This is bad, people. So bad.

[JD Barleycorn]

Quote:

Originally Posted by WombRaider

So now we're crying over spilt milk? It's done. What good is wringing our hands over it going to do?

Of course, anything that Bush did was over six years ago. So why are you wringing your soiled panties over it? Can you say hypocrite and gotcha?

[Old-T]

Quote:

Originally Posted by WombRaider

So now we're crying over spilt milk? It's done. What good is wringing our hands over it going to do?

Nothing if we don't learn from it. And an attitude like yours guarantees that we don't learn from it.

[Old-T]

Quote:

Originally Posted by gnadfly

777

Just outrageous. You don't know what we do to be SOx, Export Compliant, PCI compliant, etc and the govt can do whatever shit it wants...especially use the excuse we outsourced it to contractors so they don't have to be responsible for various process and security procedures they themselves imposed.

Much of that comes directly back to excessive cuts in DNI and DoD people/budgets. Cut below reasonable safety levels. Do you k ow the ave number of parts on GS-7 or 9 is expected to be an "expert" in? A few years back that number was 250,000. They were supposed to--among other things--be expert I the manufacturing process, testing (what test equipment does it go on that might contaminate it), and storage/shipping. Most of this low-bidder to comply with law that long predates Obama or Bush. That is 12.5 per hour, every hour. Less than five minutes per year to track all the benders, subcontractors, and sources not only of parts but of peripheral equipment. And, to do it right, all those min wage security guards, etc. I am quite sure YOU could assure complete safety in 5 minutes. With no money for plant inspections.

And then, since that all represents wasteful"big government" we decree it can be done with 20% fewer people and less money (thank you, Congress).

Moron.

[WombRaider]

Quote:

Originally Posted by Old-T

Nothing if we don't learn from it. And an attitude like yours guarantees that we don't learn from it.

I never said don't learn from it. I see you've learned the art of putting words in people's mouths.

[IIFFOFRDB]

Quote:

Originally Posted by Old-T

Much of that comes directly back to excessive cuts in DNI and DoD people/budgets. Cut below reasonable safety levels. Do you k ow the ave number of parts on GS-7 or 9 is expected to be an "expert" in? A few years back that number was 250,000. They were supposed to--among other things--be expert I the manufacturing process, testing (what test equipment does it go on that might contaminate it), and storage/shipping. Most of this low-bidder to comply with law that long predates Obama or Bush. That is 12.5 per hour, every hour. Less than five minutes per year to track all the benders, subcontractors, and sources not only of parts but of peripheral equipment. And, to do it right, all those min wage security guards, etc. I am quite sure YOU could assure complete safety in 5 minutes. With no money for plant inspections.

And then, since that all represents wasteful"big government" we decree it can be done with 20% fewer people and less money (thank you, Congress).

Moron.

Old-Turfer and his dog Astro...

[Yssup Rider]

Another great thread SLOBBRIN.

[lustylad]

Quote:

Originally Posted by WombRaider

I never said don't learn from it. I see you've learned the art of putting words in people's mouths.

Ok, undercunt. I won't put words in your mouth. Why don't you tell us what YOU learned from it?

[IIFFOFRDB]

Quote:

Originally Posted by Yssup Rider

Another great thread SLOBBRIN.

Thanks ShitEater the astro-dog.

[The_Waco_Kid]

Quote:

Originally Posted by gnadfly

777

Just outrageous. You don't know what we do to be SOx, Export Compliant, PCI compliant, etc and the govt can do whatever shit it wants...especially use the excuse we outsourced it to contractors so they don't have to be responsible for various process and security procedures they themselves imposed.

777 = world writable and in this case world readable.
that this happened under Odumbo's watch is either gross incompetence or he allowed it. i mean, he's a closet commie isn't he? along with the many other closets he lives in.


tra la la .. a la la la

[Old-T]

Quote:

Originally Posted by WombRaider

I never said don't learn from it. I see you've learned the art of putting words in people's mouths.

Quote:

Originally Posted by lustylad

Ok, undercunt. I won't put words in your mouth. Why don't you tell us what YOU learned from it?

As scary as it might seem I will agree with LL on this point. Before we designate this to "old history", what do you think the lesson should be? Not the finger pointing, but the way forward.

[gnadfly]

Quote:

Originally Posted by Old-T

Much of that comes directly back to excessive cuts in DNI and DoD people/budgets. Cut below reasonable safety levels....
And then, since that all represents wasteful"big government" we decree it can be done with 20% fewer people and less money (thank you, Congress).

Moron.

You're the moron. They didn't have to give their contractor "root" necessarily. It's like Snowden finding out that he could look up anybody's information...he was a contractor...there were no controls or they weren't complying with the controls. The controls may not cost that much.

Most IT organisations have had to do "more with less" for the last decade. We have to comply with broad Fed regulations. The Fed regulations like Sarbanes-Oxley specifically exclude the Federal govt from having to comply with it the act. Do you think the CEO can tell Fed regulators "we don't have the money to comply?" The fines would still stack up.

Stop blaming budget cuts. The Obamacare web site is a example of govt IT project or oversight of IT project competence and cost over runs. And they basically had a blank check.

You're an old fool.

