Home page logo
/

funsec logo funsec mailing list archives

Re: Petraeus
From: mark seiden <mis () seiden com>
Date: Wed, 21 Nov 2012 20:34:45 +0100

two comments:

1. i don't know if you noticed that petraeus and paula were sharing a password for a 
gmail account and leaving drafts for each other.

so no actual mail transmitted the network.

so far the only factoid that has not leaked out is the content of the harassing mail
that made paula a POI in the first place.   i would like to see if it rises to the bar
of being a threat.  it's usually really hard for a victim to get anyone to investigate these 
things, because the threats would not be considered by a reasonable person as either 
specific nor credible.

(i worked as an expert on a case where a federal judge was threatened so i know 
a bit about the general subject).

2. it's more important to be able to manage intelligence as the head of the CIA than to 
perform operations yourself.

the manner in which the fbi is selectivly leaking stored communication without any
criminal charges being filed is incredible to me.   i don't think petraeus should have
resigned, either.

i recommend you all read the joe nocera op-ed on this subject

http://www.nytimes.com/2012/11/17/opinion/nocera-hacking-general-petraeus.html

which begins:

"This is not going to end well for the F.B.I.".
 




On Nov 21, 2012, at 7:18 PM, Rich Kulawiec <rsk () gsp org> wrote:

On Mon, Nov 12, 2012 at 01:17:56PM -0700, phester wrote:
4. If the internal mechanisms of government aren't sufficient to (quickly)
catch a very very senior person having an affair -- and doing it
incompetently -- then why should we believe that they're sufficient to
catch a well-trained, careful, diligent spy?

By reading their personal mails? Should this be done by an
algorithm, or live person?

a) I would hope that any competent spy would encrypt their email *or*
would use covert channels (possibly over SMTP, possibly not).

b) Of course that still permits traffic analysis, and that certainly
has its counter-espionage uses.  Add geolocation data from headers
and it's even more useful.

c) But to answer your question: both have their features/drawbacks.
Automation scales and doesn't get tired or careless.  But natural
language parsing and pattern recognition is still done better by
humans.  Automation can be hacked, people can be bought.  Automation
is cheap, people are expensive.  So I dunno.

Maybe we should make it a job requirement: you cannot be Director
of the CIA unless you can demonstrate that you're clueful enough
to have an affair and get it away with for at least 6 months.
If you're not at least that crafty, duplicitous, underhanded, sneaky,
careful, etc. then what makes you think you're qualified to run the CIA?

---rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]