lubkin at unreasonable.com
Thu Dec 9 13:43:21 UTC 2010
>Ja, and it feels to me like they blame the wrong guy. Everywhere it
>is Assange this and Assange that, but they shoot the
>messenger. More guilty is PFC Manning, but even then, the real
>leakers are those who put anything potentially damaging on any
>network that had computers with a flash drive anywhere in the system.
There are two aspects, which both need to be safeguarded. Can you access
secure information and can you remove it from the secure location? There
needs to be both technical and human monitoring, appropriate to the
information being protected.
Safeguarding against this was already old tech thirty years ago. Limit what
people have access to. Log what they do access. Raise a flag if they're
trying to do more than they should be.
In this case, the bare fact of the leaks means that someone (presumably PFC
Manning) *did* access enough material that, even if it was part of his job,
a security event should have triggered that mandated prompt alerting of and
then review by a security officer. He did get it out from his secure
whether by removable media or by network. And he did slip through the
safeguards that are supposed to weed out people who will pass along
More information about the extropy-chat