State Department Spent $1.2 Billion On An Asset Monitoring System... That Ignores All Non-Windows Equipment

from the julian-assange-agrees dept

We just wrote about a GAO report showing how the Defense Department is somewhat incompetent at dealing with online threats. Of course, it's not clear that anyone else in the government is any better. The GAO is back with yet another report, dinging the State Department for its dreadful computer security monitoring program. In this case, it's talking about threats to the State Department's network, rather than to third parties. And while the State Department spent a whopping $1.2 billion of taxpayer money on a fancy computer system, called iPost, to monitor everything, it turns out that it only works on Windows machines:
But the iPost service only covers computers that use Microsoft's Windows operating system, not other assets such as the roughly 5,000 routers and switches along State's network, non-Windows operating systems, firewalls, mainframes, databases and intrusion detection devices, GAO auditors said.
I mean, this is the kind of stuff that makes you shake your head in disbelief. Somewhere in the process of building a $1.2 billion system, no one thought to point out that there are more computer assets than those that run Microsoft Windows? Really? Someone seriously deserves to be fired.

Also, for the Windows computers where you can install it, it appears that the system barely works.
For instance, iPost tools did not always scan computers when scheduled, or they created false positives that had to be analyzed and explained. One scanner vendor failed to update its technology to detect the latest, most common vulnerabilities. And tools manufactured by different suppliers produced disparate scores that staff then had to interpret and modify.
Apparently, all of this is leading to confusion where people don't even know who's responsible for what.

So can someone explain why the federal government is coming down so hard on Bradley Manning, rather than taking some of that energy and focusing on securing the State Department's computers? Honestly, from the sound of things, you have to imagine that lots of people (including tons of foreign spies) long ago broke into State Department computers and had access to all of this info, based on reports like this. If anything, it makes you wonder if the Wikileaks leak may help get the State Department to better secure things.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computers, state department


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    David Muir (profile), 11 Aug 2011 @ 8:52am

    Honestly, from the sound of things, you have to imagine that lots of people (including tons of foreign spies) long ago broke into State Department computers and had access to all of this info, based on reports like this.


    Worse. It sounds an awful lot like those spies infiltrated the State Department and then actively mismanaged (sabotaged) the asset security project to ensure that they could continue to breach government networks.

    Spy Leader: We know how to circumvent Windows already. Ensure that the iPost project doesn't look at anything else.

    Spy Underling: Yes, Mr. Gates.

    link to this | view in thread ]

  2. icon
    Richard (profile), 11 Aug 2011 @ 9:10am

    Of course

    You only need to worry about security for window machines. Everything else is completely secure already (by comparison!)

    link to this | view in thread ]

  3. icon
    :Lobo Santo (profile), 11 Aug 2011 @ 9:13am

    *facepalm!*

    If those idiots wanted a secure infrastructure they'd do away entirely with Windows & Mac and contract somebody to build them a secure science-damned distro of Linux which is custom built to exactly meet their needs.

    Hell, I'll do for only $1.1 billion--now that's value!

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 11 Aug 2011 @ 9:14am

    Re: Of course

    no

    link to this | view in thread ]

  5. icon
    Greevar (profile), 11 Aug 2011 @ 9:17am

    Re: Of course

    Considering the NSA required Microsoft to add a back door for them, I'd say Windows is far more insecure than other OS offerings.

    The irony though is that most of the professionals who hack Windows machines are likely using something other than Windows (i.e. Linux/Unix). Honestly, if it weren't for DirectX games, Windows wouldn't even have a market among the technologically inclined.

    link to this | view in thread ]

  6. identicon
    Mr. Smarta**, 11 Aug 2011 @ 9:28am

    Nobody will get fired...

    Nobody's going to get fired. This sort of work was done by contractors who were hired to handle the Windows side of things, but either there was no contracting team to handle the "other" operating systems or somebody felt those were perfectly secure because they aren't "Windows". RedHat is most likely covered under the RedHat company, Solaris and databases for Oracle, routers and switches for Cisco.

