*>>I see a contractor with full access and wonder why that was done;*
The only difference between a contractor and an FTE in many organizations is how and when you get paid, and the paperwork associated with termination. In most places, an FTE and Consultant undergo the same level of background checks, etc. And, in some places, I've had more access as a consultant than as an employee. If someone has Top Secret clearance, then FTE vs EMPLOYEE is a non-factor in the trust equation. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Sun, Sep 1, 2013 at 9:55 PM, Daniel Chenault <[email protected]> wrote: > I don’t think any of us are going to be receiving invites to the > post-mortem meeting so all we can do is speculate. The very nature of > speculation is that any given answer can be destabilized to a degree and > thus no clear answer will arise. > > I see a contractor with full access and wonder why that was done; what was > the justification and how were the liabilities addressed? Knowing that, at > those high levels in government politics is almost always a deciding factor > my supposition is that whoever was in the position to hand out the keys was > either lazy or incompetent or some mixture thereof. > > I've a friend who who owns a very successful electrical contracting > business. He once told me that any error can ultimately be attributed to > lazy or incompetent. I have yet to be able to prove him wrong. > > > -----Original Message----- From: Ken Schaefer > Sent: Sunday, September 01, 2013 7:47 PM > > To: [email protected] > Subject: RE: [NTSysADM] Re: Finally. > > I'm not necessarily asking for a resume. > > But I'd like a reasoned argument to back an accusation, allegation or > other comment. > > Saying "this is solely caused by 'x'", with no backing argument, is a huge > red flag to me. It makes no difference if it was a problem management > meeting, or something on this list. Usually, in my experience, monumental > "cock ups" are caused by a set of overlapping factors, with a cascading set > of circumstances that triggers a situation that no one initially thought > was possible, or very improbable. Whilst there might be a "root cause" you > could pin the failure on, it's rarely the sole thing. > > Let's all remember that in the past couple of years, we've known that RSA, > Symantec, Google (and the NSA) have had high profile failures. To say that > these failures are caused by management incompetence, or lack of resources, > or any other single thing is (I suspect) an over application of Occam's > razor. I'm pretty sure all those organisations have plenty of smart people, > plenty of resources and plenty of incentive to keep themselves protected. > Yet they still suffered failure. > > Cheers > Ken > > -----Original Message----- > From: [email protected] [mailto:listsadmin@lists.** > myitforum.com <[email protected]>] On Behalf Of Daniel > Chenault > Sent: Monday, 2 September 2013 10:24 AM > To: [email protected] > Subject: Re: [NTSysADM] Re: Finally. > > Ah.. it wasn't clear to whom you were directing your remarks. > The problem with uninformed punditry is deciding who is informed enough to > make the call. It can all get very murky indeed. > There is this organization of which I am a member and there is very > active forum; arguments there are expected to be able to stand on their own > merits such that the resume of the person making the point is irrelevant. > In that one forum, anyway, trotting out one's bona fides is seen as a > distraction rather than substantiation. > But that's there and this is here though I do think that a well-reasoned > position should be able to stand on its own. > > -----Original Message----- > From: Ken Schaefer > Sent: Sunday, September 01, 2013 7:05 PM > To: [email protected] > Subject: RE: [NTSysADM] Re: Finally. > > Just to clarify - I was asking Kurt. > > In any case, if you say this shouldn't be a pissing match - fair enough - > I'm in agreement on that. Can be also ban back-seat driving and uninformed > punditry? > > Cheers > Ken > > -----Original Message----- > From: [email protected] [mailto:listsadmin@lists.** > myitforum.com <[email protected]>] > On Behalf Of Daniel Chenault > Sent: Monday, 2 September 2013 9:42 AM > To: [email protected] > Subject: Re: [NTSysADM] Re: Finally. > > *shrug* I don’t feel the need to trot out my bona fides and that does not > even take into account the NDA that is still binding on me. Either what > I've said makes sense at face value or it doesn't. I don't particularly > care how you feel about it; feel free to ignore it completely if that makes > you happy. Heck, declare victory and have a ticker tape parade if that is > what will complete your world. This is not the proper venue for a pissing > match. > > > > -----Original Message----- > From: Ken Schaefer > Sent: Sunday, September 01, 2013 6:25 PM > To: [email protected] > Subject: RE: [NTSysADM] Re: Finally. > > You've designed "more secure" systems at scale (40K+ employees) in an > information heavy organisation (bank, accountancy etc.)