A company that makes spy-tech for cops threatened to sue Vice for publishing its sales literature (because Iran!)

Originally published at: https://boingboing.net/2020/01/10/gravestone-cam.html

3 Likes

That makes no sense, since neither Motherboard nor Muckrake was offering the products for sale.

1 Like

A “time of heightened tensions”? That can’t be a valid excuse because this timeframe is not temporary. We’ve had our tensions heightened ever since 9/11 (rudy rudy rudy) , and nobody will ever lower them again in the foreseeable future.

In other words, “We have always been at war with Eastasia.”

Anyway, their catalog appears to be a bunch of knock-off cousins not even close to what you might find in the NSA ANT Catalog. If you’re concealing a wireless mic for your stooge to wear to his next meeting with the Don, you’re probably better off trusting some actual ruggedized professional broadcast or theatre gear like Shure or Sony.

3 Likes

Ooo. Much more interesting is the “boring stuff” down starting around page 388. It’s a Request for Proposals for Public Safety CAD/RMS Mobile System Replacement. What it is is not as important as what the document reveals they have for IT infrastructure. Lot of good intel in this paper.

Let’s see, Windows 7 desktops (both 32 bit and 64 bit are at end-of-support) are running on Dell Optiplex 7010s, which is followed immediately by a claim that they refresh their computers every three years. My math may be a bit rusty these days, but I’m pretty sure that 2012 was eight years ago, not three. Their servers are running “Win2k8” (which was not the OS of choice for servers built after 2012.)

Here’s the scariest quote I’ve found so far: “The City’s Directory Services/Domain are planned to be upgraded to either Windows 2008 or Windows 2012.” I cannot stress how much this should make you worry if you rely on the City of Irvine for emergency services. If they aren’t yet on Windows 2008, that means they’re probably still on Windows 2000, which went out of support ten years ago. Out of support means no security patches. Essentially, they’re unprotectable. If they are planning to upgrade to Windows 2008, they should probably know that support for Windows 2008 ended last year. Windows 2012 was superceded by Windows 2016 and will soon be approaching its own end of life, and Windows 2020 is almost certainly being polished for delivery this year. If someone was of a malicious mindset, this city would quickly look like an episode of Mr. Robot.

Yikes. This isn’t an RFP so much as it is a cry for help. But it’s not even a healthy cry: some weenie manager made them temper it with this jewel of spinelessness: “the city is seeking a balance between mainstream and state of the art technology”. You’d think that a large city filled with prestigious universities would have access to more than a few folks who know how to manage modern technology. But no, no management skills are on display in this document - at least none of the good skills.

There is some good news inside. Someone who knows a little was able to sneak in some application security requirements! The software needs to be protected against some common vulnerabilities (SQLi, XSS, cookie mismanagement, etc.) So while it’s not a perfect list, (for example they should have specified professional pen testing every minor dot release, or at least annually) it’s good to see someone in their IT area is thinking about actual application security.

But then they get back to their regularly scheduled cluelessness. On one page the top paragraph says they want a cloud hosted solution to avoid in-house management expenses, while the bottom paragraph on the same page defines “locally attached workstations” as being in the same facility as the application server. Someone should really let them know that if they keep clouds in their basement, they’re not really getting any advantages of clouds - they’re only paying top dollar for their own servers.

Aha! I found the root cause of their cancerous IT practices. “The City uses the Project Management Book of Knowledge (“PMBOK”) as a guide for implementation of all projects.” These people are still using stone knives and bear skins, and this modern thing called ‘fire’ must both frighten and anger their ancient ones. So be prepared for another city to make the news by overspending and underdelivering on a Project O’ Doom.

5 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.