    *nix systems are often wrongly assumed to be perfectly secure, which they aren't. The only computer immune from internet attacks is one that isn't connected to the internet (e.g. has no network capability like no wireless or NIC card, and even then that's suspect).

    link to this | view in thread ]

  7. icon
    blaktron (profile), 11 Aug 2011 @ 9:33am

    Re:

    What this means is that they paid for a product that offers significantly less in terms of feature set than 5 products i can name off the top of my head. This is your tax dollars people, get with it. Someone got rich off this, and it only cost the lifetime wealth of 1000 of your citizens.

    link to this | view in thread ]

  8. icon
    blaktron (profile), 11 Aug 2011 @ 9:35am

    Re: Re: Of course

    This is so ridiculously false that I dont know how to respond. There have been many, many, many tests and Windows7/2008R2 in their default installations and kept up to date with patches have NEVER been successfully attacked in the real world without user compromise or physical access. Get your facts straight.

    link to this | view in thread ]

  9. identicon
    Anonymous, 11 Aug 2011 @ 9:37am

    so I take it the name "iPost" is meant to be "iRonic"

    link to this | view in thread ]

  10. identicon
    Matt Bennett, 11 Aug 2011 @ 9:40am

    So, I love stories of government waste, and of course it's ridiculous.

    But don't bring Bradley manning into this. They're focusing on him cuz he's a traitor.

    link to this | view in thread ]

  11. identicon
    Rich Kulawiec, 11 Aug 2011 @ 9:43am

    Re: *facepalm!*

    Of course. It is quite, quite impossible to secure Windows systems for any meaningful value of "secure". Witness Microsoft itself, which has (a) the source code (b) massive in-house expertise (c) essentially-infinite personnel (d) essentially-infinite money and yet still cannot manage to run a mere email service (Hotmail) securely. Anyone who is actually paying attention to their own mail servers knows this; their own log files prove it repeatedly, all day, every day, and have been doing so for years.



    But I wouldn't start with Linux for this purpose. Oh, it's certainly an enormous step up from Windows, but then again a steaming pile of cow manure would be the same. I'd start with OpenBSD, which is considerably smaller and much more focused on security.



    None of this will happen, of course. Instead, those responsible for this will be rewarded and promoted, there will be more of the same epic failure, and even the poorest countries out there (the ones without a beer and an airline, thanks FZ) will be able to penetrate this operation whenever they want, merely by hiring a bored college student with a laptop.

    link to this | view in thread ]

  12. icon
    Ccomp5950 (profile), 11 Aug 2011 @ 9:48am

    Re: Re: Re: Of course

    I just successfully attacked one of my own machines. Figured it was easier for me to do so then for you to prove a negative.

    link to this | view in thread ]

  13. icon
    Fickelbra (profile), 11 Aug 2011 @ 9:51am

    Re: Of course

    Sorry chief, not true, as much as Apple's propaganda wants to say otherwise.

    link to this | view in thread ]

  14. identicon
    Greg, 11 Aug 2011 @ 10:10am

    Re:

    One man's traitor is another's whistleblower. Was Ellsberg a traitor, too?

    link to this | view in thread ]

  15. identicon
    DCX2, 11 Aug 2011 @ 10:20am

    Re: Re: Re: Re: Of course

    And I bet you attacked your own machine with physical access or user compromise, huh? Or did you just not finish reading the comment before launching the snark?

    link to this | view in thread ]

  16. icon
    Chris Maresca (profile), 11 Aug 2011 @ 10:21am

    Not surprised...

    This is the same group that decided to standardize on Wang systems when everyone else was moving to DOS - I still remember working at a Wang desk (basically a computer that was the whole desk, like something out of 1960s futurist comedy...) in the late 1980's.

    State Dept's forte is people and cultures, not technology.

    Chris.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 11 Aug 2011 @ 10:29am

    1.2 billion for Symantec?

    Seriously what does this get us that having them be a customer of Symantec doesn't?

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 11 Aug 2011 @ 10:46am

    Re: Re: Re: Re: Re: Of course

    You are talking to tech geeks that know you are blowing shit out of your ass. Most of us know windows isn't as bad as people make it out to be, but neither is it Helm's Deep.

    link to this | view in thread ]

  19. identicon
    Sum One, 11 Aug 2011 @ 10:46am

    Blame bureaucracy and office politics.

