NJ employs turdbranes?
Results 1 to 6 of 6

Thread: NJ employs turdbranes?

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Angry NJ employs turdbranes?

    This is barely believable.............With this sort on nonsense why should anybody bother about IT security?

    NEW YORK (Reuters) - Child abuse reports, Social Security numbers and other highly sensitive data were discovered on a batch of government computers headed for the auction block to be sold by the State of New Jersey, authorities said on Thursday.
    State workers preparing the equipment for sale had opted not to use a device designed to magnetically erase sensitive data from hard drives because it was noisy, the comptroller's office said in a news release.
    "The first thing we did was suspend the auctions and remove all the hard drives," McAleer told Reuters.
    Among the delicate information found on the computers was a list of state-supervised children, along with their birth dates and Medicaid numbers, a state judge's file including his life insurance, tax returns and attorneys in disputes or with emotional problems and personnel reviews and computer passwords of state employees.
    Now that the hard drives have been removed, many of the computers are now being sold without them, McAleer said.
    Oh sure! the auction must go on.......

    ARTICLE

    http://whtc.com/news/articles/2011/m...ensitive-data/

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    It is pretty sad... These things don't even surprise me anymore. I just kind of shake my head, and mutter something about restructuring...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi westin,

    I am afraid that this is typical of what happens when you give ill-disciplined people a job that they don't want to do?.......or is there more to it than that?

    I recall seeing an officer's assessment report once.............his CO had written: "works well, when cornered like a rat, and closely supervised"

    I do recall using electromagnetic wiping boxes............they didn't make any noise to speak of.........well, no more than a microwave.

    What puzzles me is that the ones used on HDDs were destructive? they would wipe the contents of the control card chips..........firmware etc, as well as the platters. The drives were totally unusable afterwards.

    So, it seems to me that these people were too lazy to pop the cases and take out the HDDs?

    From what I can see, there was never any intention of redeploying the HDDs. They were earmarked for destruction from the start.

    Doing a 3 or 7 pass wipe would take some time, so that was probably rejected; and in the case of sensitive data would not be an option unless the redeployment was internal.

    I strongly suspect fraud here

    If I go to an auction and buy sealed pallets of kit: "unseen", I am not going to pay top dollar, particularly if I expect that they don't have HDDs. If, on the other hand, I know that they do have HDDs, I will win the auction, because I would be prepared to pay that bit more?...........

    I wonder how much he/she was going to get paid for this "mistake"?

    EDIT:

    I forgot to mention.............this is the first time this procedural anomaly has been discovered..........so how many computers have they sold prior to that???

    Maybe we have a member who lives in NY or NJ who would like to discretely contact the NYT (or whoever) and see if there is an up and coming investigative journalist who would like a scoop on the potential fraud and previous incompetence angle?...how many people's private data have already been compromised?................... not that I like to see politicians and their "paper tiger running dogs" squirm or anything..........it's just that this lot are beyond my effective range

    Over here we call "public servants" : "civil servants" and have a well known interpretation of that description, which is: "civil to no man, and servant to the devil"
    Last edited by nihil; March 12th, 2011 at 12:18 PM.

  4. #4
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Nihil, I work at one of the departments audited for the drives sent to surplus.

    Without getting into too much detail, I can tell you a few things.

    It wasn't fraud. It was poor planning, poorly enforced mandates, and lack of communication between departments and the state's primary IT department.

    I call also assure you that I am -not- lazy, incompetent, or a "turdbrane". So maybe you can ease off taking digs into people when your information is limited.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  5. #5
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    In nihil's defense, when I hear about an organization that fails to wipe sensitive information off of hard drives because it is too noisy, the first thing that comes to mind is incompetence. There are so many ways that this could have been avoided. Sure DBAN can take a little while, but it is better than paying for credit monitoring for everyone affected. As previously stated... just remove the HDDs... then you could destroy them any number of ways. What was the hangup?
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  6. #6
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    when I hear about an organization that fails to wipe sensitive information off of hard drives because it is too noisy, the first thing that comes to mind is incompetence
    That's a separate department and if they don't want their degausser, I'll gladly take it.

    There are so many ways that this could have been avoided
    Of course. For starters? Get your circulars & mandates into the hands of the people that need them. Like me. When I come on board a new department, I -need- that kind of information. For the people putting out the information, -verify- that I got it. Make me sign -something- as proof that I did in fact get the proper documentation. Hell, make all IT staff take an online course on state mandates regarding excess hardware. We do it for everything else, why not this? (That's the poorly enforced mandates part).

    As previously stated... just remove the HDDs
    Ideally that's what one would think. However, there was no clarity on what state the computers needed to be in when they were dropped off at surplus. (That's the lack of communication between departments and the state's primary IT department part)

    What was the hangup?
    In our particular case, 2 drives went to surplus that weren't supposed to. It was purely accidental. We were in the middle of a reorganizing a substantial amount of excess hardware within very limited storage space. Unfortunately, 2 systems that crashed (which were not wiped) got put in the same room as 20 other systems (which were wiped) destined for surplus. (That's the poor planning part).

    Had there been a clear-cut mandate to remove the drives, my life would have been MUCH easier. I actually spent MORE time wiping the drives then just pulling the damn things out. In addition, I got drilled by the auditors like little or no effort was put in to clean these drives when that's the furthest thing from the truth.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •