?

Log in

No account? Create an account
Jul. 6th, 2006 @ 01:27 pm Just sigh
I don't know what is more depressing about the latest breach of security at the FBI, the fact that it was so easy for him to do it, the fact that while they are spending gazillions of dollars 'upgrading' their computers and databases, when they clearly are spending no time on verifying that they have secure systems, or that their process is so bad that this contractor felt the only way to get things done was to crack the system (as apparently did other FBI employees who shared passwords! - Don't see them getting fired or going to jail do you?)

And in another shining display of barn-door closure after horses have exited, they are now looking at doing TRA's? Oh, and maybe they should do security education too? I certainly hope they are also looking at the obvious breakdown in IT services delivery as well. Written approval to put a new computer on the network? Okay, I can understand that the FBI might not want anyone wandering in with a new machine and getting access to their network, but c'mon people, there are systems to track this data flow! Hell there are even systems to automate the verification of the security and permissions of a machine. And really, if you have proper file permissions and encryption, and say, unused ports disabled, you'll go a hell of a way to making your network secure.

Do they have to make carbons of that written permission? I suppose it travels by inter-office mail courier as well.

It really makes me giggle. Some days when I think my employer has tipped way too far as far as process for security goes, I think 'hmm, wouldn't it be fun to go work in a nutty little company that doesn't know jack about security?' and I think I've just found the perfect candidate.
Who does she think she is?
thinking