Re: Clinton's Office Says Her Passport Files Also Breached

["John C. A. Bambenek, GCIH, CISSP" <bambenek.infosec () gmail com>]

> From the CISSP code of ethics:

To discourage such behavior as:

   - Raising unnecessary alarm, fear, uncertainty, or doubt

Yes, it was a big deal, the individuals, after all, got fired.  But this
chicken little response is unwarranted.  An independent investigation?  What
for?  Do you believe that Secretary Rice somehow has some conflict that
mitigates her ability to investigate this?

" but when they involve possible nominees for the presidency of the United
States, they are catastrophic."

Exactly how is it catastrophic?  Bad, sure.  If we want to talk about
catastrophes let's talk about something that entails significant loss of
life, extreme financial harm or some kind of system collapse.  This
hyperventalating hysteria over an access control violation that was caught,
dealt with and the offenders fired before the press got wind of it only
serves to diminish the professionalism of the field by showing people to be
highly strung paranoids.

In fact, exactly how were the disclosures extensive?  As far as I can see,
the press doesn't know the answer to that question and I question whether
you do either.  So before we run half-cocked all around, let's have some
sense of perspective.  Both of the certifications I hold insist on that and
so does the tenets of professionalism.

And I think it says something that when I make an offhanded comment about
disdain for American politics, you both make it personal about my
professional competency within information security.

On Fri, Mar 21, 2008 at 12:18 PM, Rich Kulawiec <rsk () gsp org> wrote:

> On Fri, Mar 21, 2008 at 04:37:21PM +0000, Paul Ferguson wrote:
> > For someone with GCIH and CISSP credentials, your cavalier
> > attitude towards these sorts of access control failures is kind
> > of troubling.
>
> I strongly concur.  No one worthy of the designation "professional" can
> fail to be highly alarmed by these developments, 16 years after this
> became a widely-publicized problem.  The disclosure of the extensive,
> private information of any American by the institutions of government, at
> any level, is a serious problem requiring immediate, constant attention
> until remedied -- as well as immediate, full reporting of the facts --
> AND severe discplinary measures, including prosecution of those
> responsible.
>
> Such violations are egregious enough when they involve any citizen:
> but when they involve possible nominees for the presidency of the United
> States, they are catastrophic.  There are many who would seek to use this
> information to affect the political process, and unfortunately, there
> are a few who might use it to harm the candidates *or their families*.
>
> This matter requires a full, independent investigation.  I am pleased
> to see that Secretary of State Rice has already personally apologized:
> she darn well should, as she is personally responsible for this, since
> it happened on her watch.  It remains to be seen whether there will be
> appropriate follow-through -- meticulous, exhaustive, and penetrating
> follow-through that answers the many serious questions which remain.
> (Such as who? why? what? how? when?)
>
> As an American citizen (who also has a passport file), I don't merely
> request this.  I demand it.
>
> ---Rsk
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.