tag:blogger.com,1999:blog-5579907756656776056.post1339342997753214505..comments2024-03-28T04:22:28.228-07:00Comments on Navy Matters: Our Networks Will Work - For 13 MinutesComNavOpshttp://www.blogger.com/profile/09669644332369727431noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-5579907756656776056.post-33374724065192273592016-06-25T19:59:35.389-07:002016-06-25T19:59:35.389-07:00CNO, would you happen to be a fan of the 2004 BSG ...CNO, would you happen to be a fan of the 2004 BSG TV series? I left a comment on your old USS Galactica blog post I'd like your input on. Ronald D. Moore, one of the Producers and chief writers of the show, actually spent time in the US Navy. Mazryonhhttps://www.blogger.com/profile/15895401478166870878noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-5007967409403325042016-06-21T05:44:55.949-07:002016-06-21T05:44:55.949-07:00One won't do anything but thousands would. Wha...One won't do anything but thousands would. What if the uniformed people went back to telling the non-uniform people what they wanted and stopped trying to (badly) project manage, administer, supply etc and the non-uniform people weren't working for a very expensive defense contractor?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-89854527890104579042016-06-21T05:25:12.516-07:002016-06-21T05:25:12.516-07:00Bringing smart people in form outside will NOT cha...Bringing smart people in form outside will NOT change the culture. Look at David Packard who was Deputy Secretary of Defense and pushed prototyping as a way to cut acquisition costs by not rushing immature technologies into production. <br /><br />LCS, F-35, FCS, AAAv, DDG-1000 - WTF OVER. Have we learned ANYTHING?<br /><br />If someone at THAT level can't make lasting change what do you think some newbie civilian wannabe Colonel is gonna be able to do?<br /><br />If you want to fix the system and culture you have to do it yourself. So all you Soldiers, Sailors, Airmen, and Marines start changing things from the inside.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-80785834858194364732016-06-21T05:05:14.095-07:002016-06-21T05:05:14.095-07:00Mud Marine - You missed my point.
Believe me I ha...Mud Marine - You missed my point.<br /><br />Believe me I have worked for the BIG Defense Contractors and I think they are WORSE than COTS.<br /><br />My point is the SW industry does NOT do common man reasonable steps to make sure the SW they produce is secure. When was the last time Windows or Linux was code reviewed to detect common bad practices? NEVER because there is no product liability impact.<br /><br />Read Mark Minasi's Book - The SW Conspiracy. It will open your eyes to how the industry is works to keep liability on the user via the EULAs.<br /><br />Lastly on your comment about open code reviews - how do the Zero Day vulnerabilities get into the Linux (open Source) code if there are so many and vigorous code reviews?<br /><br />Show me the run results from automated tools (free or paid for) that look for common coding mistakes, THEN you have taken the first step to common man responsibility. The runs ( I have done them) take less than an hour on medium size projects.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-33780866456958391012016-06-21T02:44:55.435-07:002016-06-21T02:44:55.435-07:00Perhaps they should consider middle-aged people wh...Perhaps they should consider middle-aged people who may be horribly unfit but have made a pile in industry already and want to give something back - the nice fit people can go and run around in the mud and leave the office work to experts with decades of experience.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-41517900767101087132016-06-20T22:54:42.467-07:002016-06-20T22:54:42.467-07:00Option 2 without the salary. They would be commiss...Option 2 without the salary. They would be commissioned and promoted to the rank that correlated with civlian position.Andrew S.noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-45909351633669281642016-06-20T22:20:43.363-07:002016-06-20T22:20:43.363-07:00So they can work in silicon valley and earn $120,0...So they can work in silicon valley and earn $120,000 per year, arrive late, wearing jeans, and have several million dollars of stock options available for doing well<br /><br />Or<br /><br />They can work in wherever the government sends them, and earn $120,000 per year, but be expected to arrive at work at 6am for PT, then wear uniform, and not have a million dollar option package dangled in front of them.<br /><br /><br />You would not believe the number of government jobs I turn down for stupid reasons that essentially boil down to my "your rules dont apply to me"* policy.<br />And I wouldnt get a job at google.<br /><br /><br />*Most recently a department was closing, their me had walked out, and they needed a new me to join for 8 weeks and finish exiting everything.<br />They wanted a week by week evidence of what I'd done for the past two years, I said no, they said yes, so I started a role with another company doing the same thing, who had the same rule about new starters, but bent it for me.TrThttps://www.blogger.com/profile/07316335177828136131noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-72983304727160613482016-06-20T18:13:36.463-07:002016-06-20T18:13:36.463-07:00Yep,
Thought the exact same thing.