    "Somewhere in the process of building a $1.2 billion system, no one thought to point out that there are more computer assets than those that run Microsoft Windows? Really? Someone seriously deserves to be fired."

    I guarantee somebody did point that out. They were probably shot down by someone higher up the chain, who won't be fired but promoted instead. That is how the government rolls. Just ask any federal employee.

    link to this | view in thread ]

  20. icon
    TriZz (profile), 11 Aug 2011 @ 10:49am

    #correction

    "So can someone explain why the federal government is coming down so hard on Bradley Manning, rather ***thank*** taking some of that energy and focusing on securing the State Department's computers?"

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 11 Aug 2011 @ 10:57am

    ID10T error!

    link to this | view in thread ]

  22. identicon
    Someantimalwareguy, 11 Aug 2011 @ 11:11am

    Are you certain of that lol?

    Most of us know windows isn't as bad as people make it out to be, but neither is it Helm's Deep.
    Didn't Helm's Deep get breached and most of the defenders die? Just sayin'...

    link to this | view in thread ]

  23. icon
    blaktron (profile), 11 Aug 2011 @ 11:12am

    Re: Re: Re: Re: Of course

    What exploit did you use? What services did you enable first?

    link to this | view in thread ]

  24. icon
    blaktron (profile), 11 Aug 2011 @ 11:13am

    Re: Re: *facepalm!*

    Whats insecure about hotmail?

    link to this | view in thread ]

  25. icon
    ltlw0lf (profile), 11 Aug 2011 @ 11:31am

    Re: Re: Re: Re: Re: Re: Of course

    neither is it Helm's Deep.

    Hmmm... Helm's Deep was pretty easy to compromise as well. A little gunpowder was all the Urukai needed to breach the walls and then they were able to sweep through the outer defenses. Gandalf was even certain that the move to Helm's Deep was a dumb one...and he hoped that it would hold long enough for him to get the outcasted riders of Rohan and return.

    Windows is pretty bad by default, but any competent administrator can lock down Windows so its is secure enough to convince all but the most driven individuals to move on to easier targets.

    link to this | view in thread ]

  26. identicon
    Rich Kulawiec, 11 Aug 2011 @ 11:40am

    Re: Re: Re: *facepalm!*

    You're kidding, right? You're asking me to demonstrate to you that the ocean is wet. But presuming this is a serious question:

    If you run a mail server of any size/volume/scope/etc., then all you have to do to answer that question is to look at your own logs. (By which I mean not just your SMTP logs, but everything else as well.)

    If you don't, and not everyone does of course, then all you have to do is to read the relevant traffic on nanog, mailop, spam-l, full-disclosure, bugtraq, spamtools, and other related lists for the last ten years or so.

    Either way, what you need to be paying attention to is not so much what's going into Hotmail (although that's certainly interesting in its own right) but what's coming out of it.

    link to this | view in thread ]

  27. icon
    Any Mouse (profile), 11 Aug 2011 @ 11:47am

    Re:

    As an American citizen, and one who has actively volunteered my own time for my community, I consider Mr Manning a hero for having the courage to stand up and point out what is not right in our government. Anyone who would vilify him for trying to do the right thing is, in my own opinion, the true traitor.

    link to this | view in thread ]

  28. icon
    Any Mouse (profile), 11 Aug 2011 @ 11:49am

    Re:

    Wealthy contractors?

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 11 Aug 2011 @ 12:03pm

    Honestly, from the sound of things, you have to imagine that lots of people (including tons of foreign spies) long ago broke into State Department computers and had access to all of this info, based on reports like this

    Why bother? Why not just give 1 of the 2 million or so people who had access a couple of hundred dollars for the Manning Files. I am sure they all did. All the Wikileaks files will have been old hat to the other nations, but just very embarrassing that the public got to see them.

    link to this | view in thread ]

  30. identicon
    JEDIDIAH, 11 Aug 2011 @ 12:13pm

    Re: Re: Re: Of course

    Well. You can probably rationalize most Windows problems as exploiting stupid users. Although these tend to lead back to fundementally flawed design decisions.

    "We got it right this time, really we did."

