I wouldn't hold your breath. The vendor is in on this, up to his
eyeballs.

Ready for Hillary
https://www.facebook.com/photo.php?fbid=10152093250975723&set=pb.587125722.-2207520000.1450483614.&type=3&theater

Something that's been bothering me is that a senior IT staffer on Bernie's campaign previously worked for NGP VAN. It could mean any of a number of things but I'm uncomfortable about it.

But they insist that it's all Sander's campaign's doing.

Wasserman Schultz was campaign co-chair for Hillary Clinton's 2008 presidential campaign.

Nathaniel Pearlman (the vendor) was chief technology officer for Hillary Clinton's 2008 presidential campaign.

These two should be fired.

and the DNC and HRC can't risk that now, can they?

So they called the media and said "Bernie did it".

So transparent.

Hey... it's getting Bernie attention. Something they were trying to avoid.

Maybe they evened the field a bit unintentionally.

and media attention galore. It has even knocked Donald Trump of the screen 24/7. Today msm is only talking about him 12/7

Did you see this on MSNBC - pro-Bernie all the way!

http://www.democraticunderground.com/?com=view_post&forum=1017&pid=315875

This is who America needs for a President.

This does not make the Sander's campaign look bad. This makes the DNC, Wasserman-Schultz and now (because her spokesperson essentially declared war by accusing Sander's of stealing millions) HRC look bad.

They look more desperate now than ever and Wasserman-Schultz looks like the villian.

certainly in a political sense. Aren't high-level politicos supposed to understand human nature in general and individuals in particular?

.
I know for me it is not just about the way they are attempting to paint Sander's campaign, but the same bullshit negative and manipulative crap that I consider corruption and am tired of.

nt

I did and it felt great.

Also, call the DNC and let them know what you did and why.

That felt even better.

They were not stealing anything. And why would the firewall be removed a SECOND TIME???

And, why would they call the media?

It's a feature.

How many people have gotten in trouble for noifying software makers that they had bugs?

It's called "responsible disclosure" and most vendors welcome it.

https://en.wikipedia.org/wiki/Responsible_disclosure

I rarely pay any attention to what forum I'm reading when it comes up on the latest page. You can still post in GDP, going to any ones "safe place" is for the birds if you ask me. Safe place, what a freaking 5 year old term. Poor victims "

The story was listed in the "trending" or "top stories". So you post in it and are immediately banned from a group you didnt even know you were in.
Childish and ridiculous.

I guess Personally, I can't imagine being afraid of anonymous people on the world wide web disagreeing with me. That's just how I roll though

Just kidding, DUMasters.

For Sanders...

Specifically about how the software patch was handled. It's obvious that the testing environment (if they have one) isn't an exact duplicate of their production environment (which, as you know, can cause issues). This should have been caught before being placed into production. That said, mistakes like this happen all too often. If I were the VAN company, I would fire whomever was in charge of QA (or hire someone if they don't have someone already).

I disagree that the Sanders campaign acted appropriately because they didn't. They signed a contract with the DNC/VAN that they would not look at other campaign's information yet they did. They should have immediately gotten on the phone with their attorney's, then on the phone with someone from VAN and talked to them about what they discovered. Instead of actually poking around in the data (which their signed contract says they aren't allowed to do), they should have taken a screenshot for proof and sent that to customer support. Involving the attorney would have let them know they couldn't do the searches they were doing.

Instead, this guy did something that may have been harmless on its face but it's become this huge scandal for Bernie (and it makes some Bernie supporters look like lunatics for starting HRC conspiracy theories) and did something that, in the contract, stated they would lose access to the system if they did this.

And I got a much-needed, if sardonic, laugh from your insinuation that the vendor might not have any QA.

DU is doing this tonight and taking down the site for a few minutes for updates.

An original OP of much clarity!

I appreciate the fact that merging or comparing databases from more than one vendor would be problematic, but so is the current system.

"It’s a monopoly that’s been created and forced down the throats of all Democrats,” John Phillips, co-founder of the non-partisan political data firm Aristotle, told POLITICO. "Monopolies are notorious for overcharging their customers, screwing their customers. That’s what’s been going on on the Democratic side for quite some time."

Rival vendors like Aristotle have been the most outspoken critics of the current Democratic setup, which gives the nearly 20-year old company NGP VAN sole distribution rights to the party’s valuable voter file. That database includes voting history, address and contact information for registered voters, which both the Clinton and Sanders campaign rent and then supplement with their own collection of information.

Central to the NGP VAN business model is a supposedly secure firewall that keeps any information that one campaign collects away from a rival political player. But that security system was exposed this week, NGP VAN admitted, because of a software error.

seems to be very risky.

Back a few years ago it was found that Dems and Repubs (in the US House) were sharing the same computer system and the Repubs had hacked system for the Dems files. Someone resigned over it, but there was little follow up about why they were using the same server to store data for rival parties which could reveal classified and internal information from Select Hearings and Investigations by Committee Chairs plus other private committeee work and discussions

And partitioned so that no individual or group can access data outside of their Access Control (or whatever.) My reading of this information that there are no Operating System (OS) constraints, just well-intentioned programming ones.

