uh-um.. this is stupid.
I mean in Japan, recently there were a lot of hype about a virus affecting winny(a p2p software similar to limeware), which causes all the stuff in your document folder to be shared online.

but they got no virus and it still leaked? wtf?

Ok someone explain this to me.. Because I guess I must be a little slow.

HOW IN THE BLUE HELL did LIMEFREAKINGWIRE get installed in a pentagon PC?

Heck how in the world does an ENDUSER who apparently knows squat about computers, was giving privilage to install software on her PC to begin with?

I work at a news paper, and apparently we run our Infosec department better than the freaking pentagon.

Not to mention, how did the Pentagon firewall allow p2p connections to places like the limewire network? Finally how did CLASSIFIED documents end up in the computer with access to the Internet?

I saw this testimony, and am amazed it has not received much coverage in the MSM. This is a huge problem which deserves a lot of attention, imo. Gen. Clark and the Tiversa folks are to be commended for bringing it to Congressional attention.

The biggest clue that there is an agenda behind this is the following sentence...

" The material, it was discovered, was copied from the computer of a single Pentagon contractor, who happened to be a LimeWire user. She didn't share those files intentionally; instead, her local file system was exposed through LimeWire."

Limewire *DOES NOT* expose the local filesystem, except for one explicit folder, *UNLESS* the user overrides this behavior MANUALLY.

This tells us a few things.

1). They're too stupid to realize this, and thu s have allowed a government employee off scott free inasfar as culpability is concerned.

2). They do realize this, but realize that not pointing it out makes their argument about the "dangers" of p2p more convincing.

This just smacks of placing the blame other than where it belongs.

After watching the hearing online, I don't find there to be any agenda. Are you saying that there are not risks? Or that these individuals testified, under oath, that they found documents that they actually DID NOT find via file sharing? That would be foolish. Especially from a highly decorated 4 star General....

It is relatively irrelevant how this much confidential information made its way onto the network....it needs to be stopped. I think that it was unfortunate that LimeWire took most of the blame when it appears to be a widespread problem that extends beyond LimeWire or an overriding user.

Our government leaders and DHS, DOD and others do not get the picture on security. The whole structure of "Network-Centric" Security architecture is based on retrofitting applications and content to security using centralized authority. Once the content is released, even with encryption, it is out of the control of these authorities. There are many, many vulnerabilities in NCS because the network structure is an afterthought and not an integral part of the content or application structured. The NCS approach has become the de facto standard for securing network infrastructures consuming billions of dollars in the process and we still have problems like that exposed in this article.

However, the DoD, DHS, DOJ and others, have been aware of new technology that solves this problem and it has been met with NIH factors and other resistance issues such as supporting standards. But, the reality is that Content-Centric Security (CCS) solves most, if not all of the problems associated with NCS.

CCS, as developed by one small company,creates self-governing content that not only authenticates the source and end-users, but controls who, when, where, how, and what in the content can be interacted with. These behavior security controls stay with the content and provide ingrained audit controls over the life-cycle of the content. This means no one can decipher a file and leave it in clear text.
One of the side benefits to CCS is a new set of secure wireless protocols as well on secure remote sensing, and mobile phone content security.

This is not a P2P problem, it is a security architecture problem. Is congress going to look at separate legislation for each of the hundreds of vulnerabilities in NCS and hit-on technology providers such as LimeWire or are they going to solve the basic problem of security architecture? This same government incompetence that looms in approaches to secure e-Visas, e-Passports and port security as well.

Took me a few reads to cut through some of your geek-speak--but you are actually dead-on.

"Government incompetence" is abundant because Congress really doesn't know squat about computer technologies yet they think they should regulate it. It's all pretending and political BS these days it seems, which is the big reason that Congress has a much lower job approval than even GWB these days.

So, basically CCS = DRM on steroids , right?
Sounds OK in theory, but I doubt it'll get implemented ...

I'm surprised it didn't happen sooner.

Ah, memories. It didn't even take 24 hours for a PC_Tool-young republican to totally screw up again:

800,000 Social Security numbers stolen by 22-year old worker.

Umm...what???

The url and the statement are not only unrelated, but the link you provide is irrelevant to this article. General Clark and Democrat Henry Waxman are bringing this security thing up, and pointing to limewire.

Really...what is your point?

To throw a barb at me, obviously. It's what he lives for (and near as I can tell, since every post he's made today has included one, the only reason he posts here).

The poor SOB is obsessing.

It's cute, in a sad, pathetic, "someone call the guys in white-coats" sorta way.