    Been hearing that one since before most of you other people were on the Internet.

    link to this | view in thread ]

  31. identicon
    out_of_the_blue, 11 Aug 2011 @ 12:18pm

    Re: Re: Re: Of course; @blaktron: the very existence of patches..

    proves you trivially wrong.

    Here's the sequence:
    1) An exploit is found in the wild; this is constantly monitored by numerous experts.
    2) Microsoft hastily finds a fix (supposedly) and tries to put out a patch before it spreads.
    3) Microsoft yells "Keep your patches up to date!"
    4) You (and Microsoft) maintain that the most recent properly patched systems have never been exploited.

    link to this | view in thread ]

  32. icon
    Matt H (profile), 11 Aug 2011 @ 12:18pm

    Re: Re: Re: Re: *facepalm!*

    What's coming out of hotmail really has nothing to do with it's security as a whole. Anyone can sign up for a free account, hook it into a bot, and start spamming away. That still doesn't equal a lack of security.

    Another potential source for spam from hotmail (as I assume you're referring to that as "insecurity") is people's accounts getting hacked. That's usually their own fault for not using secure passwords.

    And finally, since hotmail is one of the oldest and most popular services out there, spammers have been spoofing fake hotmail addresses for years. In fact, you can pretend to send email from anyone you like just by setting up your own mailserver! Doing that just usually means you get easily caught by the spam filters.

    So....hotmail in and of itself is probably pretty secure. These days, Microsoft really seems to know what they're doing when it comes to locking things down...

    link to this | view in thread ]

  33. icon
    Greevar (profile), 11 Aug 2011 @ 12:35pm

    Re: Re:

    Paul Revere was a traitor...

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 11 Aug 2011 @ 12:43pm

    First rule of government contracts... limit the scope

    The first rule of successful government contracting it to limit the scope of the work to a very narrow, somewhat easily achievable target.... this can easily be done by including a statement in the initial contract such as 'iPost will secure windows based systems'... and suddenly it doesn't matter who brings up the issue of non-windows systems or how many times it comes up, the contractor just says, "That's not in the scope of this project, and ignores it."

    I'd like to think that things worked better in higher levels of government, but if they are this screwed up at the lower state levels, the federal government has to be even more screwed up.....

    Sure you purchased an Enterprise Resource and Planning system from Dorkle (not real company), but reporting was not in the scope of the implementation contract you signed with us (HighlyPaidbutWorthless Consulting, LLP), so we only tested/implemented methods to put data into the system, you're on your own as far as figuring out how to get information out of the system....

    Of course we would be happy to come back and sign another consulting contract with the scope limited to 'Reporting on X' for the same price as the initial implementation...

    Sure reporting can be done internally, but that would required report writers to have access to the tools that can 'do stuff' in the system, we can't let our people have access to those tools, they would do 'something' that would cause us more work in the future. If we just restrict all functional users from using the tools, we can guarantee that all 'work' happens in ITS and is done by consultants (since our people don't understand the system they are in charge of maintaining and supporting).

    This may sound a little far fetched, but this is basically the reality I've been living with for the last several years (names changed to protect the 'innocent' and all that...)

    So yeah... If it has Government and IT involved.... expect it to be totally messed up (look at who the consulting dollars are flowing to if you want to really understand what's going on).

    link to this | view in thread ]

  35. identicon
    Rich Kulawiec, 11 Aug 2011 @ 12:51pm

    Re: Re: Re: Re: Re: *facepalm!*

    There are many things wrong with your statements, some of which are obvious and some of which are subtle. I'm just going to cover the major points, and refer you to the resources already outlined for more extensive coverage.

    First: what comes out of any site has everything to do with whether or not it's secure. This is a first principle of network security, albeit one that is often overlooked. (Haven't you noticed that the most serious security issues don't involve someone breaking in...they involve someone breaking out?)

    Second: one of the other fundamental principles is that outbound abuse is a surface-level indicator of underlying problems. Spam is of course not the only form of abuse -- it's merely one of many that uses the SMTP protocol -- but it does provide a highly reliable measure of internal security. Secure sites do not emit spam on a systemic and persistent basis. (Nor do they emit other forms of abuse on a systemic and persistent basis.)

