Security Through Begging

from the even-better-than-security-by-obscurity dept

Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single. It's only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems -- so that the next time this happens, there won't be anyone on the network to download such documents. Beyond the fact that this is unlikely to have any effect (at all) on file sharing in Japan, it has nothing to do with the actual security breach. It wasn't the use of a file sharing system that was to blame here, but the security setup that allows an outside contractor to hook up his personal computer to the power plant's network without doing any kind of security check whatsoever to see if (a) his computer has malware or (b) his computer has file sharing software -- while leaving top secret documents available for his computer to access. If this is how government officials react to such leaks (taking forever and completely missing the root cause of the problem, while suggesting a solution that is impossible to implement), it's almost amazing that such leaks didn't happen sooner.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Kyle Youngblood, Mar 16th, 2006 @ 4:10am

    Were is the IT's at

    Just like any Network your have to have someone running it. What is this guy/gal doing to keep these computers from getting on the Network. Does not seem like much other then tell them not to do it, you can see how long that lasted. If your going to implement the idea to not use file sharing, that is going to hard. I see that if they let any computer hook up to the network then they could easy have there system hacked long before this happend. If they are not going to take the time to keep the network system safe then why are they complaning about the leaks. Seem like they need to go there job and not complain about there lack of quaified IT's

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Grammer N@zi, Mar 16th, 2006 @ 6:34am

      Re: Were is the IT's at

      Just like any Network your have to have someone running it. What is this guy/gal doing to keep these computers from getting on the Network. Does not seem like much other then tell them not to do it, you can see how long that lasted. If your going to implement the idea to not use file sharing, that is going to hard. I see that if they let any computer hook up to the network then they could easy have there system hacked long before this happend. If they are not going to take the time to keep the network system safe then why are they complaning about the leaks. Seem like they need to go there job and not complain about there lack of quaified IT's


      Pleaze sine op four mor C0re 3nglish callouses next simester!

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    ?, Mar 16th, 2006 @ 4:19am

    This is bound to work.

    Everybody knows that people will not do bad things if you just ask. Just look at Sadam! We spent 20 years asking him to behave, and he did. That is why our war in Iraq is completely unjustified.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      You R an Idiot, Mar 16th, 2006 @ 5:05am

      Re: This is bound to work.

      "We spent 20 years asking him to behave, and he did." Saddam did no such thing. He spent from the day Gulf War I ended, until the day the US invaded in GW II thumbing his nose at the free world violating every sanction that the UN Security Council wrote (BTW, the UN was making billions, while he was at it).

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Nohe Isnot, Mar 16th, 2006 @ 5:12am

        Re: Re: This is bound to work.

        Ummm... I think someone failed to detect someone else's irony.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          knucklehead, Mar 16th, 2006 @ 6:24am

          Re: Re: Re: This is bound to work.

          Nohe wrote: "..failed to detect someone else's irony."

          Not to get too off topic, but nobody really seems to care what the orginal topic was. Was that irony or sarcasm?

          If you're going to rip on someone, at least rip on them for the right reason. Hey, I guess this is related to the orginal topic after all! A good example of finding the wrong root cause. Boy am I good....

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            nismoto, Mar 16th, 2006 @ 8:33am

            Re: Re: Re: Re: This is bound to work.

            "If you're going to rip on someone, at least rip on them for the right reason."

            I think he/she did. Where did you get your education?

            i·ro·ny (ī'rə-nē, ī'ər-) n., pl. -nies.
            1. The use of words to express something different from and often opposite to their literal meaning.
            2. An expression or utterance marked by a deliberate contrast between apparent and intended meaning.
            3. A literary style employing such contrasts for humorous or rhetorical effect.
            4. Sarcasm, by definition, is a form of irony.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        annoyed at you, Apr 17th, 2006 @ 3:38am

        Re: Re: This is bound to work.

        you missed the sarcasm. This person wasn't serious. If you've already made up your mind that everyone else is an idiot then you will often jump to the wrong conclusion and hence end up looking like one yourself.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 16th, 2006 @ 6:41am

      Re: This is bound to work.

      Agreed!

      For Internet security, this already exists for traffic which complies with RFC 3514.

      Firewalls [CBR03], packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. The problem is that making such determinations is hard. To solve this problem, we define a security flag, known as the "evil" bit, in the IPv4 [RFC791] header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Jason, Mar 16th, 2006 @ 9:13am

      Re: This is bound to work.

      You have got to be kidding me! Granted, Saddam did not have weapons of mass destruction, however... to say he behaved shows a complete lack of understanding on your behalf. It was obviously NOT your mom, sisters, girlfriend or wife that was being habitually raped by his men. It was obviously NOT your family that lies in the mass graves that keep turning up. Woe be to America if you teach your children that this kind of thing is acceptable behavior.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        tinasmit, Mar 16th, 2006 @ 9:20am

        Re: Re: This is bound to work.

        and how do you know that the american soldiers over there aren't doing the same thing?

        basically, i don't fully believe anything unless i see it firsthand.

        the media is not exactly a trustworthy source of information, to put it delicately.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Clueless, Mar 16th, 2006 @ 9:57am

          Re: Re: Re: This is bound to work.

          I believe it after I see it on the internet ... there is no false information on the internet....

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 17th, 2006 @ 1:06am

      Re: This is bound to work.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Khurt Williams, Mar 16th, 2006 @ 5:10am

    Incompetent

    It never ceases to amaze me that despite all the sage advice of security professionals that it is the poeple in power to implement the recommendations who completely miss the point.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Rikko, Mar 16th, 2006 @ 10:28am

    We're arguing about Iraq now?

    Wow, out comes the Techdirt lowest common denominator.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ironaq, Mar 16th, 2006 @ 12:43pm

    Next up, NAZIS~

    ....end of thread...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    cdb, Mar 16th, 2006 @ 2:59pm

    job

    It's "Dad I need a job. Can you get me in as IT manager at the plant ?" "Sure son. What did you go to college for ?"

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Andrew Schmitt, Mar 16th, 2006 @ 6:08pm

    Huawei Isn't Stupid

    This is one of many reasons why when you visit Huawei in China (and increasingly, other companies), you are told that no electronic devices can be brought inside, with the exception of customer meeting areas. If you are a tech, and must enter a lab for debug, your laptop ports are literally taped shut with security tape that indicates removal and re-attachment. This is of course, only after you have obtained the 5 signatures required to get your laptop through the door.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This