Have a friend w...Yep,<br />Thought the exact same thing.<br />Have a friend who has a white hat hacking company, get hired by Aust big 4 accounting firms, for pen tests and such, $74k wouldn't get you very much by way of testing talent directed your way. Genius marketing, cheap as chips, crowd sourced pen tests. Amazing.<br />Anonymoushttps://www.blogger.com/profile/03052381474961878621noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-19113302473645834612016-06-20T17:19:50.730-07:002016-06-20T17:19:50.730-07:00Currently, the Pentagon released a proposal to be ...Currently, the Pentagon released a proposal to be able to transfer people with particular skill sets, IT, doctors, and such to their equivalent rank to try to address this. O-6 was the max rank they could be made, at least according to the Army Times.Andrew S.noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-31311164766285596412016-06-20T14:00:09.547-07:002016-06-20T14:00:09.547-07:00"It sort of blows my mind that the Govt. does..."It sort of blows my mind that the Govt. does not hire engineers from the likes of Amazon, Google, etc. to setup and or manage their IT."<br /><br />They try, but they are fundamentally incapable.<br />Facebook employs 12,000 people and is "commanded" bu Cuckerberg, age 32 and is worth $52bn<br />At 32, a government IT guy might be in charge of 5 people and worth $52,000<br /><br />On top of that, hes expected to know how to iron properly and march in order.TrThttps://www.blogger.com/profile/07316335177828136131noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-51301631563786442622016-06-20T13:57:33.683-07:002016-06-20T13:57:33.683-07:00Argue politely.Argue politely.ComNavOpshttps://www.blogger.com/profile/09669644332369727431noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-835999328967471982016-06-20T13:12:29.923-07:002016-06-20T13:12:29.923-07:00BS. This thinking is what keeps govt. computers l...BS. This thinking is what keeps govt. computers locked into boeing and lockheed IT circles. Because it is a closed system makes it more vulnerable.<br /><br />Saying that COTS is not secure is un-nuanced. Who gets hacked more, COTS Microsoft or COTS opensource LINUX/BSD? The more secure system is the one that allows cheap, no barrier auditing of code.MudMarinehttps://www.blogger.com/profile/07969168071793858858noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-26438537208179436182016-06-20T13:06:52.833-07:002016-06-20T13:06:52.833-07:00Yes, its alarming, but this turn of events is a go...Yes, its alarming, but this turn of events is a good thing. The government can't claim to employ the best computer people anymore. <br /><br />It sort of blows my mind that the Govt. does not hire engineers from the likes of Amazon, Google, etc. to setup and or manage their IT. When Amazon or Google go down, they lose real money. Because of this, they are very good at what they do. Can you imagine if Amazon was hired to design Healthcare.gov? I bet you it would have worked.<br /><br />MudMarinehttps://www.blogger.com/profile/07969168071793858858noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-59084688613400631772016-06-20T08:21:43.767-07:002016-06-20T08:21:43.767-07:00SW Engineering is going to have to grow up soon. ...SW Engineering is going to have to grow up soon. All recent SW is just a series of quicksand buildings on top of quicksand buildings. No one knows what the SW below them does or how it can be hacked. Anyone that follows the RFC process for proposing new standards knows that there is little to no focus on security being built in.<br /><br />Add to that the lousy implementation practices where no one does SW security testing (even when it is automated) much less design reviews and you have a disaster waiting to happen.<br /><br />This is why companies that have product liability responsibility do NOT use the COTS unsecure stuff out there.<br /><br />You can buy a #500 laptop with a COTS OS (pick any of them) and while you save a lot on purchase cost you inherit a HUGE Security liability.<br /><br />Start making Computer Scientists be licensed and have to carry liability insurance.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-73587845282448178892016-06-20T06:40:22.259-07:002016-06-20T06:40:22.259-07:00$72,000 wow that's cheap for network penetrati...$72,000 wow that's cheap for network penetration testing.<br /><br />Can you imagine what BAE would have charge ? proberbly that for the initial project meeting.Anonymoushttps://www.blogger.com/profile/12729830680739249692noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-49388540978001704592016-06-19T18:56:13.396-07:002016-06-19T18:56:13.396-07:00Do you think its possible to hijack one of these n...Do you think its possible to hijack one of these networking systems? I know thats how Iran captured that UAV, theres cases under investigation where it probably was done to civilian cars, and I think DHS has admitted its possible to do so airliners.Andrew S.noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-8132702511955983922016-06-19T15:26:40.356-07:002016-06-19T15:26:40.356-07:00The similarity between art and life has not escape...The similarity between art and life has not escaped me, nor you. Well noted!<br /><br />Networking is kind of okay as long as the individual components can be effective without the network. Unfortunately, we don't seem to be ensuring that. Our networks are moving along the path of "all or nothing".ComNavOpshttps://www.blogger.com/profile/09669644332369727431noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-59898519017363027012016-06-19T14:07:15.762-07:002016-06-19T14:07:15.762-07:00Given your previous post on Battlestar Galactica, ...Given your previous post on Battlestar Galactica, it seems that life is imitating art here. The 2004 BSG TV series kicked off with a massive cyberwarfare attack on the 12 human colonies that disabled almost every defense they had, and from this article it looks like a similar incident could happen to the USA's armed forces too. Commander Adama, one of the main protagonists of the BSG TV series, was adamant that no computer networks or updates be installed on his beloved Galactica, which is what saved a lot of survivors in the beginning of that show too. Mazryonhhttps://www.blogger.com/profile/15895401478166870878noreply@blogger.comtag:blogger.com,1999:blog-5579907756656776056.post-89464817020267841152016-06-19T08:49:50.926-07:002016-06-19T08:49:50.926-07:00" So what will Chinese, Russian, and NKorean ..." So what will Chinese, Russian, and NKorean military professional hackers be able to do by working full time on hacking Pentagon networks and with the resources of entire countries to back them up? A lot more I would imagine!"<br /><br />Nar, they'll be far less capable.<br />A fighter pilot who goes on a 6 week IT course isnt a viable black hat.TrThttps://www.blogger.com/profile/07316335177828136131noreply@blogger.com