DHS infosec chief: We should pull clearance of feds who fail phish test

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: Sremmos80
a reply to: greencmp

Seriously what does that have to do with DHS employees and top secret clearance. Also don't think what you said is as cut and dry as you say.

There is plenty if incompentent people in the private sector too.

Incompetence is the rule rather than the exception. The only thing that attenuates the continued employment of incompetent employees is economic incentives not to screw up. You must lose your job and your company should fold if you can't live up to your stated service offering.

That's not how government works at all.

And according to you, government was never incompetent before Obama

Government is, has always been and always will be incompetent.

But you are still going to blame Obama and the ACA for the incompetence, funny I don't remember the OP mentioning the ACA at all.

He didn't, I did to remind everyone that the complete medical data disclosure was a mistake for the reasons indicated in the article.

So you admit you did it to nothing but derail the thread, something tells me that is a T & C violation.

lol

OK hall monitor, if you don't want to discuss it, have me ostracized.

You know interesting thread, seems the Bush admin created the HSA, and had nothing to do with Obama and the ACA, hmmmmmmm, am a computer guy, the people I am responsible for, falling for phishing schemes, are probably getting fired for being idiots.

Yes, Bush Jr. increased government more than anyone before him and promoted a wide array of interventionist policies.

Obama doubled it and counting.

Gonna ask you for a source on Obama doubling it.

I found this, which is old (2013) and pretty biased as a libertarian site (problems with cato aside) but, shows a variety of comparisons between the two.

Obama’s Budget: Spending Too High, But Bush Was Worse

a reply to: JacKatMtn

I say get rid of DHS... how does creating another gigantic inept gov't run entity make us safer, when the already numerous agencies in place, failed us...

I had a similar thought when it was created. This agency was to protect the 'regular folk'? The other were designated to not protect the country inside the borders? Seems every new layer of government creates more problems, whether it is seen as a real problem or not. This article seems to support it.

originally posted by: JacKatMtn

originally posted by: roadgravel

"Someone who fails every single phishing campaign in the world should not be holding a TS SCI [top secret, sensitive compartmentalized information—the highest level of security clearance] with the federal government," stated Beckman. "You have clearly demonstrated that you are not responsible enough to responsibly handle that information."

Beckman runs his own phishing tests, and those who fall for the fake phishing emails (by clicking on the enclosed link and entering usernames and passwords) are required to take Internet security training classes. And while the test e-mails he uses are clearly coming from outside of DHS and "to any security practitioner, they're blatant," Beckman said that there are some employees, including senior officials, who continually fall for them. Beckman suggested this is because "there are no repercussions to bad behavior... there’s no punitive damage, so to speak."

Liml

I imagine many may disagree but how can someone who falls for these ploys several times be trusted with sensitive information or a position where it is present. To me it demonstrates a lack of awareness of simple security or lack of concern.

Why hasn't it already been done. I some times wonder about who is working for DHS. Some people are not cut out for certain jobs.

I say get rid of DHS... how does creating another gigantic inept gov't run entity make us safer, when the already numerous agencies in place, failed us...

If there were holes and bad interagency communication prior to 9/11.. how did the creation of DHS help?

Seems like they have just created more surface area for HOLES!

Gotta love the folks in DC...

It was a catastrophic mistake to allow its creation.

Road Map for National Security:
Imperative for Change

Road Map for National Security:
Imperative for Change
The Phase III Report of
the U.S. Commission on National Security/21st Century
The United States Commission on National Security/21st Century
January 31, 2001

"We therefore recommend the creation of a new independent National Homeland Security Agency (NHSA) with responsibility for planning, coordinating, and integrating various U.S. government activities involved in homeland security. NHSA would be built upon the Federal Emergency Management Agency, with the three organizations currently on the front line of border security—the Coast Guard, the Customs Service, and the Border Patrol— transferred to it. NHSA would not only protect American lives, but also assume responsibility for overseeing the protection of the nation’s critical infrastructure, including information technology.

Its all in there well before 911.

a reply to: roadgravel

The company I work with (private not gov't) started to do this.

I received a strange email via my work email account which I did not open on my work machine.