    Third: everyone who knows how to read email headers and/or evaluate their own logs is quite aware of what's really coming from Hotmail and what's not. Attempts to forge Hotmail's domain have decreased steadily, in part because even spammers, dull as some of them can be, have figured out that it's not a worthy target for forgery.

    Fourth: spam is far from the only security problem at Hotmail. Again, read the references I cited, or, if you don't want to plow through the historical record, just subscribe to them...and wait. You probably won't have to wait long.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 11 Aug 2011 @ 12:53pm

    Pointy Hair Bosses

    This is typical pointy hair boss stuff. They hire people with Microsoft "certifications" (i.e. vendor lackies) because they ignorantly believe that makes them "computer experts". (Never mind people with real degrees from ABET accredited programs!) Is it any wonder then when all these people seem to know about is Windows? What a joke.

    link to this | view in thread ]

  37. identicon
    Morgenstern, 11 Aug 2011 @ 1:11pm

    Still doesn't make Windows any better

    Ah, but therein lies the difference between security on a Windows and on other systems. Microsoft cannot respond quickly enough to patch needs because it has to develop them in-house, whereas Linux systems rely upon a community of people to plug the holes the moment they appear. This means that Windows is more vulnerable because it's security design is inherently flawed and rooted in a proprietary non-open source model.

    Admittedly, Windows 7 is a better offering security-wise than other Windows systems, but it still pales in comparison to a basic Linux distro that comes with a firewall and locked root privileges by default. Add in the "no know viruses" carrot, and the choice is clear.

    link to this | view in thread ]

  38. icon
    blaktron (profile), 11 Aug 2011 @ 1:24pm

    Re: Re: Re: Re: Re: Re: Re: Of course

    Please, name me a change from the default security settings that makes Windows more secure. In days gone by Windows used to ship with IIS and certain RPC services turned on and listening by default, which made setting up other service (like domain services) much easier. But those days are long gone, so please good sir, do tell me what OS level changes you personally make to a windows7 machine to make it more secure.

    link to this | view in thread ]

  39. icon
    blaktron (profile), 11 Aug 2011 @ 1:36pm

    Re: Still doesn't make Windows any better

    The amount of security-model ignorance you guys are spouting here is fantastic. Every SINGLE Windows exploit you've ever come in contact has been browser level. All of them. Those exact same exploits exist in the linux varieties of the browsers as well. God, I hope you aren't responsible for people's security, I almost think you work at Sony....

    link to this | view in thread ]

  40. icon
    blaktron (profile), 11 Aug 2011 @ 1:39pm

    Re: Re: Re: Re: Re: Re: *facepalm!*

    I actually do run Mail servers, they are bigger than yours almost for sure and I can promise you about 10 times as much spam comes from gmail addresses as hotmail ones these days. Sorry, try again.

    Also, STMP security involves forcing authentication, which hotmail does. They just give free accounts that allow anyone to authenticate. They clean up their mess as much as anyone. Also, none of that has ANYTHING to do with system security. moron.

    link to this | view in thread ]

  41. icon
    btrussell (profile), 11 Aug 2011 @ 4:54pm

    Re: Re: Still doesn't make Windows any better

    "I almost think you work at Sony...."

    ...no, but I did get their root-kit. Is that a browser thing?

    link to this | view in thread ]

  42. icon
    gorehound (profile), 11 Aug 2011 @ 5:18pm

    When Rick Perry is Elected he will pray to God to fix this and then there will be a "Miracle".

    What a dumb idea of the government to waste all that money that we need.
    FIX THE WASTE !!!

    link to this | view in thread ]

  43. icon
    BeeAitch (profile), 11 Aug 2011 @ 6:10pm

    Re: Are you certain of that lol?

    Isn't that rather the point? ;)

    link to this | view in thread ]

  44. icon
    BeeAitch (profile), 11 Aug 2011 @ 6:19pm

    I can't believe no one has said it yet:

    When is Apple going to sue them for calling it "iPost"?

    link to this | view in thread ]

  45. identicon
    Rich Kulawiec, 11 Aug 2011 @ 6:27pm

    Re: Re: Re: Re: Re: Re: Re: *facepalm!*

    I should probably charge you a consulting fee for this, but:

    I actually do run Mail servers, they are bigger than yours almost for sure and I can promise you about 10 times as much spam comes from gmail addresses as hotmail ones these days.