I am still not convinced that our Government has any reason to keep secrets.

I really hate to put it this way, but I find your statement difficult to answer without being blunt...

...are you that stupid? You don't think that our government has any rights to protect us from ourselves? You think there isn't anything our government has any legitimate reasons to hide information from us regarding, say, nuclear weapon development? Technology advancements that allow us to track our enemie(s) without their knowledge?

Should we just broadcast our entire strategy to Al-Queda directly so they can counter our every strategy? Perhaps you wish to volunteer to reveal that there is a secret weapons lab underneath your city that if terrorists learn of it, they can literally "blow up" the entire city with a single pipe bomb?

Okay, let's say there isn't any secret underground research facilities--what about troop deployment? Specific anti-terror measures? Weaknesses in the US power grid?

We should have revealed all of our secrets back in 1941 as well, so that Japan could have dropped atomic bombs on Pearl Harbor rather than sending so many planes to bomb it. Or we could have told the U.S.S.R. that the 'Star Wars' project was really all fake and we really couldn't counter any nuclear missile strike had they chosen to go that route.

Let's be palsy-walsies with Bin Ladin too--don't forget to tell him all our secrets while you're at it.

Limewire is a tool--it can be used for good or evil. It is illegal, from what I understand, to install ANY software on government pc's with classified information on them, as well as illegall for anyone to transfer any information from them to any other computer. Likely it was copied from the individual's "workstation" to their home pc first, which is illegal to begin with, and then they put it on limewire.

Yep, I knew this'd be blamed on Bush--never fails. Bush can do no right, and everyone else on the planet can do no wrong. I call that Blame the Skapegoat Syndrome...

BS Syndrome?

Sounds about right...

Limewire did not expose anything. The person / user that installed Limewire, then put that document in the Shared Directory (Or choose to share that file) shared it.

Limewire does not install and selectively choose what it wants to share. It steps the user through a Wizard that "Asks the User" what should and should not be shared.

Go find the employee!

LOL@computer noobs

great, so limewire is filled with porn, fake files...and top-secret government documents.

so let me see if i got this straight...
[1] - moron with a pc stores top secret documents on an open system
[2] - same moron then installs limewire and fails to check the configuration, or even see what files are being shared (most p2p software will share everything by default LOL)
[3] - it's now the software developer's fault that some moron installed the software on an open system, that the same moron stored confidential data on that same system, and that finally, the us government hires morons to do their work?

have I stated the points correctly?

Pretty much, aside from 3. According to our resident Libs here, it's completely George W. Bush's fault.

Yes. It's his fault because he is an idiot with idiots as advisers.

Of course.

Let's not blame the individual. She was obviously advised to do this from her advisers who get their orders directly from Bush.

Man, you guys are fun.

who's the fool ? The fool or the fool who follows the fool.

PC_Tool says:

Pretty much, aside from 3. According to our resident Libs here, it's completely George W. Bush's fault.
-----------------------------------------------
I knew it, Tool. Yer a durned Repooblican. That explains your arrogant and sarcastic attitude. By the way, it probably is Bush's fault.

The fool who quotes Star Wars movies to argue politics.

Seriously, let's at least attempt to stay on topic here.

Stereotyping?

Although many 'durned republicans' would say the same thing about 'the durned liberals', I try to listen to people's opinions and treat them for what they are, rather than discredit them solely based on the person's political views.

I will admit that looneyness will give me some skepticism about what people tell me, but 98% of republicans and democrats alike are looney anyway...

*laughs*

No, my arrogant and sarcastic attitude is from my father actually (and the simple fact that I'm a complete jerk).

As for being republican, The recent elections for senate and congress are the *only* elections in which I've voted primarily for republicans. As I stated recently elsewhere in these forums, I was, up until rather recently, a whiny, sniveling lib, just like zridling. Mad at a the big, mean, out to get me government for not catering to my every need.

I grew up.

What's your excuse? :p

LimeWire is not a network.

I think no computer with sensitive data should be on a internet connection. ;] Sure, internal network to actually send and recieve these docs between agents, but not connected to the outside world. ;]

There is too much logic in your statement. Computers with classified information should not be sitting on an unsecured network, period.

And why would people be able to install software on a machine that contains classified materials?

Sounds like the admins of these machines have no clue what they are doing.

