• @Candelestine
      link
      141 year ago

      This is probably worth believing.

      Fortunately, intelligence is a thing that goes steadily out-of-date as time passes. Also, once you know something has been compromised, you can take steps to significantly mitigate the damage.

      • Maharashtra
        link
        101 year ago

        I don’t believe it, because I work in IT for decades and by now, above a certain level of confidence, the only way for vital information to be shared with wrong recipients can’t be accidental. Years-long “accidental” proceder couldn’t go unobserved. Too many people involved, too many IT-relevant security measures in the action.

        • @Candelestine
          link
          81 year ago

          The entire point is it was happening in the past though. You think they would have been preventing it before 2015, when the article claims the man notified them?

          • Maharashtra
            link
            31 year ago

            Definitely.

            I am in the IT for decades, not days.

            • @CthuluVoIP
              link
              141 year ago

              I dunno, man. I’ve been doing cybersecurity for two decades and there are an awful lot of really stupid / ignorant / blissfully unaware people in IT across the private sector - particularly at big and older companies. It wouldn’t surprise me in the slightest to learn that something like this goes unnoticed. Unless you suspect a problem, if the system isn’t subject to regular audit, it could go on for years without anyone bothering to check.

              • Maharashtra
                link
                2
                edit-2
                1 year ago

                In private sector - yes. To this day people often mistake Internet browser for search engines.

                • @CthuluVoIP
                  link
                  61 year ago

                  Point being, government is often worse than the private sector.

            • @Candelestine
              link
              41 year ago

              Well, without providing an in-depth breakdown of your thought process, you’re just a rando on the internet, along with all the rest of us. After all, I can say I’m the owner of Twitter if I really want.

              Nobody should ever believe anyone’s claims on here automatically. That would be a very unwise habit to get into, for anyone.

              I hope you’re right though, that would be good. It certainly makes more sense to me that this would be caught earlier, and the DoD simply wouldn’t bother telling anyone it was dealt with.

              • Maharashtra
                link
                11 year ago

                I still remember the biggest flaw in Hayes 9600 and how to fix it, or how to set up two soundcards so that their IRQs aren’t in conflict, in DOS environment if it helps strengthening my credentials. 😎

                (Unless one of those cards is Gravis’ clone called Primax, these were often impossible to pair with good old Soundblaster).

                • pensa
                  link
                  fedilink
                  11 year ago

                  Appeal to authority is a logical fallacy. State your case not your credentials.

        • stevecrox
          link
          fedilink
          3
          edit-2
          1 year ago

          Have you met any of the big IT supply subcontractors?

          Many have built a business around highly specific contracts, the expectation is the service level agreements are technically met. Anything outside the contract is irrelevant and will not be done until a contract is in place. This is reflected in the culture of its staff.

          For example if you raised a problem and a team had a 24 hour SLA, the team is focussed on closing the ticket within 24 hours, so they will look for a reason to close the ticket. If you outlined a problem and suggested the issue might be in X area, they will declare “User stated a problem in X, X dashboard is green” and close the ticket. 24 Hour SLA Met!

          It might take you 20+ tickets before your actual problem is resolved but from their perspective that was 20+ tickets all completed within 24 hour SLA and that is the metric reported in the contact.

          If you try and expose the fact it took 20 days to resolve your problem, staff in these organisations will close ranks to protect each other and the business will protect them on the basis it undermines the metrics for the contract.

          It really isn’t surprising

          • Maharashtra
            link
            -11 year ago

            You sound like you think there are only humans working on local IT security and that it’s ticket-based model.

        • BoofStroke
          link
          fedilink
          2
          edit-2
          1 year ago

          Not to mention that classified information won’t even be on the regular mail system to begin with, it will be on SIPRNet where this scenario is not even possible.

          • @PhoenixRising
            link
            21 year ago

            I thought the issue was that even though it wasn’t classified info, the shear volume of “mundane” info was enough to figure it out. Stuff like an average soldier saying “Yeah, I’m getting stationed at Fort blah, Jimmy is heading out to Fort Blah” or “My departure time is 1900 and arrival is 2300”. All that information can paint a pretty accurate picture.