Instead on my personal machine and running on a linux virtual box I opened the email after disconnecting the from the network in case of a mass email bomb. Unlikely on the linux client but still better be safe than sorry.

The email pretty much said you dumb @ss what are you doing opening this , but more politically correct.

I suspect you will see more companies doing this.

originally posted by: greencmp

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: Sremmos80
a reply to: greencmp

I think people with gov jobs get fired plenty, the higher ups don't sure but that is the same in the private sector IMO.

Think you just have a bias here that you assume it happens more in gov jobs then private.

And what was stopping our gov to be able to acceses that info if they wanted BEFORE the aca?

I do have a bias, I make no attempt to conceal it.

I want to shrink government dramatically.

EPA Employees Told to Stop Pooping in the Hallway

I don't think they have been fired yet.

Medical records were localized, government could always access the data if it needed to. My complaint has more to do with the recklessly insecure centralization of such sensitive data.

No, based on replies on here, I think your responses are based on the fact that there is a black democrat in the oval office, and your world will not be returned to normal until a white republican occupies that office. What insurance company do you work for anyway?

Ah, the race card, because what I said is clearly racist.

For the record, I personally despise insurance and wholly oppose the types of government policies which created health insurance after WWII.

It would have been better to let companies offer higher wages instead of forcing "employee benefits" workarounds.

Sorry for playing the race card, but it is only since a black man took the oval office, that y'all have come out. Sad fact is, companies would not have offered higher wages, I am 55 years old, have played this game for a long time, in a union state even. When no one could afford what the "For Profit" hospitals were charging, insurance became mandatory. Who ever invented for profit medicine should be executed, not a pretty site, but those that make their living off of other's misery, should be eliminated.

No worries, I basically make the general argument across a broad spectrum of topics that government interference is the primary cause of failure. I don't disagree that the private sector also makes mistakes but, they pay for them with their own pocketbooks so society benefits from the successes without footing the costs across the board.

The incentive to profit from development is a motivation that cannot be matched by organized compulsory labor. I think the argument for technical progress is solid and favors private enterprise. That leaves the emotional moral argument which is tricky but, certainly not impossible to address.

I submit that a truly free health care market would be much much better than what we have had up until now for everyone, including the poor.

I would submit a truly open health care market, not driven by profit motives from shareholders, or big pharma. The US is the only industrialized nation on earth that does not off it's citizens health care. Everyone in the US should be able to go to the doctor and get the meds they need. In the everyday basic sense of things. It is also our responsibility as human beings to remember that our life will end at some point, we need to accept that, and more importantly family members need to respect that. Sorry, am tired and headed to bed, but some family in California putting their brain dead offspring in an Assisted Living facility at 5 or 6 K a month, I want to punch these people in the throat.

a reply to: greencmp

Makes you wonder.... doesn't it...?

The way they sold it was to create an agency where the existing agencies' information could be disseminated, to avoid the separation culture between the FBI CIA NSA...

Not seeing how that worked out so well... YMMV

a reply to: BubbaJoe

I'm with you, I just don't want "the state" to do anything. In small towns and even small cities, essentially anywhere that has a sense of community such that you know if your neighbor is hungry, these problems have previously been handled by friends, family, volunteers and donations.

originally posted by: interupt42
a reply to: roadgravel

The company I work with (private not gov't) started to do this.

I received a strange email via my work email account which I did not open on my work machine.

Instead on my personal machine and running on a linux virtual box I opened the email after disconnecting the from the network in case of a mass email bomb. Unlikely on the linux client but still better be safe than sorry.

The email pretty much said you dumb @ss what are you doing opening this , but more politically correct.

I suspect you will see more companies doing this.

The link was still followed though so, I presume the initiator correlated the request with the target client.

originally posted by: JacKatMtn
a reply to: greencmp

Makes you wonder.... doesn't it...?

The way they sold it was to create an agency where the existing agencies' information could be disseminated, to avoid the separation culture between the FBI CIA NSA...

Not seeing how that worked out so well... YMMV

I don't even give them the benefit of the doubt so none of it surprises me anymore.

It really is more of a human nature thing.

The whole quote from Acton really does sum it up.

"Power tends to corrupt and absolute power corrupts absolutely. Great men are almost always bad men, even when they exercise influence and not authority; still more when you superadd the tendency of the certainty of corruption by authority."