No computer with Top Secret or above data is internet connected. Secret and below data is allowed to be taken home in many cases. Laptops, memory sticks, etc. with this level of data are lost from time to time. Often people who have access to this data aren't computer savy at all, the average human resource person for example. No matter how secure the government networks are made people taking this data off site and putting it on their insecure home networks/PCs will continue to be a problem. If the data is so sensitive that this occasional loss is unacceptable, then classify the data Top Secret or above. In the meantime just prosecute those who, intentionally or not, expose the data and move along.

Because they took the data offsite. No doubt the originating network IS secure. But if a HR person puts the query results, documents, etc. (including names and SSN's of personel) on a USB key so they can work on the data at home... then sticks that key into their unsecure PC at home running Limewire (or loses the key, etc.) then the data gets out. The admins of the machines on the originating network have no control of the data once it leaves their network and as I said Secret and below are allowed to be taken home. Of course there are rules to handling this data when you leave and if it gets out then the person probably ignore some/all of them and thus should clearly be punished but it has nothing to do with the network admins or the secruity of the base network.

This is not accurate at all! No classified information is allowed, under any circumstances to be on any public network or device....EVER!

There is also nothing "above" Top Secret. There are, and have been, 3 classifications for "Classified government documents:" Confidential, Secret, and Top Secret. The definition of a Secret document is a document that if known to outside individuals could cause SERIOUS danger to the national security of the United States. Top Secret is GRAVE danger....

If you listen to the testimony, this person was an IT Security specialist with a Top Secret clearance with 18 years experience. It is not as easy as you would think to stop this from occuring.

why can you plug a USB key into a machine which has classified info on it?

The whole thing reeks of the clueless.

the government will now proceed to destroy p2p =[

Or hire people that actually know what the hell they're doing with a computer.

I don't beleive that some are grasping the slightest degree of concern that this should have on all Americans. The very fact that anyone can load LimeWire onto a classified computer(or one that has access) is a severe breach in National Security.

I can only assume that the Network Admin is much brighter than this article poses and in no way is a reflection upon Bush, his Administration, or LimeWire. The fact it was installed and that those documents were sent is a treasonable offense.

I can't even begin to say how much this bothers me as an American and a Network Admin. Whether a "sympothizer" or an "unknowing twit", this person should be brought up on charges of treason. The Network Admin should lose his/her job as well and the NSA should look at ways to handle secure documents in a whole new way.

Whether laptops or, in this case, documents on LimeWire the culprits need to be found and jailed for a long time.

This only further proves just how incompetent the Bush Administration actually is.

seeing how easy it is to filter p2p programs on a closed network does say something about the competence of the network admin in question.... i mean you could even just block all the ports limewire uses, if not just block all ports that dont have a good reason to be used. or install a filter, im sure the government budget can cover a simple network traffic filter.

"i mean you could even just block all the ports limewire uses"

Wouldn't work. It has a different port with each install. There's no default (from what I can work out).

The other options would work though.

You're right...there is NO WAY this could happen under a competent administration! {read LOTS of sarcasm here}

I couldn't agree with you more on the subject of treason. This issue extends way past idiots who don't have the slightest clue on how to use the applications *they* themselves install on their systems.

Like a dog chasing its' own tail, I find the focus on a specific type of application unnerving and a complete waste of time! It solves nothing!

This issue represents a much larger one regarding secure Operating Systems, availability of source code for inspection, the type of hardware that should be allowed to integrate with secure systems and the clearly obvious indifference too many people in all branches of government regard security (unless it's against it's own people). This indifference should cost them in the same manner it would cost any one of us.

Where is the government's list of approved secure OSes and applications? What steps have they taken to train it's people and safeguard digital information? The internet, email, p2p, spyware, etc.. have been around way too long for anyone in government to plead ignorance!

We currently have a government that spends it's time spying on the american people (FBI now recruiting citizens to spy on eachother), illegally eavesdropping on telephone conversations, installing spyware (police) and even harassng people for taking photos of a building. The results have produced little. Yet, when government officials, contacts, friends and related others directly make classified documents available to the whole world, the "gun is blamed for the murder". This is such total BS!

We have spent nearly 1 trillion dollars for defense! And now we're hearing that a software application that's been whined about for ages is the latest culprit against the government?! If computers are too complicated for the government to use - remove them!

In addition to the security breaches already discussed in the article, this open "investigation" will now have everyone and their mother searchng and retrieving classified documents. This is another breach of security that has not gone unnoticed.

The Bush administration has SNAFU'd things so many times that I've long had F-up fatique. I'm sure there's another laptop just waiting to go missing within 24 hours. Rule: don't let idiot conservatives govern — they're lifetime incompetents. Anyone who's ever looked at W's life sees that he has absolutely failed at everything he's touched in his entire life.

