funsec mailing list archives
Re: Clinton's Office Says Her Passport Files Also Breached
From: "John C. A. Bambenek, GCIH, CISSP" <bambenek.infosec () gmail com>
Date: Fri, 21 Mar 2008 13:37:57 -0500
From the CISSP code of ethics:
To discourage such behavior as: - Raising unnecessary alarm, fear, uncertainty, or doubt Yes, it was a big deal, the individuals, after all, got fired. But this chicken little response is unwarranted. An independent investigation? What for? Do you believe that Secretary Rice somehow has some conflict that mitigates her ability to investigate this? " but when they involve possible nominees for the presidency of the United States, they are catastrophic." Exactly how is it catastrophic? Bad, sure. If we want to talk about catastrophes let's talk about something that entails significant loss of life, extreme financial harm or some kind of system collapse. This hyperventalating hysteria over an access control violation that was caught, dealt with and the offenders fired before the press got wind of it only serves to diminish the professionalism of the field by showing people to be highly strung paranoids. In fact, exactly how were the disclosures extensive? As far as I can see, the press doesn't know the answer to that question and I question whether you do either. So before we run half-cocked all around, let's have some sense of perspective. Both of the certifications I hold insist on that and so does the tenets of professionalism. And I think it says something that when I make an offhanded comment about disdain for American politics, you both make it personal about my professional competency within information security. On Fri, Mar 21, 2008 at 12:18 PM, Rich Kulawiec <rsk () gsp org> wrote:
On Fri, Mar 21, 2008 at 04:37:21PM +0000, Paul Ferguson wrote:For someone with GCIH and CISSP credentials, your cavalier attitude towards these sorts of access control failures is kind of troubling.I strongly concur. No one worthy of the designation "professional" can fail to be highly alarmed by these developments, 16 years after this became a widely-publicized problem. The disclosure of the extensive, private information of any American by the institutions of government, at any level, is a serious problem requiring immediate, constant attention until remedied -- as well as immediate, full reporting of the facts -- AND severe discplinary measures, including prosecution of those responsible. Such violations are egregious enough when they involve any citizen: but when they involve possible nominees for the presidency of the United States, they are catastrophic. There are many who would seek to use this information to affect the political process, and unfortunately, there are a few who might use it to harm the candidates *or their families*. This matter requires a full, independent investigation. I am pleased to see that Secretary of State Rice has already personally apologized: she darn well should, as she is personally responsible for this, since it happened on her watch. It remains to be seen whether there will be appropriate follow-through -- meticulous, exhaustive, and penetrating follow-through that answers the many serious questions which remain. (Such as who? why? what? how? when?) As an American citizen (who also has a passport file), I don't merely request this. I demand it. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Clinton's Office Says Her Passport Files Also Breached Paul Ferguson (Mar 21)
- Re: Clinton's Office Says Her Passport Files Also Breached John C. A. Bambenek, GCIH, CISSP (Mar 21)
- <Possible follow-ups>
- Re: Clinton's Office Says Her Passport Files Also Breached Paul Ferguson (Mar 21)
- Re: Clinton's Office Says Her Passport Files Also Breached John C. A. Bambenek, GCIH, CISSP (Mar 21)
- Re: Clinton's Office Says Her Passport Files Also Breached Rich Kulawiec (Mar 21)
- Re: Clinton's Office Says Her Passport Files Also Breached John C. A. Bambenek, GCIH, CISSP (Mar 21)
- Re: Clinton's Office Says Her Passport Files Also Breached Rich Kulawiec (Mar 22)
- Re: Clinton's Office Says Her Passport Files Also Breached John C. A. Bambenek, GCIH, CISSP (Mar 22)
- Re: Clinton's Office Says Her Passport Files Also Breached Dennis Henderson (Mar 22)
- Re: Clinton's Office Says Her Passport Files Also Breached Rich Kulawiec (Mar 26)