HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » markpkessinger » Journal
Page: 1


Profile Information

Member since: Sat May 15, 2010, 03:48 PM
Number of posts: 7,574

Journal Archives

Why I don't buy Uretsky's story, and why that doesn't get the DNC off the hook

I have worked in IT for decades, in areas ranging from database design and management to IT security. When I initially heard Josh Uretsky's story that the queries against the Clinton campaign's proprietary data were performed as part of an effort to investigate the extent of exposure of the proprietary data of the Sanders, it sounded like a perfectly reasonable and even likely explanation. Then I read the specifics of the queries that were run. From CNN's reporting:

The Sanders team, which consisted of four people, ran multiple searches in Iowa, New Hampshire, Nevada, South Carolina and about 10 March states, including Florida and Colorado. In Iowa and New Hampshire, the Clinton campaign has ranked voters on a scale of 1-100 for turnout, enthusiasm and support, the senior Democrats said. The Sanders campaign ran two searches: "Show me all the Clinton people rated higher than 60" and "Show me all the people rated less than 30." This would be a key way of knowing who Sanders should target in the final weeks before voting: Ignore those above 60, while focus on those below 30, because they are looking for a Clinton alternative and might be open to Sanders.

So, this index of turnout/enthusiasm/support, is a database field created by, and the property of, the Clinton campaign. If Uretsky's intent had been merely investigative, he could have included that field in a select query, with no particular selection criteria specified, in order to test whether proprietary fields were exposed. There would have been no need to place any particular selection criteria on that field in the query, much less to filter it in a way that would yield information that could be specifically useful to the Sanders campaign. As for not attempting to cover his tracks, I'm sure Uretsky was aware that it is EXTREMELY difficult to get around a database's audit logs (that is, it is extremely difficult if the designers of the database had even minimal competency), and thus knew better than to even try (as the attempt itself would have raised red flags). Instead, he figured that if the queries came to light, he could pass them off as having been investigative in nature. Uretsky knew the security vulnerability was there. I think he figured that since they had previously reported that vulnerability, and nothing had been done about it, he could get away with exploiting that vulnerability to the benefit of the Sanders campaign, and that if any question should arise, he could claim his intent was investigative, citing the fact that he didn't try to cover his tracks to support that claim.

In the end, it was a monumentally stupid move by a campaign staffer, and he deserved to be fired because of it. When it came to light, the Sanders campaign took immediate, appropriate and effective remedial action. And THAT fact -- i.e., that the Sanders campaign had already taken timely, appropriate and effective remedial action, is what made the DNC's attempt to 'punish' the Sanders campaign so outrageous. The DNC's and Wasserman Schultz's disingenuousness is revealed for exactly what it is by the fact that the DNC was notified of a major security flaw in October, and two months later, no corrective action had been taken. I work in legal IT for a major international law firm. In my world, if a flaw like that had come to light, the vendor relationship would be immediately terminated, because it demonstrates the vendor's rank incompetence in database design. So why had the DNC not compelled NGP VAN to fix the flaw? That's anybody's guess. Why did the DNC not terminate the vendor relationship with NGP Van? Gee, do you think it could possibly have something to do with the fact that Stu Trevelyan, the CEO of NGP VAN, was a '92 staffer in the Clinton-Gore campaign, and a White House staffer during the Clinton presidency?

Wasserman Shultz is correct that an "open door" does not provide cover for someone who exploits it in order to access something they would not otherwise have access to. But there's another part of that analogy that points a finger back at the management of the DNC under Wasserman Schultz. Think of a retail store whose manager one night forgot to lock the doors upon closing, and the store, as it happened, was robbed that night. The owner of the store will certainly want to press charges against the thieves; but that owner will also most certainly fire the person who left the door open in the first place!

Presented with evidence of wrongdoing by a few of its staffers, the Sanders campaign took immediate and effective remedial action. Notified of a major security vulnerability in the DNC's database, Debbie Wasserman Schultz sat with her thumbs up her ass for two months, and then had the gall to self-righteously expound about an "open door." What's her excujse?
Posted by markpkessinger | Sun Dec 20, 2015, 03:53 PM (63 replies)

Is anybody else here taking Toujeo?

My doctor switched me to it (from Lantus) two weeks ago. Instead of 28 units twice a day, I'm taking 50 units once a day. Since I started on it, I have had only one reading above 110 (and that was only 141). The rest of my readings have been between 88 and 110. I couldn't be more pleased!
Posted by markpkessinger | Mon Dec 14, 2015, 10:55 PM (5 replies)

Perspective (on San Bernardino, terror, and Trump)

(Posted this a little while ago to Facebook, after reading that fear of terrorism in the wake of the San Bernardino shootings is driving a rise in Trump's poll numbers.)

Perspective --

* Two disturbed, white American high school students shoot up Columbine High School, killing 13 and wounding 20; and Americans wring their hands, ask, "What ever shall we do," and then go about their business as if nothing had happened.

* A white, middle-aged stock trader in Atlanta shoots up a couple of office buildings in Atlanta, killing 12 and injuring 13, and Americans wring their hands, say, "Isn't that horrible," and then go about their business as if nothing had happened. as if nothing

* .A white, middle-aged guy shoots up an Amish school in Nickel Mines, PA, and American wring their hands, commend the Amish for their remarkable capacity to forgive, and go about their business as if nothing had happened.

* A young, white guy shoots up a movie theater in Aurora, Colorado, killing 12 and injuring 70, and Americans wring their hands, ask, "Oh, what shall we do," and then go about their business as if nothing had happened.

* A young, disturbed white guy shoots up an elementary school in Newtown, CT, killing 26, including 20 children, and Americans wring their hands -- a little longer this time -- then go about their business as if it had never happened.

THEN . . .

* A Muslim American man and his Pakistani wife, self-radicalized in 2013 before ISIS was even a thing, and acting entirely on their own, go on a shooting spree in San Bernardino, CA, killing 14 and injuring 20, and "OH, MY GOD, IT'S THE END OF WESTERN CIVILIZATION AS WE KNOW IT!"

Seriously, people -- GET A GRIP!
Posted by markpkessinger | Fri Dec 11, 2015, 12:38 AM (14 replies)
Go to Page: 1