? > > Cheers > Ken > > -----Original Message----- > From: [email protected] [mailto:listsadmin@lists.** > myitforum.com <[email protected]>] > On Behalf Of Kurt Buff > Sent: Monday, 2 September 2013 4:01 AM > To: [email protected] > Subject: Re: [NTSysADM] Re: Finally. > > Aside from reading all those Le Carre novels? > > I've already designed more secure systems than were obviously in place, as > have many people on this list, perhaps including you. > > Kurt > > On Sat, Aug 31, 2013 at 7:35 PM, Ken Schaefer <[email protected]> wrote: > >> And what are your qualifications/experience, that allow you to make >> such a call? (I’m assuming that you have no inside knowledge of how >> the NSA works, and are relying on the public speculation/allegations >> at el Reg etc.) >> >> >> >> Cheers >> >> Ken >> >> >> >> From: [email protected] >> [mailto:listsadmin@lists.**myitforum.com <[email protected]> >> ] >> On Behalf Of Kurt Buff >> Sent: Sunday, 1 September 2013 12:03 AM >> To: [email protected] >> >> >> Subject: Re: [NTSysADM] Re: Finally. >> >> >> >> On the evidence, absolutely. >> >> For an intelligence/espionage operation to be so thoroughly pwned >> because of such amazingly poor internal operational security, there >> can be only one conclusion - management responsible for internal >> security should be fired. >> >> I'm just glad they weren't, and I hope that what Snowden took is >> enough to bring them down, and that it's all revealed to the public. >> >> >> >> Kurt >> >> >> >> On Sat, Aug 31, 2013 at 4:20 AM, Ken Schaefer <[email protected]> wrote: >> >> So, you’re saying that the feared NSA, which has a bunch of >> un-discovered rootkits, which able to undertake some of the most >> advanced espionage in the world, is managed by idiots? Seriously? >> >> >> >> From: [email protected] >> [mailto:listsadmin@lists.**myitforum.com <[email protected]> >> ] >> On Behalf Of Jon Harris >> Sent: Saturday, 31 August 2013 6:17 AM >> To: [email protected] >> Subject: RE: [NTSysADM] Re: Finally. >> >> >> >> Generally from I have seen in state (Florida) organizations is that >> they don't like promoting anyone but a moron into supervisory positions. >> Occasionally someone will make a mistake and promote an intelligent >> person but not often. I would suspect this is the case with the Feds >> as well (worked with them too). Several times I have seen them hire >> those with less brains and longer tongues and large lips over those >> with brains. As long as this keeps happening then we will continue to >> see this happen. It will be a long time before they get rid of all >> the defective management personnel as I would think private companies >> would have little to gain by keeping them (maybe why they seem to >> concentrate in public jobs?) and in a government job it is MUCH harder >> to get rid of them. >> >> Jon >> >> >> ______________________________**__ >> >> Date: Fri, 30 Aug 2013 14:34:15 -0400 >> Subject: Re: [NTSysADM] Re: Finally. >> From: [email protected] >> To: [email protected] >> >> +13 >> >> On Aug 30, 2013 11:05 AM, "Kurt Buff" <[email protected]> wrote: >> >> On Fri, Aug 30, 2013 at 10:52 AM, Micheal Espinola Jr >> <[email protected]> wrote: >> >>> >>> I accidentally hit CTRL-Enter before finishing that email... and >>> apparently that's a shortcut to instantly-send a message in Gmail. Yay! >>> I >>> love learning new things... but anyways - So, yea, this Forbes article >>> was >>> the first I have seen that highlights the real underlying IT problem >>> regarding Snowden - aside from other OT issues. >>> >> <snip> >> >>> >>>> I may have missed some article by someone else somewhere, but Its to >>>> see Forbes 'get it' before anyone else... >>>> >>>> >>>> http://www.forbes.com/sites/**timworstall/2013/08/30/if-the-** >>>> nsa-really<http://www.forbes.com/sites/timworstall/2013/08/30/if-the-nsa-really> >>>> -let-edward-snowden-do-this-**then-someone-needs-to-be-**fired/ >>>> >>>> -- >>>> Espi >>>> >>> >> >> Agreed- massive failure on the part of many people in the NSA in >> implementing security procedures. >> >> Of course, what Snowden showed, beyond that, is the massive failure >> that is government policy and practices regarding >> surveillance/espionage in general, so I'm actually quite happy Snowden >> was able to do what he did. >> >> Kurt >> >> >> > > > > > > > >
