>Trump rarely uses email or computers, despite his frequent tweeting..
If 2016 taught us anything, this is a reasonable infosec strategy - Although I assume, when he becomes President there is some high powered govt. agency that can do it securely if he uses whatever protocols they suggest.
I don't know if using Twitter on a smartphone is a reasonable infosec strategy. More than a few Twitter accounts have been hacked or taken over with social engineering. And he's using a Samsung Android smartphone, so you don't know how up-to-date he is with security patches.
But then again, according to Trump himself: “I know a lot about hacking." And he also knows “things that other people don’t know. And so they cannot be sure of the situation.” The man could be a brilliant hacker for all I know.
>>Trump rarely uses email or computers, despite his frequent tweeting..
>If 2016 taught us anything, this is a reasonable infosec strategy - Although I assume, when he becomes President there is some high powered govt. agency that can do it securely if he uses whatever protocols they suggest.
I do wonder about problems even with Twitter. If the current @POTUS account announced a nuclear attack had just been launched I think most people would assume the account was hacked because it doesn't have a pattern of being used used for information like that. But with Trump it doesn't seem completely impossible that Trump might actually tweet out some information he had just learned or decided, no matter what it is.
Imagine the worldwide chaos you could cause by hacking Trump's twitter Saturday night at 3AM and announcing a nuclear strike to or from someone!
AFAIK Trump hasn't used Twitter for anything but brief public statements and comments on the current (and usually minor) issues at hand. Basically just gets around editorial slants of news media to address his huge following.
Reasonably enough, so far haven't seen anything suggesting he'd use Twitter or similar when there's something substantial at stake. However the possibility someone could hack in and use his account is a risk he must have considered. As you say it would be a hot target for that sort of mischief. Obviously it could be bad if that happened.
Given the fact that his accounts haven't been hacked into in that way despite the ample exposure over many months, it suggests we could consider it a good sign of taking security seriously.
Two things. One, he's used Twitter to post some seriously absurd but significant charges, like an fact-less opinion that there was widespread corruption in our last election cycle.
Second, I'm in the middle of reading the Undoing Project by Micheal Lewis, and your last statement is a prime example of how bad humans are at statistics. Months (or even years) of security have no bearing on the likely hood or ability of an account to be hacked in the future. Only hard data on many accounts over years can begin to allow us to estimate that, and even then it's just a probability.
If I flip a coin one hundred times and see heads one hundred times, what's are the odds I see heads on the next flip?
I think there's an element of truth to some of what he's said, but it's like a stopped clock telling the right time rather than a deep insight. I can't imagine that having messages couriered everywhere by hand will be a practical way for the US government to function unless this is part of his plan to get people back to work?
I wonder if fax would be a good compromise between time and security. Encrypted fax standards exist. I guess the real question is how easy it'd be to shoehorn AES into the T.30 protocol.
> I can't imagine that having messages couriered everywhere by hand will be a practical way...
I thought the same about large organisations until last week I saw a ward-sister with a transit envelope, one of those manila pockets on which you write the next destination and send it on through internal post.
Apparently they're still widely used within the UK National Health Service to send confidential paper records and other data-conveying objects.
Robert Morris Sr said basically the same thing: "The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it."
"Earlier in the day, Trump ditched his press pool, traveling to play golf at one of his clubs without a pool of journalists on hand to ensure the public has knowledge of his whereabouts."
It's a little bit off-topic, but I can't help but feel like this sentence contradicts itself.
It's meant to be parsed as "traveling to play golf (without a pool... to ensure the public)", not "traveling to play golf (without pool...) to ensure the public.
Without any political connotation, of just email as a communications platform: Email incurs costs of mental kind on the end user. I see nothing bad of not using it - if one can afford not to. For example, Donald Knuth seldom uses email as well. http://www-cs-faculty.stanford.edu/~uno/email.html
I'm not sure if it's such a great strategy for a future president, though (especually as he seems to spend awfull lot of time on twitter).
How so? The absurd thing is that it is news - it should just be common sense that computers are not secure. It shouldn't take a statement by the future US president to convey that message.
Have you ever looked at a computer owned by one of your relatives (someone who is not a computer expert)?
I've not seen any numbers, but I don't think it's far fetched to say that the US probably has ridiculously large budgets for cyber security, military research in computing, cryptography etc. We're not talking about uncle Jim-Bob's computer here.
Having the person that will lead all of that say he'd rather send couriers with hand written notes is horrifying for me. As a computer scientist I feel that this is yet another attack on science and reason. I wonder how you don't feel the same?
Van Riper used motorcycle messengers to transmit orders to front-line troops and World-War-II-style
light signals to launch airplanes without radio communications
Using these tactics - in an exercise only of course - the "enemy" defeated the US military easily.
If you believe all that spending makes computer secure, you are fooling yourself. It is an incredibly complex environment - much more complex than the code for sending rockets into space, for example. And rockets still explode.
Besides, I don't think Trump will be using couriers all the time. Also, these days, email is not the only way to send digital messages.
Hackers of various sorts have strong interest in hacking the Trump Organization to get dirt on him. Knowing how IT in that sort of medium-size sales-oriented low-tech business works, chances are they have very weak security procedures on their financial and other data. I wouldn't be surprised if hackers are having a field day.
Could be, but if that were true I would expect we would have seen a lot of publicity about such hacked info. Surely there's been no shortage of interest in finding "dirt" on Trump, his businesses, family, etc. The nasty political situation would be a great incentive for it. The absence of such data suggests decent security is in place.