-Lord Acton

Well this is a fantastic article. Way to tell the hacker community exactly how to break into US systems. It's not surprising, how bad people are at infosec (i see it all the time at work) but wow.

a reply to: Evil_Santa

It's not news, at least to Nigerian Princesses.

a reply to: greencmp

No since I didn't have network enabled and it was on an isolated vm image but I was able to read part of the text.

originally posted by: interupt42
a reply to: greencmp

No since I didn't have network enabled and it was on an isolated vm image but I was able to read part of the text.

Phew!

Sorry, I shouldn't have doubted you.

a reply to: greencmp

LOL,

Sorry, I shouldn't have doubted you.

I'm going to have to keep that for the next time you disagree with me.

a reply to: interupt42

Fair play!

You'd be surprised at how easily fooled people are.

No, just because that random, unsolicited email says "CLICK FOR FREE CAT PICTURES!" ... doesn't mean you are going to get free cat pictures.

Unless I'm expecting it, it's not to be trusted. If it does not conform to known security protocols, it's not to be trusted. If you are unsure if protocols have changed, ask a real person. How hard of a concept is this for people?

Sadly, so many folks think if it's on the internet it must be trustworthy. Sorry, that guy isn't a Nigerian prince who wants to send you money...

originally posted by: buster2010

originally posted by: greencmp
a reply to: roadgravel

Thanks to Obamacare, all American's medical data is now electronically accessible and overseen by such people.

The ACA is not top secret. Do you think of a way to blame Obama for everything?

Do you think of a way to defend him from everything?

It maximizes risk, while now providing its stated goal, of " affordable " healthcare..... Only those making $100k plus can pay for it honestly .

Yet it maximizes the risk of phishing, because most aren't technical savy, so an email containing intimate personal details about med history are very likely to to trust it and open it....

Just another way Obama has been awesome as potus!!!!

originally posted by: buster2010

originally posted by: greencmp

originally posted by: buster2010

originally posted by: greencmp
a reply to: roadgravel

Thanks to Obamacare, all American's medical data is now electronically accessible and overseen by such people.

The ACA is not top secret. Do you think of a way to blame Obama for everything?

It certainly isn't but, even if it was, it wouldn't be secure.

Just sayin'.

Yes, it is Obama's fault (and the rest of the Democrats who voted for the ACA).

I hate to break this to you but anything that is connected to the internet really isn't that secure do you want to blame Obama for that too?

Obama did not create human nature, so we can't blame him for that..unless we believe Obama is the second coming like you do, at which point we can!!!

Pick a side, which is it?

originally posted by: Sremmos80
a reply to: greencmp
Also never makes any mention of knowing who did it, they are looking for information of who it was if you know.

I am sure you have other examples, but at this point I am just feeding the derailment.
We can end this in agreement, I think, that the people in the OP need to at the VERY least lose their clearance.
At face value of what I read I would even agree let go.

My complaint has more to do with the recklessly insecure centralization of such sensitive data.

They were centralized with the insurance companies before hand as well.
All the ACA did was force more people into that system.
Nothing changed.
Last comment on that.

" force more people"

Because the gov hasn't screwed enough over yet?

At what point will gov screw enough folks you don't see them as a savior?

originally posted by: BubbaJoe

originally posted by: greencmp

originally posted by: Sremmos80
a reply to: greencmp

I think people with gov jobs get fired plenty, the higher ups don't sure but that is the same in the private sector IMO.

Think you just have a bias here that you assume it happens more in gov jobs then private.

And what was stopping our gov to be able to acceses that info if they wanted BEFORE the aca?

I do have a bias, I make no attempt to conceal it.

I want to shrink government dramatically.

EPA Employees Told to Stop Pooping in the Hallway

I don't think they have been fired yet.

Medical records were localized, government could always access the data if it needed to. My complaint has more to do with the recklessly insecure centralization of such sensitive data.

No, based on replies on here, I think your responses are based on the fact that there is a black democrat in the oval office, and your world will not be returned to normal until a white republican occupies that office. What insurance company do you work for anyway?

You win the most retarded post other net today award!! .....