[SecurityRatty] tag: clinton

Bush's exit to put new e-records system to the test

Fri, 21 Nov 2008 02:00:00 +0000

The National Archives received only 32 million e-mails from the Clinton administration eight years ago, but in a few months, it expects to get hit with 50 times that from the Bush administration, which has exacerbated the problem by dragging its feet in supplying the data.

They didn't go away you know....

Fri, 14 Nov 2008 03:02:00 +0000

Listening to a discussion on CNN the day after President elect Obama won the U.S. Presidential race, made me think about what the terrorists may be thinking.

It really is fairly easy for the average citizen to push these thoughts out of their mind, but we should always keep it somewhere in our minds - close enough to recall it when necessary.

Bill Clinton was "tested" early in his Presidency as was the U.K.'s new Prime Minister - Gordon Brown. In PM Brown's case it came 72 hours after the Election in Britain. How long may we wait to see something here..or overseas, but definitely aimed at inflciting U.S. casualties?

Bottom line - we should always remian alert and open to the idea that something could happen and we can not afford to drop our guard and think "they have gone". Terrorists have great amounts of patience. They conduct surveillance right under the noses of their intended victims. As the old saying goes; "we have to be successful every single time - they only have to be lucky once".

Clinton Urges Party Unity In Powerful Convention Address

Wed, 27 Aug 2008 00:22:00 +0000

Hillary Clinton exhorts the members of her party to unite and rally behind former Democratic presidential nominee Barack Obama, saying that the nation can't afford to elect another Republican to the White House.

Obama Campaign Seeks Web-Site Security Help

Mon, 16 Jun 2008 02:26:56 +0000

Barack Obama's presidential campaign is seeking a security expert to help lock down its Web site, which was hacked two months ago by a Hillary Clinton supporter taking advantage of a programming error.

Parents can't afford to let their guard down when it comes to their children's safety

Fri, 23 May 2008 00:35:00 +0000

I was very fortunate last night to have been able to attend a presentation in Richmond by the well known Criminal and Behavioral Profiler, Dr. Clinton Van Zandt.
Dr. Van Zandt adressed a dinner which was organized by the Private Investigators Association of Virgina. Attendees were kept spell bound by inside sories involving the Jon Bennet Ramsey murder, The Unibomber, The Beltway Snipers and more.

Last month I was also fortunate to have been able to hear Col. Dave Grossman speak eloquently and passionately about the tragic school shootings in which he has been called in to assist educators and parents understand. One thing is clear from listening to both men, parents need to be ever mindful of the fact that they are their children's protectors. They are the sheepdogs, ever on the lookout for marauding wolves.

If you are a parent, or an educator or a security professional, I strongly urge you to read up on the teachings of these learned men and jump at the opportunity to hear them live if at all possible. I personally guarantee you that you will not be disappointed.

Are current vulnerability and compliance testing tools like answering the phone at 3am?

Mon, 19 May 2008 19:16:18 +0000

I was at a meeting for a potentially large customer engagement for vulnerability assessment and compliance testing last week. The requirements for this customer was not unusual. They wanted to test for conventional CVE type vulnerabilities. Additionally, they also wanted to test for configuration compliance. Hotfixes, patch level, AV, etc. This direction is where a lot of the traditional vulnerability management solutions have been heading. Whether adding a separate compliance module or audit and local check capability, most of the traditional vulnerability scanning solutions offer some coverage in this area. However, in speaking to this potential customer and in thinking about their needs, an inherent problem with this solution is that it is only as good as the devices that are available on the network when the scan takes place.

In traditional vulnerability scanning, when the scan takes place was not as much of an issue, usually you are scanning servers and other devices that are on the network 24/7. In fact doing the scans during off hours was usually preferred. Too many of the network based vulnerability scanners took up too much bandwidth and other resources to accomplish during the prime time hours of the day. In compliance scanning though, you need the status of laptops, desktops and other devices that may not be connected to the network 24/7. Therefore it is important to reach and test these devices when they are on the network. That is the rub. How do you really make sure the devices connecting to your network are compliant if you are only testing them at a point in time and that usually at an off hour?

This problem reminded me of the Clinton-Obama flap over who answers the phone at the White House at 3am. That is an important question for who is president, but for compliance answering the phone when someone is there to talk to is more important. I think this is where NAC provides an advantage. By utilizing NAC to detect devices coming on the network and than using a low impact compliance test as well as traditional vulnerability scanning, you get a picture of vulnerability posture and compliance status as of the last time they accessed the network. You can still do follow on tests at any time you desire, but at least when a device is logging on you are sure of a test.