[Old-T]

Quote:

Originally Posted by gnadfly

You're the moron. They didn't have to give their contractor "root" necessarily. It's like Snowden finding out that he could look up anybody's information...he was a contractor...there were no controls or they weren't complying with the controls. The controls may not cost that much.

Most IT organisations have had to do "more with less" for the last decade. We have to comply with broad Fed regulations. The Fed regulations like Sarbanes-Oxley specifically exclude the Federal govt from having to comply with it the act. Do you think the CEO can tell Fed regulators "we don't have the money to comply?" The fines would still stack up.

Stop blaming budget cuts. The Obamacare web site is a example of govt IT project or oversight of IT project competence and cost over runs. And they basically had a blank check. True, but the cause is incompetent people, caused by bad personnel laws and implementation. And if you think that started with Obama you are even dumber than I give you credit for. But then you don't really care to address what I said--I never claimed there wasn't enough money spent on IT, just not in the right ways/places.

You're an old fool.

I will stop claiming it in budget cuts and stupid legislation when indeed it stops being caused by budget cuts and stupid legislation.

You are quick to shout "moron" when you are the one who is happy to be ignorant.

Why do contractors have root access? because there generally are few to no experienced, competent government IT people. Why? Because the GS GG and DR pay scales are not competitive for those people--and the OPM regs & the pertinent legislation makes it near impossible to pay the key IT technical folks at a pay scale different from less competitive job series.

Add to that the impossibility of getting rid of people just because their skills are no longer needed and replace them with what we now need. No, we have senior managers who have been obsolete for years still being put into senior manager positions--and they are often shoved into technical areas like IT because the personnel system can't hire enough competent senior managers and they have to put them somewhere.

Revise the personnel regs, retire/move out the ones with outdated talents that don't match what we need now, pay a competitive rate for the top technical people. But no, the REP mindset is a big indiscriminate meat cleaver--strictly concerned about the salaries, not what we get for it.

It IS an issue of not having the right people because the near-200 year old civil service approach needs major overhaul. Rumsfeld had that one very right.

PS: I thought you were ignoring me? Just curious.

[gnadfly]

Old-T,

Almost ALL major enterprise software has set up instructions, different roles and responsibilities, and permission.security recommendations. I can guarantee you that even the stupidest government SA/DBA has changed the default password from their outdated SQL 2000 Server admin account.

But you've seem to move the target, it was a cost issue. Now its a can't fire a govt employee issue.

You're back on ignore.

[WombRaider]

Quote:

Originally Posted by lustylad

Ok, undercunt. I won't put words in your mouth. Why don't you tell us what YOU learned from it?

Since when do you get to ask me shit? Down on your knees, fool. What does it matter who learned what. I'm not in charge of the fucking data security and neither are you.

[The_Waco_Kid]

Quote:

Originally Posted by gnadfly

You're the moron. They didn't have to give their contractor "root" necessarily. It's like Snowden finding out that he could look up anybody's information...he was a contractor...there were no controls or they weren't complying with the controls. The controls may not cost that much.

Most IT organisations have had to do "more with less" for the last decade. We have to comply with broad Fed regulations. The Fed regulations like Sarbanes-Oxley specifically exclude the Federal govt from having to comply with it the act. Do you think the CEO can tell Fed regulators "we don't have the money to comply?" The fines would still stack up.

Stop blaming budget cuts. The Obamacare web site is a example of govt IT project or oversight of IT project competence and cost over runs. And they basically had a blank check.

You're an old fool.

exactly right. even on a shoestring budget the obamacare website was a 4th rate attempt at 1990's web standards in 2014. shameful.

Quote:

Originally Posted by gnadfly

Old-T,

Almost ALL major enterprise software has set up instructions, different roles and responsibilities, and permission.security recommendations. I can guarantee you that even the stupidest government SA/DBA has changed the default password from their outdated SQL 2000 Server admin account.

But you've seem to move the target, it was a cost issue. Now its a can't fire a govt employee issue.

You're back on ignore.

in fact, no modern server setup would pass any "go-live" standards with default passwords. here's a term for you to consider. EPV. Enterprise Password Vault. also consider this .. keon. Keyboard Interactive Logon. also known as BoKS. it is all based on roles. the SA's have root, DBA's have their oracle login, etc. if these fools cut so much costs on a government contract to NOT follow such basic modern IT standards, it should be an act of treason. really, it should. this is supposed to be secure data yes? then why wasn't it protected as such? while no data is truly secure, it seems like these third rate bums didn't even try.

that said, even with audit controls, you can job the system. all it takes is a ticket in any enterprise incident system such as HP service center to gain access. should audit controls flag it? maybe, maybe not. the point is even with the BEST access controls the system can be accessed "live" and no audit controls software is likely to catch it in progress.

i work for a "big bank". the point is that we allow only sensitive access to employees "in the nation of origin and responsibility", meaning Chinese SA's, contractors or full time employees, are barred from root access to USA based servers. only US based SA's can access root. likewise, only SA's from foreign based servers such as Singapore are allowed root to their servers.

if these fools allowed non-USA based access to Chinese based contractors then this is essentially at best an act of sheer stupidity or an act or wanton treason. you decide.