Not limewire's fault.

True, and he has NEVER had to suffer the consequences for anything that he has ever done either. Even going AWOL for 18 months. He had his record "sanitized" as well, but the truth still manages to get out.

well it technically might not be their fault some idiot loaded the stuff onto the net, but it sure was somebodies fault that classified documents got loaded on limewire. of course, what they consider classified may actually just be stupid documents that cannot do any harm. they do classify the dumbest s*** sometimes.

This has nothing to do with the Bush administration. If you ever work in a corporate environment for IT support - you will know that most people are clueless when it comes to using a computer.

They install software that they really have no idea of how it works and when they want to do something like share a file with another person - instead of reading the manual to find out how to share either just the file and/or proper directory - they end up sharing their whole drive. Why - because it's the bare minimum that they understand.

I've been supporting people/software/systems for over 25 years and from Mainframes to Blackberry's - your average user has next to no clue.

I've had users delete their Windows directory because it was taking up too much space and wanted more free space on their computers.

I've had users ask me why when they save documents to "My Documents" at work - they don't see them at home, since the location name is the same.

This is simply someone who didn't have a clue - using something that they shouldn't have in the first place. And EVERYONE who works in support knows that you could have 5000 dialogs popup with every sort of warning under the sun asking over and over again (ARE YOU SURE) and the user will press YES or OK - regardless of what's being asked. Just think about how you install software - do you *really* read the fine print of every dialog or do you just click OK/NEXT?

Blaming LiveWire for this is just another example of the cluelessness of our own law makers. Most of them were born long before a computer came about and the rest have led such sheltered lives, they've probably never had to touch a computer.

But as most Democrats are quick to do - blame someone else. We can't blame the actual individual who used the software in the first place. I think her security clearence should be revoked and she should be unallowed to continue in this profession.

I'm willing to bet that she connected to a secure network with her laptop - moved files to her PC and then went home, plugged into her cable modem that's when Limewire got a hold of it and was able to reach the outside world.

I think one of the things secure locations should do is anytime someone brings in a PC from the outside, they should do a sweep on it before and after to insure that nothing gets in and that they don't take anything out.

If the directory had been secured properly - Limewire wouldn't have been able to get to it without asking about a password and hopefully that would have thrown a red flag up to the user. Then again - maybe not. :(

Reading AP news without looking at the careful wording and checking with the actual documents that they claim reveal he went AWOL--

--I know we're all lazy and want the truth to automatically be implanted into our brains without having to waste any of our precious time, but give me a break.

Don't bother posting detailed analysis over it to support your side either--I've spent days researching the facts on that case and even read the sh!tloads of documents that can't even be authenticated. You'd be wasting your time.

The truth does get out eventually, you're right on that. I pray it happens sooner rather than later, because I tire of arguments that are based on 'anonymous' sources that illegaly obtain documents that have likely been illegaly tampered with by other 'anonymous' sources.

You cannot prove he went AWOL. If anyone could, Bush'd been impeached years ago. Don't claim Bush is untouchable either--if he is so deceptive as you guys claim he is, he's a genius--yet you claim he's stupid. HE CAN'T BE BOTH. He's either very poor at covering his tracks, smart enough to cover them and genius at fooling the american people with the rest of the world, or the evidence just isn't there because it didn't happen.

Consider that you are wrong. Just consider it. If you are unwilling to do so, you already know that you have nothing to stand on since you can't even acknowledge anything may be different from your pre-existing point of view.

Argue if you wish, alright I'll look at it to show I'm not failing to see your side of the debate either. It's just that when it comes to the AWOL issue, I've wasted WAY too much time of my life peering through the countless pages of crap to leave any stone uncovered. Try another debate if you're looking to win another argument with a looney conservative just for the sake of winning. You've been warned.

This can't be good for LimeWire.

shouldn't be. why should software companies make it so if ****ing morons don't read what they are agreeing to the company is somehow responsible. if i was limewire this would be in my user agreement "if your information becomes public because you're a ****ing idiot and put private information in an public directory thats not our problem and, yes it is your fault" and yea it could be that blunt cause its not like these people are reading it anyways right? but if they click agree its a form contract and the end user can be held to it (meaning limewire isn't)

tell me again why its limewire's fault some traitor loaded classified documents onto the p2p network?

My two censts are most goverment pcs. People don't have admin access to install programs such as limewire or others programs with out admin(network approval..)