“A Morocco-born computer virus that crashed the Department of Homeland Security’s US-VISIT border screening system last year first passed though the backbone network of the Immigrations and Customs Enforcement bureau, according to newly released documents on the incident,” Kevin Poulsen reports for Wired News.
Poulsen reports, “The documents were released by court order, following a yearlong battle by Wired News to obtain the pages under the Freedom of Information Act. They provide the first official acknowledgement that DHS erred by deliberately leaving more than 1,300 sensitive US-VISIT workstations vulnerable to attack, even as it mounted an all-out effort to patch routine desktop computers against the virulent Zotob worm.”
MacDailyNews Note: “Zotob is a worm that targets Windows 2000–based computers and takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm and its variants install malicious software, and then search for other computers to infect.” – Microsoft Security Advisory (899588). (“Microsoft Security,” LOL.)
Poulsen continues, “US-VISIT is a hodgepodge of older databases maintained by various government agencies, tied to a national network of workstations with biometric readers installed at airports and other U.S. points of entry. The $400 million program was launched in January 2004 in an effort to secure the border from terrorists by thoroughly screening visiting foreign nationals against scores of government watch lists.”
“The workstations at the front end of US-VISIT run Windows 2000 Professional, so they were vulnerable to attack. Those computers are administered by the DHS’ Bureau of Customs and Border Protection, which learned of the plug-and-play vulnerability Aug. 11, according to the new documents. The agency’s security team began testing Microsoft’s patch Aug. 12, with an eye to installing it on more than 40,000 desktop computers in use in the agency,” Poulsen reports. “But as CBP started pushing the patch to its internal desktop machines Aug. 17, it made the fateful decision not to patch the 1,313 US-VISIT workstations.”
“On Aug. 18, Zotob finally hit the US-VISIT workstations, rapidly spreading from one to another,” Poulsen reports. “At international airports in Los Angeles, San Francisco, Miami and elsewhere, long lines formed while CBP screeners processed foreign visitors by hand, or in some cases used backup computers, according to press reports at the time. At CBP’s data center in Newington, Virginia, officials scrambled overnight to distribute the tardy patch.”
Full sordid story here.
MacDailyNews Take: It just figures that the “U.S. Department of Homeland Security” uses the world’s most insecure OS, doesn’t it? If they had Macs instead, none of this would have happened – and that’s a fact. Please see “Related MacDailyNews articles” below.
Related MacDailyNews articles:
US Department of Homeland Security: patch Microsoft Windows now or risk complete system compromise – August 10, 2006
CCIA wants U.S. Dept. of Homeland Security to reconsider buying ‘insecure Microsoft software’ – August 29, 2003
U.S. Department of Homeland Security says Windows vulnerable to attack – August 01, 2003
Department of Homeland Security chose Microsoft due to time and money limitations – July 21, 2003
U.S. Department of Homeland Security awards enterprise agreement to Microsoft – July 15, 2003
Get a Mac: Viruses, spyware cost U.S. consumers $7.8 billion over last two years – August 08, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
FBI: Viruses, spyware, other computer-related crimes cost U.S. businesses $67.2 billion per year – February 01, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
If I was a Democrat, the gubment would use Macs.
MDN word “coming”.
“If you disagree with me, using The Patriot Act, we’ll be coming to get you”.
If NASA, parts of the army and other government agencies “get it”, why doesn’t Homeland Security?
Seriously, WHY do Governments and Administrations rely on Microshaft for mission-critical stuff? Doesn’t the EULA on Windows specifically state that it is not designed for mission-critical environments? Then why do they persist? And why are they surprised when things like this happen?
It simply beggars belief.
MW: behind
“If I was a Democrat, the gubment would use Macs.
MDN word “coming”.
“If you disagree with me, using The Patriot Act, we’ll be coming to get you”.
Oh yeah, that must be it. Because back during the clinton years, they all used Macs right?
Can you name one person that has been negatively affected by the Patriot Act? (besides those terrorists in London that were planning to hijack 10 planes, and were stopped).
MDN word – “heard”
As in has anyone heard of anyone being hurt by the patriot act.
Connor MacBook that’s because the biggest idiots in our government all work in our security apparatus. They make decisions based on fear and not on any rational reasoning.
Didn’t the old saying go something like “no one ever got fired for buying Microsoft”?
Rush Limbaugh and Al Gore use Macs. Please explain that dichotomy.
This is what is called a “boondoggle”, much like the acres of mobile homes in Hope, AR.
Their hearts might have been in the right place, and when you let bids, you don’t always hear back from the best. Also, for the entire system to talk to each other, they probably felt they HAD to go Windows.
For the money spent, though, too bad the entire Government couldn’t go OSX.
Of course, as many units as that would take, then there wouldn’t be any Macs left around for us to buy…
Thought Process: I could tell you, but then i would have to kill you, or at least Git-mo you!
