Sunday, March 01, 2009

You're doing it wrong: P2P defense breach claimed

While we're on the subject of censorship and goverment limitations of the web, here's something that's NOT censorship.

Report: Pennsylvania Company Discovers Marine One Security Breach

Sensitive information about Marine One was reportedly found by Tiversa employees at an IP address in Tehran.

Tiversa CEO Bob Boback said a defense contractor in Bethesda, Md., had a file sharing program on one of their systems that contained highly sensitive blueprints for Marine One and financial information about the cost of the helicopter.

"We found a file containing entire blueprints and avionics package for Marine One," Boback said.

"When downloading one of these file-sharing programs, you are effectively allowing others around the world to access your hard drive," Boback told WPXI.
Now, any firm that allows its employees to download P2P on to work computers, or allows employees to take sensitive files to their home computers with P2P installed are, frankly, delinquent. I work for a medical company, and there's no way I could get an unauthorized program installed on my work computer. And if I put medical or business information on my home computer, they'd fire my ass inside 30 seconds. Which is exactly how it should be.

How can a defense contractor not know this?

Mind you, this is an interesting sentence from the report:
A Pennsylvania company that monitors peer-to-peer file-sharing networks discovered a potentially serious security breach involving President Obama's helicopter, Marine One, NBC affiliate WPXI in Pittsburgh reported.
Tell me again why this company, Tiversa, monitors P2P networks? Does this mean that when downloading one of these file-sharing programs, you are effectively allowing Tiversa to access your hard drive? Why yes, it does!


Kaneda Jones said...

your blog post inspired one of my own.. thanks for your blog post! got here off of the robo-sex post by way of the nekkid dalek! heheh

Peromyscus said...

Thanks, Kaneda - interesting post. I'm not going to withdraw my own post based on that though. The reason is that in 100% of the cases I've studied (N=1), pictures of the guts of the prezz's private copter ended up on a server in Iraq or wherever it was, which suggests that defense company really was doing it wrong. It's nice to get a bit of perspective, though, thanks!

I got lots of pictures of nekkid daleks, but not too many of the naked chick hugging the dalek. Anyway, whenever I try to post the latter, Botophucket deletes them again on the grounds that girls with no clothes on are rude.


Blog Widget by LinkWithin
I sometimes mention a product on this blog, and I give a URL to Amazon or similar sites. Just to reassure you, I don't get paid to advertise anything here and I don't get any money from your clicks. Everything I say here is because I feel like saying it.