https://www.navytimes.com/news/your...ired-to-get-themselves-illegal-warship-wi-fi/
How Navy chiefs conspired to get themselves illegal warship Wi-Fi

Marrero first served at Submarine Group Eight, followed by U.S. Second Fleet as the afloat Flag communicator. She was Sailor of the Year at Combat Direction Systems Activity Dam Neck, completed two combat deployments with Mobile Communications Team attached to SEAL Team Two, and held multiple positions in the joint intelligence and operations departments at U.S. Southern Command.

Of all the people to do something like this. Who watches the watchers. Completely stupid.

Led by the senior enlisted leader of the ship’s gold crew, then-Command Senior Chief Grisel Marrero, the effort roped in the entire chiefs mess by the time it was uncovered a few months later.

Marrero was relieved in late 2023 after repeatedly misleading and lying to her ship’s command about the Wi-Fi network, and she was convicted at court-martial this spring in connection to the scheme.

She was sentenced to a reduction in rank to E-7 after the trial and did not respond to requests for comment for this report.

WTF! These people are so addicted they risked the lives of the crew for stupid Internet access.

 

https://www.navytimes.com/news/your...ired-to-get-themselves-illegal-warship-wi-fi/
How Navy chiefs conspired to get themselves illegal warship Wi-Fi
View attachment 330920

Of all the people to do something like this. Who watches the watchers. Completely stupid.
View attachment 330922
View attachment 330921


WTF! These people are so addicted they risked the lives of the crew for stupid Internet access.

Ouch ... the people that knew about the network but did not use it were also punished because they didn't rat her out. What an awful situation.

 

Ouch ... the people that knew about the network but did not use it were also punished because they didn't rat her out. What an awful situation.

Those that knew but kept silent SHOULD have been punished. The entire crew and any other ships in company were placed at risk. The court should have given her a Dishonorable Discharge or at least a Bad Conduct Discharge. She has proven herself unfit to serve. Not so much for the WiFi system and the risk it presented; if that were all she did, reduction in rank would probably be sufficient. But rather for all of her actions to cover it up. There is NO reason for the Navy to believe she can be trusted ever again.

 

Those that knew but kept silent SHOULD have been punished. The entire crew and any other ships in company were placed at risk. The court should have given her a Dishonorable Discharge or at least a Bad Conduct Discharge. She has proven herself unfit to serve. Not so much for the WiFi system and the risk it presented; if that were all she did, reduction in rank would probably be sufficient. But rather for all of her actions to cover it up. There is NO reason for the Navy to believe she can be trusted ever again.

IMO they are keeping her in the service under watch and close supervision . A person in her position (old Cryptographic and Radioman rates were merged into the new IT rate) and rank has highly classified details of operations, sources and methods in their head. Better to let her (with no clearance or access) supervise a mop detail until a promised retirement if she's good than risk the actions of a person proven to be untrustworthy getting booted out with nothing for 20+ years.

https://en.wikipedia.org/wiki/Information_systems_technician_(United_States_Navy)

The IT rating is one of the most diverse ratings in the US Navy. The IT rating was created in 1996 with full implementation and funding in 1998 from a combination of two previous Navy ratings - radioman (RM) and data processing technician (DP). A third rating, cryptologic technician communications (CTO) merged with IT in October, 2005. In February 2010, the IT rating was incorporated into the Information Dominance Corps.



These IT guys still wear the same old Sparks we did.

 

IMO they are keeping her in the service under watch and close supervision . A person in her position (old Cryptographic and Radioman rates were merged into the new IT rate) and rank has highly classified details of operations, sources and methods in their head. Better to let her (with no clearance or access) supervise a mop detail until a promised retirement if she's good than risk the actions of a person proven to be untrustworthy getting booted out with nothing for 20+ years.

I can understand the reasoning behind that, and live with it. Though my preference would be to lock her up until her knowledge was so outdated that she could publish everything she knows on the front page of the NYT and hand deliver it to our adversaries, even if that meant keeping her dried and disintegrating corpse under lock and key, and then giving her a DD.

Okay, maybe I'm going a BIT far, but....

 

https://www.nbc4i.com/news/local-ne...d-data-leaks-danger-he-warned-columbus-first/
When whistleblower discovered data leak’s danger, he warned Columbus first
NBC4 pressed Klein about Goodwolf’s attempts to contact the city during his news conference announcing the lawsuit. After proving the danger of the leak, the station connected Dinsmore with the whistleblower. Goodwolf also provided screenshots of his call history, which showed he not only called the Department of Technology three more times before his first interview, but also reached out to at least four staff members in Klein’s office.

