Posts by BigBear

Re: What is Raytheon's problem?

Absolutely correct! Taking classified material off-site is generally illegal, unless you are individually authorized to do so, sign the particular documents out, have a secure container in which to transport them that is locked to your body, and have a certified secure facility to which to bring them and store them in an approved safe that is secured to something considered immovable. Barring that, you'd need to be accompanied by armed guards.

The fact that Raytheon allowed any external storage device to function on any PC with access to classified material is a huge breach of national security. Raytheon should be fined $ billions for this.

The fact that their servers logged accesses to classified document is a minimum requirement. The fact that there were no alarms when a single user downloaded many thousands of documents is unacceptable. The fact that Raytheon allowed employees or contractors to leave the premises with any type of external storage device — given that external storage devices actually function on their PCs — is outrageous.

One additional reason why the guy may have gotten such a light sentence is Raytheon's complicity — they made it so easy and their policies and procedures were so lax.

I’m not a lawyer, but there's a principle of causation in law that asks a question or makes a statement that starts with "But for...". Here, it could be, "But for Raytheon's violations of standard DoD security regulations, this document removal could never have happened." That doesn’t change the guy's guilt, but it makes Raytheon guilty as well.

Re: Magnesium

I know nothing of the incident about which you wrote. However, magnesium salts and magnesium alloys do not behave as does pure metallic magnesium, and are almost as light. It would be truly foolish for the US Navy to build any parts of a ship out of pure, or nearly-pure, metallic magnesium — a material that can ignite and be extremely difficult to extinguish.

Re: Well that's embarrassing

According to my read of the story, if any one or more individual employees are loaned that much for a bicycle and bike safety equipment (helmet, reflector vest, knee pads, elbow pads, ...), then the rule applies. Most employees may opt for far less. All it takes is one.

Re: "...elevating the alignment between security professionals and law enforcement."

Counties are not sovereign in the US. States are sovereign. The state court system set this up. It was a test of the state court's security. Therefore, the break-in was to a state court building, not a county or municipal court building.

It may have happened in the sheriff's physical jurisdiction, but he doesn't get to just make up law as he goes along, as much as he may like to. He had no legitimate authority to arrest those guys as soon as he learned that they had permission from the building's managers — the state court system.

The sheriff was probably upset that he wasn't in the loop, so he threw a tantrum that cost everyone a lot of money. But he has a point. He and the local police should have known what was happening. He just expressed his point in an infantile manner. He should be fined, have to pay everyone's legal expenses, be demoted, and feel lucky if he isn't sued for false arrest.

Re: That's irrelevant.

Not at all irrelevant. It does not matter that .org was not meant exclusively for non-profits. What matters is that non-profits, for decades, had no other TLD that fit (that was appropriate to their charter). (Furthermore, for what it's worth, the public probably thinks of the .org TLD as being at least primarily for non-profits.)

If this deal is consummated, it seems likely that all .org domain-holders will have to pay a fortune to keep their TLD, or move to a new one, all because an insider with a conflict of interest was able to pull off a quick and quiet deal before anyone could stop it.

Where’s the public interest? Where’s the governance? Where’s the transparency? Where’s the oversight?

"they do not favour the Americans"

@Anonymous Coward

"they do not favour the Americans"

Perhaps I'm just stupid (and I'm setting myself up). How do "they do not favour the Americans"?

Are we still talking about networking gear?

Remember, Huawei stubbornly refused to remove their telnet backdoor until Vodafone made a huge stink about it. Cisco issued fixes for their problems immediately.

I'm willing to assume that Cisco does not intend their equipment to have backdoors. I expect, given its Chinese government connections, that Huawei does intend its equipment to have backdoors.

Even if Cisco equipment has NSA-supported backdoors, that's the United States NSA, not the Peoples' Republic of China — a major threat to, if not enemy of, the United States. I don't like having either scarfing up our data. But the former is far better than the latter. Encryption is the way to go.

Re: Keys

@CrazyOldCatMan

"the Allies would have eventually won without them since Germany was incredibly resource-constrained and couldn't have sustained the war long-term"

Much of the reason for Germany's resource constraints was the strategic bombing of the Romanian oil fields and the German ball-bearing factories that only USAF long-range bombers could reach. Furthermore, while the USSR was like an unstoppable tank that may have been able to roll over Germany — even without US help, I believe that in such a case, the Soviets might well have kept rolling right through Europe as well, as the "spoils of war". (Probably would have left Britain alone, however.)

