Security Through Begging

from the even-better-than-security-by-obscurity dept

Thu, Mar 16th 2006 12:53am — Mike Masnick

Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single. It's only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems -- so that the next time this happens, there won't be anyone on the network to download such documents. Beyond the fact that this is unlikely to have any effect (at all) on file sharing in Japan, it has nothing to do with the actual security breach. It wasn't the use of a file sharing system that was to blame here, but the security setup that allows an outside contractor to hook up his personal computer to the power plant's network without doing any kind of security check whatsoever to see if (a) his computer has malware or (b) his computer has file sharing software -- while leaving top secret documents available for his computer to access. If this is how government officials react to such leaks (taking forever and completely missing the root cause of the problem, while suggesting a solution that is impossible to implement), it's almost amazing that such leaks didn't happen sooner.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Kyle Youngblood, 16 Mar 2006 @ 4:10am

Were is the IT's at
Just like any Network your have to have someone running it. What is this guy/gal doing to keep these computers from getting on the Network. Does not seem like much other then tell them not to do it, you can see how long that lasted. If your going to implement the idea to not use file sharing, that is going to hard. I see that if they let any computer hook up to the network then they could easy have there system hacked long before this happend. If they are not going to take the time to keep the network system safe then why are they complaning about the leaks. Seem like they need to go there job and not complain about there lack of quaified IT's
[ link to this | view in thread ]
?, 16 Mar 2006 @ 4:19am

This is bound to work.
Everybody knows that people will not do bad things if you just ask. Just look at Sadam! We spent 20 years asking him to behave, and he did. That is why our war in Iraq is completely unjustified.
[ link to this | view in thread ]
You R an Idiot, 16 Mar 2006 @ 5:05am

Re: This is bound to work.
"We spent 20 years asking him to behave, and he did." Saddam did no such thing. He spent from the day Gulf War I ended, until the day the US invaded in GW II thumbing his nose at the free world violating every sanction that the UN Security Council wrote (BTW, the UN was making billions, while he was at it).
[ link to this | view in thread ]
Khurt Williams, 16 Mar 2006 @ 5:10am

Incompetent
It never ceases to amaze me that despite all the sage advice of security professionals that it is the poeple in power to implement the recommendations who completely miss the point.
[ link to this | view in thread ]
Nohe Isnot, 16 Mar 2006 @ 5:12am

Re: Re: This is bound to work.
Ummm... I think someone failed to detect someone else's irony.
[ link to this | view in thread ]
knucklehead, 16 Mar 2006 @ 6:24am

Re: Re: Re: This is bound to work.
Nohe wrote: "..failed to detect someone else's irony."

Not to get too off topic, but nobody really seems to care what the orginal topic was. Was that irony or sarcasm?

If you're going to rip on someone, at least rip on them for the right reason. Hey, I guess this is related to the orginal topic after all! A good example of finding the wrong root cause. Boy am I good....
[ link to this | view in thread ]
Anonymous Grammer N@zi, 16 Mar 2006 @ 6:34am

Re: Were is the IT's at
Just like any Network your have to have someone running it. What is this guy/gal doing to keep these computers from getting on the Network. Does not seem like much other then tell them not to do it, you can see how long that lasted. If your going to implement the idea to not use file sharing, that is going to hard. I see that if they let any computer hook up to the network then they could easy have there system hacked long before this happend. If they are not going to take the time to keep the network system safe then why are they complaning about the leaks. Seem like they need to go there job and not complain about there lack of quaified IT's

Pleaze sine op four mor C0re 3nglish callouses next simester!
[ link to this | view in thread ]
Anonymous Coward, 16 Mar 2006 @ 6:41am

Re: This is bound to work.
Agreed!

For Internet security, this already exists for traffic which complies with RFC 3514.

Firewalls [CBR03], packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. The problem is that making such determinations is hard. To solve this problem, we define a security flag, known as the "evil" bit, in the IPv4 [RFC791] header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.
[ link to this | view in thread ]
nismoto, 16 Mar 2006 @ 8:33am

Re: Re: Re: Re: This is bound to work.
"If you're going to rip on someone, at least rip on them for the right reason."
I think he/she did. Where did you get your education?

i·ro·ny (ī'rə-nē, ī'ər-) n., pl. -nies.
1. The use of words to express something different from and often opposite to their literal meaning.
2. An expression or utterance marked by a deliberate contrast between apparent and intended meaning.
3. A literary style employing such contrasts for humorous or rhetorical effect.
[ link to this | view in thread ]
Jason, 16 Mar 2006 @ 9:13am

Re: This is bound to work.
You have got to be kidding me! Granted, Saddam did not have weapons of mass destruction, however... to say he behaved shows a complete lack of understanding on your behalf. It was obviously NOT your mom, sisters, girlfriend or wife that was being habitually raped by his men. It was obviously NOT your family that lies in the mass graves that keep turning up. Woe be to America if you teach your children that this kind of thing is acceptable behavior.
[ link to this | view in thread ]
tinasmit, 16 Mar 2006 @ 9:20am

Re: Re: This is bound to work.
and how do you know that the american soldiers over there aren't doing the same thing?

basically, i don't fully believe anything unless i see it firsthand.

the media is not exactly a trustworthy source of information, to put it delicately.
[ link to this | view in thread ]
Clueless, 16 Mar 2006 @ 9:57am

Re: Re: Re: This is bound to work.
I believe it after I see it on the internet ... there is no false information on the internet....
[ link to this | view in thread ]
Rikko, 16 Mar 2006 @ 10:28am

We're arguing about Iraq now?
Wow, out comes the Techdirt lowest common denominator.
[ link to this | view in thread ]
Ironaq, 16 Mar 2006 @ 12:43pm

Next up, NAZIS~
....end of thread...
[ link to this | view in thread ]
cdb, 16 Mar 2006 @ 2:59pm

job
It's "Dad I need a job. Can you get me in as IT manager at the plant ?" "Sure son. What did you go to college for ?"
[ link to this | view in thread ]
Andrew Schmitt, 16 Mar 2006 @ 6:08pm

Huawei Isn't Stupid
This is one of many reasons why when you visit Huawei in China (and increasingly, other companies), you are told that no electronic devices can be brought inside, with the exception of customer meeting areas. If you are a tech, and must enter a lab for debug, your laptop ports are literally taped shut with security tape that indicates removal and re-attachment. This is of course, only after you have obtained the 5 signatures required to get your laptop through the door.
[ link to this | view in thread ]
Anonymous Coward, 17 Mar 2006 @ 1:06am

Re: This is bound to work.
[ link to this | view in thread ]
annoyed at you, 17 Apr 2006 @ 3:38am

Re: Re: This is bound to work.
you missed the sarcasm. This person wasn't serious. If you've already made up your mind that everyone else is an idiot then you will often jump to the wrong conclusion and hence end up looking like one yourself.
[ link to this | view in thread ]