Thought process – Give this some thought
Under the Patriot Act, the definition of terrorism is expanded to cover anyone or any group that tries to bring about change for political or ideological reasons and uses any kind of force to bring it about. This could range from nailing a poster to a courthouse door to carrying a picket sign. Thus, the government now has the authority to harass a broad range of political dissenters, ranging from Greenpeace to anti-abortion protesters to environmental activists to the National Rifle Association.
Under the Patriot Act, the government can, and most likely already has, conducted black bag and sneak and peak searches. In other words, government agents—much like other authoritarian regimes—can now enter your apartment or home and look through your documents, computer files and possessions (“sneak and peak”) or take documents, files and possessions (“black bag”) without giving you notice that they’ve ever been on your property.
Also under the Patriot Act, the government has routine access to your educational and financial/banking records as long as the government asserts that snooping through your records is “related to a terrorism investigation.” What this means is that all a government agent has to say to get access to your records is, “We’re conducting a terrorism investigation.” And, believe it or not, your school or bank cannot inform you that the government has gotten this information.
The Patriot Act allows government agents to conduct document searches and seizures of businesses as well. Moreover, any company, including employers, libraries, Internet providers, banks, bookstores and video stores must provide all records relating to the subject under investigation. Again, these entities cannot inform anyone, including the suspect or the media, that they have been rifling through their files. A violation of this provision is a federal offense that can result in imprisonment.
Under the Patriot Act, the government is allowed to conduct roving wiretaps. Any judge can issue a wiretap order for a telephone line, Internet line or e-mail system anywhere in the U.S. in order to follow a targeted individual anywhere—even if the individual is not named by the government. Known as a “Doe” target, it means that if you are labeled a suspected terrorist, any of your electronic communications are continually monitored by the government. This obviously makes it easier for the FBI—using the powerful Internet spying technology called Carnivore—to monitor computers, read e-mails and track which web pages are visited by American citizens with merely the say-so of an employer or university.
There are many other intrusive and violative provisions of the Patriot Act, which clearly and dramatically emasculates key provisions of our Bill of Rights. Not only does it inhibit and chill free expression by American citizens, it is also an intrusive violation of our privacy and undermines the Fourth Amendment to our Constitution, which protects against unreasonable searches and seizures. There was obviously some concern about this by Congress, which is the reason that the Patriot Act was sunset at five years.
One day after the terrorist attacks on the World Trade Center and the Pentagon traumatized our nation, President Bush vowed, “We will not allow this enemy to win the war by changing our way of life or restricting our freedoms.” Unfortunately, by becoming an aggressive advocate of the Patriot Act, the President is doing just that.
Actually fear ain’t so bad a motivation. As Andy Grove liked to say, “Only the paranoid survive.” Better fear than complacency.
“Can you name one person that has been negatively affected by the Patriot Act?”
No one can, because if you reveal the name of anyone arrested under the Patriot Act, you’re put in the cell next to him/her, and your name is added to the list hanging on the rack in the torture chamber.
I recall seeing pictures of “Governor” G W Bush with a PowerBook on his desk.
Ok, there’s this problem with DHS’ computers, and, a few days ago, the Memphis DHS office was found to have listening devices in it.
Yipe.
Check yourself there, Freedom Fister
“to bring about change for political or ideological reasons and uses any kind of force to bring it about. This could range from nailing a poster to a courthouse door to carrying a picket sign”-
Where is the force used there? Putting the nail in? Picking up the sign? What is YOUR definition of terrorism?
While it is good that citizens always check legislation that could conflict with the Constitution, please don’t slant it to pass your ideals.
Also realize that Congress passed this, and I don’t recall the Dems playing the filibuster card like they have for political-rather than constitutional, reasons.
If you are against this and the government as a whole for passing it, then people like you are a blessing to any democracy. If you think this is a “Facist Ploy” by the right, please “move on”.
“Thought Process”, part of the difficulty of showing anybody “hurt” by the Patriot Act is that many of provisions of the Patriot Act are secret. Thus, nobody knows about them. Things like secret searches and the like.
But since you asked, I figured I’d name a few names.
How about Brandon Mayfield, who the government detained because of it’s belief that he was part of the Madrid bombings? Or how about Sami al-Hussayen, who was arrested and charged with providing “material support” for a terrorists by posting links to “objectionable materials” on a website–links that were also available on the BBC. How about Michael Galardi–owner of a couple of Las Vegas strip clubs? The government was on a fishing expedition to see if he had bribed local officials. Investigators used provisions of the Patriot Act to obtain records, even though Galardi was not suspected of terrorism. Then there’s Tomas Foral, who moved Anthrax-infected cow tissue from a broken freezer to a working one.
