funsec mailing list archives
Re: Petraeus
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 12 Nov 2012 12:54:15 -0500
Upon further review...and since this is *funsec*, I'd like to ask a few rhetorical security questions about this. I'm sure there are more that haven't occurred to me yet. 1. How is it that the Director of the CIA does not know how to use email (relatively) securely? Did he really compose unencrypted messages to his paramour using CIA computers on the CIA network and send them via CIA mail servers? Really? REALLY? If *that* is the clue level of senior national security professionals, we don't need to be worried about being hacked by the Chinese during OMG!! CYBERWAR!! or something similar. We need to worry about being hacked by bored fifteen-year-olds in Dubuque. 2. How was this woman able to reply? Is it actually possible for someone on the public Internet to send an email message to the inbox of the Director of the CIA? Why? Whose bright idea was THAT? 3. The Director of the CIA holds an UltraTopSuperSecret security clearance or whatever it's called this week. What does this incident tell us about the ability of the security clearance system to actually, you know, provide security? [1] 4. If the internal mechanisms of government aren't sufficient to (quickly) catch a very very senior person having an affair -- and doing it incompetently -- then why should we believe that they're sufficient to catch a well-trained, careful, diligent spy? 5. How do we know that "our" people were the first ones to catch him? 6. What if they weren't? ---rsk [1] According to "Espionage by the Numbers; A Statistical Overview", 74% of known cold-war era spies (in their sample set of 141) held clearances. Please see: http://rf-web.tamu.edu/security/security%20guide/Treason/Numbers.htm Given that clearances are now being handed out like candy at Halloween, I can't imagine that this percentage is going to decrease. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Petraeus, (continued)
- Re: Petraeus Rich Kulawiec (Nov 10)
- Re: Petraeus Blanchard, Michael (InfoSec) (Nov 12)
- Re: Petraeus Marc (Nov 12)
- Re: Petraeus John Bambenek (Nov 12)
- Re: Petraeus Richard Golodner (Nov 12)
- Re: Petraeus Marc (Nov 12)
- Re: Petraeus Paul Ferguson (Nov 12)
- Re: Petraeus Blanchard, Michael (InfoSec) (Nov 12)
- Re: Petraeus Rich Kulawiec (Nov 10)
- Re: Petraeus Danny McPherson (Nov 12)
- Re: Petraeus lists (Nov 12)
- Re: Petraeus David M Chess (Nov 21)
- Re: Petraeus phester (Nov 12)
- Re: Petraeus Paul Ferguson (Nov 12)
- Re: Petraeus Rich Kulawiec (Nov 21)
- Re: Petraeus mark seiden (Nov 21)