Simple way to hack elections: Compromise some county offices & systems. Do nothing. If election doesn’t go your way, reveal that you hacked.
Is that necessarily clear? A translator is going to come through on her PKI, Snowden is going to come in as Sysadmin.
-
-
It's the confusion about which/how many files Snowden downloaded--logs should have shown that. But you alarm differently for a sysadmin.
-
Right. There are no SMP requirements that techs be auditable. On the contrary. But the ones for analysts, etc are quite stringent.
-
Yup. So--do you filter at log time or audit time? Typically, you'd do the latter, unless the volume was overwhelming.
-
I'm not sure I understand distinction but I admit i'm very tired.
-
Logging is keeping the raw access data. Alarming tells someone about unusual patterns. Auditing is understanding why someone saw something.
-
That stuff I get -- it was the filtering that threw me.
-
If you're collecting too much data, discard early. It may be too much for your disk or your analytics; more likely, collection slows things.
-
Wrt Snowden, or now? Wasn't that the delay in implementing the insider threat thing that might have covered Snowden?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.