That would hardly be "winning" WW II. The allies needed the US to ensure that Europe remained free from the Nazis and the USSR. Probably the stupidest, most arrogant decision Hitler ever made was to invade the USSR, turning that prodigious, relentless war machine into its enemy.

While the US populace is embarrassingly ignorant in its widespread belief that the US "won" WW II in Europe. I disagree that the USSR "won" it either (or you Europeans wouldn't have liked the results). The war would have taken far longer, both Germany and the Soviets were working on atomic weapons — no one knows what would have happened had the US not entered the European theatre.

The US contributed vast amounts of cash, engineering, and manufacturing capacity to build equipment at an unprecedented rate; the British contributed unequalled intelligence, code-breaking, radar, and world-class deception techniques. Both contributed brilliant generals to plan and coordinate battle plans. France and other occupied countries contributed critical intelligence and brave resistance fighters who sabotaged German equipment and critical infrastructure. The USSR contributed its own large manufacturing capacity and seemingly endless population of soldiers willing to sacrifice for the homeland. Blood is not all that counts, however. Every country contributed in important ways. The key countries were each critically important.

Had the USSR remained a German ally, the allies could not have prevailed. Thank goodness that Hitler was a madman.

On an earlier topic: The US and Soviet troops arrived at the outskirts of Berlin roughly simultaneously. The USSR was understandably eager to seek revenge and happily sacrifice its men to capture the city. The US was all too willing to stand by and let the Soviets do the dirty work, then negotiate our way into getting more than 50% of Berlin as Western territory.

While the Soviets were engaged in savage street-by-street battles in Berlin, the US was rounding up German scientists and engineers and offering them safe passage to the US, easy permanent resident status, government jobs, etc. It was brilliant, as you Brits, would say.

Re: Keys

@Gene Cash

I assume that you're referring to your mandatory US History class which, by definition, would not include anything European. It's very unfortunate that yours was so limited. I graduated from high school 46 years ago and was fortunate enough to attend a well-funded public high school. Our US History class started several centuries before our Revolutionary War but, unfortunately, reached only to the start of WW II before the school year was over.

At that time, our school did not offer any world or European history classes, but that was pretty typical. My parents both lived through the depression and WW II, so I've spent considerable time learning about WW II on my own — it's truly fascinating and gut-wrenching.

Re: "the suspect machine, once acquired, is never powered on."

"Acquisition of computer" (i.e., seizure) versus "acquisition of data" (ideally, perfect forensic copying of data without interference from local operating system): two different concepts being conflated, it may seem.

But perhaps you intentionally changed concepts — but, if I may nitpick with your writing style, neglected to highlighted it — given that you linked to that fascinating story about the Silk Road case where "live" data copying may have been necessary. It is always very risky; you can always check to see if EFS is enabled on the drive [in Windows, that is]). In the Silk Road case, it was presumably useful to seize the machine powered up at least to capture images of the screen as it was in mid-chat to verify identity.

Power-on (boot) passwords in those days (< 2013) were usually easy to defeat, sometimes requiring the use of a pin jumper or perhaps advice from the computer manufacturer. It depends on whose BIOS is involved or whether there's UEFI (don't recall when that rolled in).

Nowadays, "smart" criminals will want to use UEFI boot drives, boot passwords, and encrypted file systems. If such a system is seized by law enforcement powered on and kept powered on, they have a chance to perform an unencrypted copy of all disks (that could be challenged in court, perhaps). If such a system is not powered on when seized, their forensic copy will be an entirely encrypted disk image — good luck with that.

Re: Something not ringing true here ...

One would hope than anyone doing forensic analysis would know to disable any type of autoplay system, but alas, you never know...

Re: The Usual Response...

"Let's face it; everyone who has a short password likely started out with a longer one but all the retyping got old fast."

Not to mention being locked out of online access by your bank or credit card company until you call them. I'm getting older and my touch-typing of even real words isn't that reliable unless I watch my fingers. Thankfully, some sites now allow you to display the characters you type — presumably for when you are confident that no one will be able to see your display.

Re: Blackface?

That's not blackface — that's just a ski mask (to keep the face warm on a sub-zero [Fahrenheit] ski slope), like bank or jewelry store robbers sometimes wear to hide their identity. Sometimes they use a stocking, but stockings are not as effective and they probably reduce your vision considerably.