If this is enforced only by some 20+ year-old software written by people that owe their allegiance to the Clinton camp, it is unethical. I would say it is grounds for Clinton to repudiate her ties to the DLS/DWS. In fact, not just in words (which seem to be wildly different at times.

Echoing what another comment made, why is it necessary for the DNC to have access to all of this information in the first place?

When there is someone who's personal connections go to Bill and Hil, why should s/he have any position of administrative privilege? Even as assigning it to her friends/nephews/BF?

or a success, if you're a Republican. She has absolutely no credibility, in my opinion.

.... while taking care of it for my while i was on vacation. Then someone else went into my house and stole some of my furniture. Who would I blame - first my neighbor who was careless.

However, my real problem would be with the person who took advantage of the situation and stole my furniture - because that person broke the law, a well know rule.

Well the IT vendor screwed up, and maybe not for the first time, and should accept part of the blame. However, the Sander's campaign broke the rules and stole the data. They admitted as much when they fired one of their staffers over the incident.

The only reason they are suing is to get access to their data as soon as possible.

I used an example before where we would switch this to be Amazon and during their patch customers had access to other customer's credit cards and private info. It is an apt analogy that takes away the political component.

Customers would be considered innocent in intent unless they actually used the data. Authorities would go after someone only if they try to use the information in a real, tangible way. We don't know their motives/intent until they do so.

The DNC doesn't stand a chance in a legal court unless they can prove the intent, destroy a legitimate argument of trying to see what was compromised.

It is the nature of the negligent behavior that changes the dynamics as well. Any court would throw this out because it is completely unreasonable to effectively make data that is understood to not be available available and then assign intent and blame. You just can't do that when the data was implied to be "fire-walled". It won't hold up in court. You can't make a contract component like that stick in a real world situation where the vendor does what it did. That is why those software contracts we all don't fully read are not quite as powerful as they sometimes claim.

Recommended your thread.

Sam

of cc's, personal information and more. How is this one the exception?

To use your information, download it to another file to use as the hacker sees fit? It may be okay with you but it I not okay with me. Sanders fired one from his campaign staff, he knows it was wrong and made the move to get rid of the person. Should we now have a law suit filed against Sanders for firing the guy and denying him employment? I doubt if Sanders would agree.

I don't know about you, but in my job I can be fired for making an innocent, but destructive mistake in judgement or in real terms. Just like the person who did not shut down access to the application while patching could, and would be fired by many firms for not securing the data while it was worked on.

Result in criminal charges, I would be fired and criminally charged.

The campaign staff did not use any of the information. The explored to find out out extensive the glitch was.

Was copied to Sanders which was in Hillary's portion. BTW, tell Bernie it was 't anything, he fired the guy. Is Sanders wrong to have fired the guy? The guy violated the rules agreed when access was give to the Sanders campaign. He sure did not help Sanders.

their system and go fishing for customer information and credit cards. Am I blameless?

a link that was accidentally placed on the wrong page? You certainly can't be convicted in court for that.

So, to continue this analogy, Amazon would likely be much more concerned about the fact this was available as well. If I created that link or removed that firewall you can be they would fire me before offerring an apology and recompense to yes, even the customer than happened upon (It is called discovered) the issue.

Actually it happens all the time: White hats find vulnerabilities and report them and they do not go to jail. They are seen as helping. People get good paying jobs this way.

The data we deal with is much larger and even more coveted. I too am incredulous about this series of events.

Either this is a series of events more coincidental and amateur as a Keystone Kops movie, or it was purposeful.

A few sample points which I have issue:

- Whole lack of test coverage for the change.
- The lack of independent pen (penetration) testing and audit controls. i.e., they were never testing their firewalls
- The lack of response when an incident is reported. (Especially when it was back in October).
- And I have a huge issue about the mixture of data. If, as reported, the data was segmented by a firewall, this would imply there were multiple database instances which would have different AAA. (Access, Authorization and Authentication) mechanisms. However, The Sanders people were able to access this data which implies this was shared data and a "firewall" was not in between. Ie, this was a failure of the AAA above which is a much more deliberate change (i.e., not due to a simple firewall change)

L-

It sounds more like the vendor "claiming" a barrier that is not actually a firewall, but more likely some other slight degree of separation. But like you I also see that if this breach happened then obviously the degree of separation is not NIST or any other standard compliant and just pretty much a "cover their ass" argument at best.

Does she seriously think she will get the overwhelming support Obama received from all Democrats when he became President?

...it still needed to be accessed by the campaign as it was available as a mere link indicating it was info from another campaign.

The mistake was going ahead and accessing the info. Are you saying the Sanders campaign's data director didn't know that wasn't allowed?

And then went on to say "firewalls don't go down, they're taken down".