    Maybe they are bigger, although in the 30 years I've been running mail servers, they've varied in size from "tiny" to "among the biggest and busiest on the net". And one of the things I've learned is that size is not correlated to clue. Another is that anyone who can competently operate a mail server with 10K users can operate a mail server of arbitrary size just as competently.

    As to your comparison of volume from gmail vs. hotmail, you're making a beginner-level mistake here. Everyone who has studied spam in any depth knows that spammers target differentially: by country, by ASN, by network, by host, by domain, by MX, by OS, by MTA, by user, by LHS, by just about every criteria you can imagine. So one of the fundamental truths about anti-spam work is that your incoming spam mix does not look like their incoming spam mix, for all values of "your" and "their". Thus your observation, while presumably accurate, means nothing for anyone but you: it tells us precisely zero about the actual spam rates from either operation.

    So if you actually want to assess patterns on anything approaching a global scale, one of the things you need is a very large number of measurement points, AND that very large number of measurement points has to reflect sufficient diversity among all the criteria I enumerated above -- plus a few others. This is difficult not only because of the scale, but because considerable craftiness is required to operate the measurement points. And then even more clue is required in order to combine the measurements in a way that actually means something.

    Also, STMP security involves forcing authentication, which hotmail does.

    It's SMTP, and only some SMTP security involves authentication. As I would expect anyone who claims to run a mail server to know, there are many injection paths which do not. For example, Hotmail emits backscatter (aka outscatter), which is a particular form of spam that does not even require the spammer to have a Hotmail account.

    Beyond that, authentication is not a barrier to spammers running botnets, since they can possess and use at will any email authentication credentials stored or used on those systems. Thus -- as we've seen -- spammers will sometimes choose to use their bots not to directly send spam, but to relay it through third parties...some of which dutifully perform the authentication, which of course succeeds.

    They clean up their mess as much as anyone.

    Of all the things you've said, this is the most ludicrous. Everyone who has been paying the slightest attention to traffic among professionals in the field over the last ten years (whether that traffic is on mailing lists or in newsgroups or on the web or whatever) is well aware that Hotmail is absolutely, profoundly, completely incompetent at dealing with abuse and security issues. They have demonstrated, thousands of times, that not only can they not read well-crafted reports, not only can they not tell an abuse report from abuse, but they quite often fail to recognize their own hosts and networks as such.

    That is, as someone once said, a special kind of stupid.

    Here's an exercise for you: go over to Google. Type in "hotmail abuse clueless" and start reading the hits. When you're done, switch the search from the web to Usenet...and read some more. And then search...well, by now you should get the idea. Hotmail's abuse desk is legendary for their incompetence -- although they do have serious competition from Yahoo for worst-in-class.

    Yet this is not the end of the issues with Hotmail. As I said previously, spam is only one of their many problems. It just happens to be a particularly easy one to observe.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 11 Aug 2011 @ 11:52pm

    Re: Re: Still doesn't make Windows any better

    Every SINGLE Windows exploit you've ever come in contact has been browser level. All of them.

    I used to think you might be an idiot. I now have no doubt.

    link to this | view in thread ]

  47. icon
    djm229 (profile), 12 Aug 2011 @ 7:39am

    Re: Of course

    Dude, seriously? So you're one of those that believe MAC has only like 5 existing viruses, that UNIX is not a playground to hackers and that Steve Jobs will ensure that no viruses/malware could possibly hit you when you're on the IPAD? Because if you believe that, I've got a LOT of beachfront property for you in Tornado Alley.

    link to this | view in thread ]

  48. icon
    djm229 (profile), 12 Aug 2011 @ 7:49am

    Re: Re: Re: Re: Re: Re: Re: Re: *facepalm!*

    Anyone else notice that you both compared server sizes? This sounds like "mine's bigger than yours" ... wait, it IS that advanced argument.
    BLUF: Hotmail is not secure in itself, let alone that it's free. Thinking that it is is stupid. Period.

