[ExI] ExI] are we publishing?

spike at rainier66.com spike at rainier66.com
Wed May 29 16:17:34 UTC 2019



From: Dave Sill <sparge at gmail.com> 
Subject: Re: [ExI] ExI] are we publishing?


On Wed, May 29, 2019 at 10:07 AM <spike at rainier66.com <mailto:spike at rainier66.com> > wrote:


The system already had weak passwords, which is why some yahoo set his password to Password and somebody got in.  However… that would only compromise that account.


>…Not necessarily. That would have enabled an attacker to apply a privilege elevation exploit, of which there are many.  -Dave



Dave, if it is physically possible to enable (by any means, technological, bribery or religion-based miracle) privilege elevation, and do so without detection, then that server was set up incorrectly.  It is analogous to a bank vault left hanging open and all the employees going out to lunch simultaneously.  If someone wanders in off the street, sees, hauls away a coupla sacks of money undetected, that is considered an inside job.


OK then.  Bank people and licensed SysAdmins are trained how to not let that happen.  If somehow someone does elevate privilege and start downloading stuff somehow, the SysAdmin would at least know something is going wrong.  If she doesn’t know and the bad guy does get away with the data undetected, that is an inside job, and she (the SysAdmin) is in trouble deep.


I am not a SysAdmin, and my limited experience in that area is nearly 40 years old (DEC 11-750 mainframe) but even way back then, we knew about data theft and we knew what precautions were in place to prevent it.


For starters, you would set up with a low-speed data line.  So even if you did have a crooked insider attempts to steal data, they wouldn’t get much and she would find out forthwith.


We have a case where the real heartburn with Julian isn’t even about national security really.  It is expressed by Keith and others, who recognize that the DNC material had a huge and negative impact on history, because it revealed what goes into making the political sausage behind the scenes, which causes plenty of former political sausage-devourers to barf, and swear off sausage forever.  Shrugs.  


None of that political sausage-making was classified (in the legal national-security sense) but oh mercy, it was some sensitive information.  It looks to me like it isn’t Julian Assange we should be holding accountable for that leak but rather whoever leaked the information to start with.  All fingers point back to the SysAdmin.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20190529/431aa805/attachment.htm>

More information about the extropy-chat mailing list