That makes sense insofar as Trump runs large operations that has to require considerable computing resources to run them. He probably has top-notch people overseeing the data end of management and that would include maintaining security
Or the Trump organization is much smaller than what he wants it to appear. It's mainly branding (Trump Vodka trump water, a lot of the Trump buildings), get-rich-schemes (Trump University, Trump Network) or hotels. And ofcourse the reality-tv business
He will publicly cast doubt on things that are contrary to his own opinions. As an example, he was the leader of the birther movement claiming Obama was not born in the USA. Tip of the iceberg.
Is it just me, or is it damn near impossible to not make fun of everything Trump does or says. Every time I see an article about him I feel like he's a real life Forest Gump. Hes just doing whatever, and no matter how dumb or idiotic it seems, it just works out for him.
Well, consider that that is entirely artificially created by a media establishment that ridiculed him relentlessly but he still ended up winning. It's actually nothing to do with him at all; it's that the media are presenting a view that is out of sync with reality.
I don't particularly mind if Trump wants to stay off of email. What bothers me is that a lifetime of isolation against computers makes him almost entirely incapabale of understanding or prioritizing information technology, and I don't just mean things like Obama's fluff campaign for learn to code.
This isn't a fault particular to Trump, of course. Anyone who isn't using technology will likely have just a facile understanding of its full impact on life today...kind of like how it's nearly impossible to understand Twitter's appeal (or at least, differentiate it from other forms of publishing, such as blogging or mass email) without using it.
Trump lives among the 1% where they don't have to interact with computers to get around in society. He has aides and servants to conduct much of the routine paperwork and other things that ordinary people need to do to function with government and business. That includes email for communications. It doesn't surprise me that in his world, he uses phone calls and personal meetings to conduct most of his face to face business. It is definitely isolating and he lives very differently than most other people. Interestingly, I see the same situation with homeless or poor people who aren't as plugged in with everyone else.
41 comments
[ 2.7 ms ] story [ 89.6 ms ] threadIf 2016 taught us anything, this is a reasonable infosec strategy - Although I assume, when he becomes President there is some high powered govt. agency that can do it securely if he uses whatever protocols they suggest.
But then again, according to Trump himself: “I know a lot about hacking." And he also knows “things that other people don’t know. And so they cannot be sure of the situation.” The man could be a brilliant hacker for all I know.
Or he's been briefed by brilliant hackers.
>If 2016 taught us anything, this is a reasonable infosec strategy - Although I assume, when he becomes President there is some high powered govt. agency that can do it securely if he uses whatever protocols they suggest.
I do wonder about problems even with Twitter. If the current @POTUS account announced a nuclear attack had just been launched I think most people would assume the account was hacked because it doesn't have a pattern of being used used for information like that. But with Trump it doesn't seem completely impossible that Trump might actually tweet out some information he had just learned or decided, no matter what it is.
Imagine the worldwide chaos you could cause by hacking Trump's twitter Saturday night at 3AM and announcing a nuclear strike to or from someone!
Reasonably enough, so far haven't seen anything suggesting he'd use Twitter or similar when there's something substantial at stake. However the possibility someone could hack in and use his account is a risk he must have considered. As you say it would be a hot target for that sort of mischief. Obviously it could be bad if that happened.
Given the fact that his accounts haven't been hacked into in that way despite the ample exposure over many months, it suggests we could consider it a good sign of taking security seriously.
Second, I'm in the middle of reading the Undoing Project by Micheal Lewis, and your last statement is a prime example of how bad humans are at statistics. Months (or even years) of security have no bearing on the likely hood or ability of an account to be hacked in the future. Only hard data on many accounts over years can begin to allow us to estimate that, and even then it's just a probability.
If I flip a coin one hundred times and see heads one hundred times, what's are the odds I see heads on the next flip?
That's a really good analogy (I mean in general, not specifically referring to this situation)! I'm going to start using it.
I thought the same about large organisations until last week I saw a ward-sister with a transit envelope, one of those manila pockets on which you write the next destination and send it on through internal post.
Apparently they're still widely used within the UK National Health Service to send confidential paper records and other data-conveying objects.
It's a little bit off-topic, but I can't help but feel like this sentence contradicts itself.
I'm not sure if it's such a great strategy for a future president, though (especually as he seems to spend awfull lot of time on twitter).
The headline is absurd. The article is absurd. Everything about this is absurd.
Have you ever looked at a computer owned by one of your relatives (someone who is not a computer expert)?
Having the person that will lead all of that say he'd rather send couriers with hand written notes is horrifying for me. As a computer scientist I feel that this is yet another attack on science and reason. I wonder how you don't feel the same?
Consider https://en.wikipedia.org/wiki/Millennium_Challenge_2002
Using these tactics - in an exercise only of course - the "enemy" defeated the US military easily.Besides, I don't think Trump will be using couriers all the time. Also, these days, email is not the only way to send digital messages.
That makes sense insofar as Trump runs large operations that has to require considerable computing resources to run them. He probably has top-notch people overseeing the data end of management and that would include maintaining security
With regards to infosec at his hotels, plenty of credit-card breaches https://krebsonsecurity.com/2016/04/sources-trump-hotels-bre...
https://krebsonsecurity.com/2015/07/banks-card-breach-at-tru...
His email servers run on Windows 2003 with IIS6:
http://fortune.com/2016/10/18/donald-trump-email-server-secu...
It could be there is a different answer to why nothing been released yet, eg. blackmail.
They did - how do you think that 2005 video mysteriously surfaced at just the right time to do the most damage?
It only didn't work because people recognized it for the obvious tactic it was.
This isn't a fault particular to Trump, of course. Anyone who isn't using technology will likely have just a facile understanding of its full impact on life today...kind of like how it's nearly impossible to understand Twitter's appeal (or at least, differentiate it from other forms of publishing, such as blogging or mass email) without using it.