Will NAC supplement vulnerability testing in this manner? I think so. Many customers we have spoken to about this like the idea of "scan on connect" and we have already enabled our own NAC product Safe Access and vulnerability management platform VAM to do this. What do you think?

Democratic Campaign Hacking Picks Up

Thu, 24 Apr 2008 06:54:32 +0000

Following last week's hack against BarackObama.com, Netcraft is reporting a research exploit against VoteHillary.Org. VoteHillary.org is owned by a PAC, not the Clinton campaign, whose site is www.HillaryClinton.com. Harry Sintonen, the Finnish security researcher who found the bug in VoteHillary.org, first tried to attack HillaryClinton.com, but found no cross-site scripting errors there. Both attacks essentially bring you to the other campaign's site surreptitiously. They are essentially benign, but that could change in the coming months.

Obama XSS Silliness

Tue, 22 Apr 2008 11:04:10 +0000

Apparently the security blunder of the weekend goes to the Barack Obama campaign for having XSS vulnerabilities throughout their website. There’s no need for me to rehash the story, you can read other articles that describe what happened. My thoughts on the matter are as follows:

I wish the media wouldn’t refer to this as “hacking Obama’s website” because it’s not quite accurate; XSS attacks end users, not the web site itself. Clearly one makes a better headline.
Can people (that’s you, security bloggers) stop saying things like “they should have been filtering inputs?” The most effective way to protect against XSS is HTML entity encoding, NOT input validation. Input validation is great and all — and please continue to use it in general — but you’re going to miss something.
Why is anybody surprised about this? Did anybody really think that the Obama (or Clinton, or McCain) campaigns would be spending money on web security testing? I guess they might be from now on…

All quite amusing nonetheless.

Obama site hacked, redirects clicks to Clinton's site

Mon, 21 Apr 2008 09:00:00 +0000

A cross-site scripting flaw in the social networking section of Sen. Barack Obama's campaign site was exploited over the weekend to redirect users to the URL of rival Sen. Hillary Clinton.

From warzones to strip clubs, the truth comes out for a former First Lady and a Pastor.

Sun, 30 Mar 2008 16:57:00 +0000

Last week in the Washington Post, "The Fact Checker" awarded former first lady, Hillary Clinton, four "Pinocchios" (real whoppers)for claiming to have come under sniper fire during a photo op. in Bosnia. On Thursday, Michael Dobbs once again awarded Senator Clinton another "poker" of Pinocchios.

This time she took heat for claiming that her trip to Bosnia was the first visit to a "war zone" by a first lady since World War II. Her claim is considered completly inaccurate, since Pat Nixon made a trip to Saigon in July 1969. At the time, South Vietnam was an actual, not a "potential" war zone in the aftermath of the 1968 Tet offensive.

The article also made mention of Barbara Bush's visit to Saudi Arabia in 1990, two months before the Persian Gulf war began. Speaking about Senator Clinton's claim that her aircraft made a tactical landing back in 1996, the pilot of the aircraft had a different memory. Retired Air Force Col. William Changose said that it was not true that they took evasive measures to avoid sniper fire. The Colonel went on to say that: "not only were there no bullets flying, there wasn't even a bumblebee flying around".

It seems that Senator Clinton is not the only one in the public eye to suffer from Pinocchioitis. Apparently the Police in Riverside, Ohio found a Pastor who had gone missing from his home in western New York, since Wednesday the 26th of March, after telling his wife that he was going to Best Buy to have his computer fixed. Officers found the Pastor at a strip club called the "K.C. Lounge", partying like a New York Govenor.

We often hear people in the media complaining about the negative effects that Rap music has on our youth. One wonders why we are now not hearing more complaining about the so-called role models getting caught with their pants down, so to speak. At least with the likes of rappers and other "bad boy" entertainers, what you see, is what you get. It's little wonder that so many people are comfortable telling lies during interviews and embellishing resumes in order to get hired and get ahead.

When I was going to school, the "dog ate my homework" excuse was used but not believed. Also, it tended to get used by children who had not yet reached their teens. I think that even children of that age these days will be able to see through these poorly constructed falsehoods that our "role models" would have us believe.

Unbelievable.