Oh, and don’t forget that the parts of the Patriot Act used by government investigators to catch that guy who was posting Stargate SG-1 episodes…
I have a PB now, too.
MARIA BARTIROMO (CNBC): I’m curious, have you ever Googled anybody? Do you use Google?
DUBYA: Uhh, occasionally. One of the things I’ve used on the Google is, uhh, to pull up maps.
White House, Oct. 11, 2006
Goodbye MDN— Can’t take these political rants on a technology site.
BYE BYE! This site is removed from my shortcuts bar.
Freedom Firster: Your comments are right on the mark.
Thought Process: The London hijackers you refer to were stopped by British police exercising their police powers in Britain. The trigger for the arrests in London was that Pakistan detained an alleged member of plot – in Pakistan. The Patriot Act is a US law and had NOTHING to do with apprehending the London hijackers.
About who has been harmed by the Patriot Act: We don’t know. Nobody does, because the US Dept of Justice won’t release the data – even to Congress. Just “trust us” said John Ashcroft. This is not a credible response. We are a nation of laws, and we rely on institutions, separation of powers, due process, freedom of information, and the right to petition for redress of grievances to ensure that government acts reasonably and within the limits of its authority.
Lastly, the Library Connection – an association of 26 libraries in Connecticut – was indeed harmed when it received a “National Security Letter” demanding library records of patrons. The association had to sue in court, and could not even reveal it was the plaintiff, because the government absurdly claimed that to do so would harm “national security” – even after the press had publicly identified the plaintiff from court documents.
Jeez, wtf are they using MS??**!!
These bozos look after security?**!
Unbelievable — if it wasn’t so typical.
It just figures that the “U.S. Department of Homeland Security” uses the world’s most insecure OS, doesn’t it? If they had Macs instead, none of this would have happened – and that’s a fact.
We will be shortly presenting evidence to prove that everything about the Department of Homeland Security is Bill Clinton’s fault and – where that just isn’t believable – we’ll find evidence that John Kerry and Al Gore were the guilty parties.
Anybody who wants to point out the irony of Michael Chertoff receiving the Henry Petersen Award for service to the DoJ’s criminal division (the only time its ever been awarded to a political appointee) may as well pack their beachware as we’re gonna waterboard your ass in sunny Cuba for a couple of years.
Spark says: Goodbye MDN— Can’t take these political rants on a technology site.
Translation: I’m leaving and not coming back… you’ll see… you’ll be sorry.
————————————————————————-
You’ll be back. In fact, I suspect you’ll be back in minutes to see if anyone responded to your post. Few can bear to stand alone in their convictions!
This entire thread, this site, this platform, this planet is political. Everything is political!
Unfortunately, far too many political exchanges are divisive and devolve into branding and name-calling, especially where politics trumps principles.
It’s all good though, so stop running away, and take a stand, Spark. You see, even your post adds to the mix.
MDN: if they had the new 24 inch iMacs they wouldnt be able to connect at all as their is a big problem with their airpor connexions – have a lot at the Apple support forums they are full of it.
Anybody who has flown on a commercial airliner in the US in the last 5 years has been negatively impacted.
Silly: the computers would not be using airport connection at all. Totally irrelevant.
How many by the way? Apple forums are full of it… hummm, maybe at least 50 users! Indeed: a pandemic at Apple support forums. Reminds me like the infection of the iPod: The sky is falling: iPods are now a virus vehicle. How many? less than 1% of those coming from a specific third party producer.
The more Windows apologists try to compare Apple and Crap the more they look like the average ignorant Windows trolls who waste their low life here.
@ Thought Process
There are many cases of the negative impact of the Patriot Act. It is a knee-jerk reaction and requires an continuous atmosphere propagating fear.
Under the Patriot Act you have allowed the fear-mongers to take away your rights. “Habius Corpus”, is gone — the Patriot Act trampled all over almighty Constitution — and you let them do it!
Read about a Canadian Citizen named Maher Arar to see how ill conceived your beloved Patriot Act trully is… http://www.cbc.ca/news/background/arar/
Spark,
I feel your pain. However, we only get political because our country is currently F’d in the A and we just have to vent sometimes.
I didn’t complain about anything when Clinton was president! I had a job and everything was just hunky-dory. (Although the repubs got all bent out of shape because of a freaking blowjob.) Funny, because our current president is responsible for hundreds of thousands of deaths, yet no one seems to give a crap about that. When someone actually does criticize the current administration, they’re labeled as anti-US and pro-terrorist.
I love my country. I want it to be the greatest country in the world again. But that won’t happen until we teach all of these holier-than-thou, mouth-breathing, inbred, xenophobic Jesus-freaks that not everyone wants to live by THEIR rules. Not everyone believes in THEIR God.
If only we could reboot our government. Kick all of the dems and repubs out and start fresh.
m