News
3/24/2008
09:00 PM
Terry Sweeney
Terry Sweeney
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Real Tossers

How long do you hang on to decommissioned hard drives and storage devices? Do you at least wait to make sure your new drives or backup applications are functioning properly? If you answered yes to that last question, there might be a job at the White House for you.

How long do you hang on to decommissioned hard drives and storage devices? Do you at least wait to make sure your new drives or backup applications are functioning properly?

If you answered yes to that last question, there might be a job at the White House for you.The latest wrinkle in the missing White House e-mail saga is that the drives are gone. Tossed out. Destroyed, even.

"When workstations are at the end of their life cycle and retired... the hard drives are generally sent off-site to another government entity for physical destruction," the White House told a federal judge last week.

Normally, a reasonably sensible storage professional makes sure all necessary data was properly copied. And, normally, new applications -- whether it's an e-mail server or the backup system for it -- are tested and re-tested before anything gets destroyed. But this situation isn't normal, and the story behind the story keeps changing, or getting added to, like one of those serial chain letters that clutter your in-box.

Earlier on, I was willing to give the White House and CIO Theresa Payton the benefit of the doubt about this mess. My suspension of disbelief about this is officially suspended. The way they've disclosed details about the chronology and methods behind their actions now sounds improvised -- very lately improvised.

I have no idea if the judge in the case, John Facciola, is technically astute where the ins and outs of IT are concerned. But I'm betting he's started to sense that something's a bit off. This has now gotten to the point where it officially insults the intelligence. We'll see just how insulted the judge is in the next chapter -- his response won't be any kind of throwaway.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio