here. Is this a passive or active tap? There are quite a few good devices out there that can do passive taps and scrubbing for what they intend to do. Then again, going public gives them credibility as to their efforts to be transparent and compliant with the law. I'm sure the ACLU is going to file FOIA(s) anyways, so hopefully we'll know one way or the other.

I feel your pain. :D
Truth be told, I think entities are just now starting to realize the actual problem domain. There's much more than deploying mere firewalls or antivirus. When what you're protecting is valuable enough, you enter in a completely different arena. Social engineering is used just as much as hacking to penetrate large and well protected interests. Ultimately, once your weakest link falls, you're in deep shit. Without going into much detail, actual risk assessment on those weak links becomes very valuable, and sometimes as important as the surrounding security.

Agreed. The military does a semi-decent job of warning about the dangers of social engineering. (Mainly because OPSEC is a culture in the military, which is the most effective way to prevent social engineering.) However, you and I both know that the more steps you put into a process to prevent security risks, the more likely they will be ignored. Did anyone pay attention to Vista's warning screens after they came up for everyday tasks? Heck, I bet the majority of people don't even check their cars when they alarm.

And of course, the security of people involved in governement communications facilities is maintained by their clearance, which is reviewed every 10 years for Secret and every 5 for TS.


Well, yeah, that's the key here. Is this a passive or active tap? There are quite a few good devices out there that can do passive taps and scrubbing for what they intend to do. Then again, going public gives them credibility as to their efforts to be transparent and compliant with the law. I'm sure the ACLU is going to file FOIA(s) anyways, so hopefully we'll know one way or the other.

Hey, you and I are both hoping for the best. :) But we both know that deep packet inspection can be an insidious beast. I just see what the NSA did with that data (and the complete lack of accountability for it) and shudder. :)

Agreed. The military does a semi-decent job of warning about the dangers of social engineering. (Mainly because OPSEC is a culture in the military, which is the most effective way to prevent social engineering.) However, you and I both know that the more steps you put into a process to prevent security risks, the more likely they will be ignored. Did anyone pay attention to Vista's warning screens after they came up for everyday tasks? Heck, I bet the majority of people don't even check their cars when they alarm.

And of course, the security of people involved in governement communications facilities is maintained by their clearance, which is reviewed every 10 years for Secret and every 5 for TS.

One thing I learned over the years: There's always a weakest link. Once you come to that realization, you better start looking what it is, and the risk associated with it.


Hey, you and I are both hoping for the best. :) But we both know that deep packet inspection can be an insidious beast. I just see what the NSA did with that data (and the complete lack of accountability for it) and shudder. :)

100% agreed. Ultimately, my hope is that there are actually technically capable people behind this. Oversight is the only thing that will ensure that's the case. This system *will* have a weak link, so I hope it's identified and it's risk assessed. Now we've come full circle. :D

100% agreed. Ultimately, my hope is that there are actually technically capable people behind this. Oversight is the only thing that will ensure that's the case. This system *will* have a weak link, so I hope it's identified and it's risk assessed. Now we've come full circle. :D

Cheers! :toast

...thread this is really bothering people.

What? All of a sudden, spying on Americans is okay?

yoni gets the pulse of the nation based on the threads created and/or commented on by the handful of regulars that post in the politics forum of ST.com.

"All of a sudden, spying on Americans is okay"

:lol :lol :lol

dubya's Exec spied on Americans, deputizing/immunizing telcos and network operators, but that's OK with yoni.

But when that abuse of power and violations of law are by a Dem Exec, yoni's concerned. :lol