News
3/24/2008
09:00 PM
Terry Sweeney
Terry Sweeney
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Real Tossers

How long do you hang on to decommissioned hard drives and storage devices? Do you at least wait to make sure your new drives or backup applications are functioning properly? If you answered yes to that last question, there might be a job at the White House for you.

How long do you hang on to decommissioned hard drives and storage devices? Do you at least wait to make sure your new drives or backup applications are functioning properly?

If you answered yes to that last question, there might be a job at the White House for you.The latest wrinkle in the missing White House e-mail saga is that the drives are gone. Tossed out. Destroyed, even.

"When workstations are at the end of their life cycle and retired... the hard drives are generally sent off-site to another government entity for physical destruction," the White House told a federal judge last week.

Normally, a reasonably sensible storage professional makes sure all necessary data was properly copied. And, normally, new applications -- whether it's an e-mail server or the backup system for it -- are tested and re-tested before anything gets destroyed. But this situation isn't normal, and the story behind the story keeps changing, or getting added to, like one of those serial chain letters that clutter your in-box.

Earlier on, I was willing to give the White House and CIO Theresa Payton the benefit of the doubt about this mess. My suspension of disbelief about this is officially suspended. The way they've disclosed details about the chronology and methods behind their actions now sounds improvised -- very lately improvised.

I have no idea if the judge in the case, John Facciola, is technically astute where the ins and outs of IT are concerned. But I'm betting he's started to sense that something's a bit off. This has now gotten to the point where it officially insults the intelligence. We'll see just how insulted the judge is in the next chapter -- his response won't be any kind of throwaway.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3594
Published: 2014-08-22
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.