<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>From:</b> Dave Sill <sparge@gmail.com> <br><b>Subject:</b> Re: [ExI] ExI] are we publishing?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Wed, May 29, 2019 at 10:07 AM <<a href="mailto:spike@rainier66.com">spike@rainier66.com</a>> wrote:<o:p></o:p></p></div><div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The system already had weak passwords, which is why some yahoo set his password to Password and somebody got in. However… that would only compromise that account.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>>…Not necessarily. That would have enabled an attacker to apply a privilege elevation exploit, of which there are many. -Dave<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Dave, if it is physically possible to enable (by any means, technological, bribery or religion-based miracle) privilege elevation, and do so without detection, then that server was set up incorrectly. It is analogous to a bank vault left hanging open and all the employees going out to lunch simultaneously. If someone wanders in off the street, sees, hauls away a coupla sacks of money undetected, that is considered an inside job.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>OK then. Bank people and licensed SysAdmins are trained how to not let that happen. If somehow someone does elevate privilege and start downloading stuff somehow, the SysAdmin would at least know something is going wrong. If she doesn’t know and the bad guy does get away with the data undetected, that is an inside job, and she (the SysAdmin) is in trouble deep.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I am not a SysAdmin, and my limited experience in that area is nearly 40 years old (DEC 11-750 mainframe) but even way back then, we knew about data theft and we knew what precautions were in place to prevent it.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>For starters, you would set up with a low-speed data line. So even if you did have a crooked insider attempts to steal data, they wouldn’t get much and she would find out forthwith.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>We have a case where the real heartburn with Julian isn’t even about national security really. It is expressed by Keith and others, who recognize that the DNC material had a huge and negative impact on history, because it revealed what goes into making the political sausage behind the scenes, which causes plenty of former political sausage-devourers to barf, and swear off sausage forever. Shrugs. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>None of that political sausage-making was classified (in the legal national-security sense) but oh mercy, it was some sensitive information. It looks to me like it isn’t Julian Assange we should be holding accountable for that leak but rather whoever leaked the information to start with. All fingers point back to the SysAdmin.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>spike <o:p></o:p></p></div></div></div></div></body></html>