    Why would you think that Microsoft (that has serious vulnerabilities found monthly (hence the patching)) would put more/equal effort into securing it's FREE product than it's PAY products (Windows Desktops, servers, productivity systems, etc)?

    link to this | view in thread ]

  49. identicon
    Rich Kulawiec, 12 Aug 2011 @ 8:39am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: *facepalm!*

    Actually no, I explicitly disclaimed the "bigger is better" proposition...because it's wrong. Some of the best-run mail servers are not very big at all; some of the worst-run are enormous. The only thing that running a bigger server gets you, if you learn from the experience, is some clue about scaalability.



    Now as to your excellent question in the second paragraph: because Hotmail used to run on FreeBSD and Solaris. Just about ten years ago, Microsoft decided to switch it to Windows...and not coincidentally, that's when it began to go downhill rapidly. But they did it anyway, in a foolish, amateurish, misguided attempt to show that it could be done better with Windows (see http://www.theregister.co.uk/2002/11/21/ms_paper_touts_unix/) even though everyone knows that running a mail server on Windows is like setting yourself on fire: it's incredibly, completely stupid.



    But one would think, given that Microsoft went through all this trouble, that they would take the time to do it at least halfway well -- because as it is now, all it really demonstrates is that not even Microsoft can run Microsoft products in a secure and stable fashion...which in turn raises the question, if they can't even do it, and they wrote the code, then why would anyone else believe that they can? Why would they even want to try?



    And there's another point here, one that eludes many newcomers to the Internet. (You're "new" if did not have an email address ending in ".ARPA".) When you build an operation, any operation, and you plug it into the Internet, you take upon yourself the professional and ethical obligation to make sure that that operation does not harm the Internet. It's your first responsibility -- the one that trumps all others at all times. And in that...Microsoft has failed miserably. In part I think it's because they don't really care if Hotmail shits all over the rest of the Internet; but in part I think it's because they can't fix it. They've stacked the deck so much against themselves that they're stuck.



    But whatever the underlying reason(s), we know that the operation, take as a whole, is completely insecure. We may not know exactly why, or how -- although we have substantial clues -- but the emitted traffic proves beyond any possible argument that it's rotten to core.

    link to this | view in thread ]

  50. identicon
    Concerned Citizen, 12 Aug 2011 @ 3:41pm

    Correction to article

    Correcting a detail you mention that is not accurate. If you look at the GAO report (link below) bottom of page 6 and top of page 7 you will clearly see that the 1.2B you refer to is the the entire IT Budget not the cost for an "Asset Monitoring System".
    http://www.gao.gov/new.items/d11149.pdf
    Apparently NIST.GOV did not feel the same way as GAO about this system:
    http://www.state.gov/m/ds/rls/132183.htm
    http://www.nsa.gov/ia/ia_at_nsa/rowlett_awards/award_recipients.shtml

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 12 Aug 2011 @ 5:28pm

    Re: Re: Re:

    So was George Washington.

    link to this | view in thread ]

  52. identicon
    WareZwolF, 12 Aug 2011 @ 7:22pm

    Re: iRonic

    Sounds more like the "iShaft"...
    The parties responsible for this sham both inside and outside of the government should be tried for treason.
    A FREE product called "spiceworks" can outrun this $1.2B epic fail.
    So who is going to follow up on this? yah, nobody. They are all in on it.

    link to this | view in thread ]

  53. icon
    ltlw0lf (profile), 15 Aug 2011 @ 12:07pm

    Re: Re: Re: Re: Re: Re: Re: Re: Of course

    do tell me what OS level changes you personally make to a windows7 machine to make it more secure.

    I find the power button works well.

    link to this | view in thread ]

  54. identicon
    Someone with a clue, 17 Aug 2011 @ 12:33pm

    The blogger is incompentent

    The facts in his article are way off. The 1.2 Billion is for a much larger project for which iPost would account for a small fraction of a percentage. iPost is just a web front end that shows the results of other COTS products and makes calculations of risk based on that data.

    Mike should go back and re-read the article or go back to school for reading comprehension classes.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.