 

https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/
Ellison declares Oracle all-in on AI mass surveillance, says it'll keep everyone in line

"Citizens will be on their best behavior because we're constantly recording and reporting," Ellison added, though it's not clear what he sees as the source of those recordings - police body cams or publicly placed security cameras.

"There are so many opportunities to exploit AI," he said.

Mass surveillance won't stop John Q. Crackhead.

 

https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/
Ellison declares Oracle all-in on AI mass surveillance, says it'll keep everyone in line

Off by only 40 years.

 

Off by only 40 years.

https://en.wikipedia.org/wiki/The_Light_of_Other_Days

 

Mass surveillance won't stop John Q. Crackhead.

The Proles are not the target.

 

Nothing really new here.
https://forum.allaboutcircuits.com/threads/privacy-lost.131989/post-1351242
https://www.vice.com/en/article/criminals-hackers-ss7-uk-banks-metro-bank/

Sophisticated hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself.

 

https://arstechnica.com/security/20...-gang-just-beat-people-to-steal-their-crypto/

In other words, cryptographic security offers protection from various hacking threats, but it's not nearly so powerful when a pair of thugs show up at your front door and press a handgun to your neck.

 

View attachment 332258

https://arstechnica.com/security/20...-gang-just-beat-people-to-steal-their-crypto/

In other words, cryptographic security offers protection from various hacking threats, but it's not nearly so powerful when a pair of thugs show up at your front door and press a handgun to your neck.

More formally known as "rubber hose cryptanalysis".

 

More formally known as "rubber hose cryptanalysis".

Or less formally as a 'Meatspace' attack.

 

Or less formally as a 'Meatspace' attack.

I've never heard it called that, but it does have a certain appeal to it.

 

Finally some common sense about passwords.
https://www.darkreading.com/identit...ops-password-complexity-mandatory-reset-rules
NIST Drops Password Complexity, Mandatory Reset Rules
The latest draft version of NIST's password guidelines simplifies password management best practices and eliminates those that did not promote stronger security

When NIST first introduced its password recommendations (NIST 800-63B) in 2017, it recommended complexity: passwords comprising a mix of uppercase and lowercase letters, numbers, and special characters. However, complex passwords are not always strong (i.e., "Password123!" or "q1@We3$Rt5"). And complexity meant users were making their passwords predictable and easy to guess, writing them down in easy-to-find places, or reusing them across accounts.

Bingo.

 

Finally some common sense about passwords.
https://www.darkreading.com/identit...ops-password-complexity-mandatory-reset-rules
NIST Drops Password Complexity, Mandatory Reset Rules
The latest draft version of NIST's password guidelines simplifies password management best practices and eliminates those that did not promote stronger security


Bingo.

Agreed. Finally!

I always found it interesting that the broker where nearly all of my retirement accounts are has no silly complexity requirements and has no password expiration policy. As a result, I have a long password that, I believe, would be hard even for someone that knows me well to guess and that has never been written down or even entered into a password manager.

Of course, users are still going to do things like use the same easy to crack passwords on multiple accounts. But the new rules will make it easier to use password managers because you won't have to configure the password generator differently for each site's rules.

Now we get to see how long it will take for sites to actually adopt the new rules and recommendations.

 

I've posted this before.

https://www.bbc.com/news/technology-40875534
Password guru regrets past advice

The author of an influential guide to computer passwords says he now regrets several of the tips he gave.
Bill Burr had advised users to change their password every 90 days and to muddle up words by adding capital letters, numbers and symbols - so, for example, "protected" might become "pr0t3cT3d4!".
The problem, he believes, is that the theory came unstuck in practice.
Mr Burr now acknowledges that his 2003 manual was "barking up the wrong tree".
He disclosed his views in an interview with the Wall Street Journal.

https://www.cbsnews.com/news/bill-burr-passwords-guidance/

 

Needs a caption:

​

 

I've posted this before.

https://www.bbc.com/news/technology-40875534
Password guru regrets past advice

The author of an influential guide to computer passwords says he now regrets several of the tips he gave.
Bill Burr had advised users to change their password every 90 days and to muddle up words by adding capital letters, numbers and symbols - so, for example, "protected" might become "pr0t3cT3d4!".
The problem, he believes, is that the theory came unstuck in practice.
Mr Burr now acknowledges that his 2003 manual was "barking up the wrong tree".
He disclosed his views in an interview with the Wall Street Journal.

https://www.cbsnews.com/news/bill-burr-passwords-guidance/

My solution to password generation has, for many years, been thus:

Think of an easy to remember sentence:

Ex. Can you eat one apple pie for lunch?

Use the first letter of each word, change numbers and sound-alikes to digits, and keep capitalization and punctuation:

Cue1ap4l?

I usually choose sentences that are easy to remember in the context of the site that requires the password.