IT/Web: September 2013 Archives

Keith's 11 Sep note: NASA was hacked yesterday by the BMPoC to protest U.S. cyberintelligence activities. One more reminder that everything everyone posts everywhere is seen by everyone. These NASA websites (at ARC) were affected and are currently offline:,,,,,,,, ,,,,

NASA ARC has this notice up if you try to reach these websites: "Down For Maintenance. The requested webpage is down for maintenance. Please try again later. Affected sites include but is not limited to:


Keith's 19 Sep note: More than half of these websites are still offline. Wow. NASA really does not have a lot of resiliency when it comes to responding to a hacking event, despite what PAO would have you believe.

Brazilian hackers confuse Nasa with NSA in revenge attack, The Telegraph

"At no point were any of the agency's primary websites, missions or classified systems compromised," said Nasa spokesman Allard Beutel. "We are diligently taking action to investigate and reconstitute the websites impacted during web defacement incident," he said."

NASA HEOMD Internal Memo on Personal Electronic Devices, NASA

"No one wants their personal property tampered with -- we understand that. If you complain loudly because your device does something you don't like as a result of the policies and settings pushed to your personal device as a result of our efforts to improve IT security, or if mistakes are made and you happen to be the unlucky victim of one, and it gets enough attention, either personal devices may be banned in the future from connecting to NASA email and non-public facing systems, or you'll have to officially request the ability to connect a personal device, take SATERN training, sign paperwork explicitly accepting the risks to your personal device or data, and so on. That will add more bureaucracy and obstacles and hassles to doing what should be a reasonable thing, which is enabling you to read and respond to email via your personal devices. It's up to you how you respond to these changes. If you don't want NASA making any changes to your personal devices, please do not connect your personal device(s) to NASA email or internal networks. This is a compromise that allows your flexibility and choice. And please note that these changes will help protect your personal data on the device, not just NASA data."

Keith's note: In other words NASA wants you to think that they are doing you a favor by allowing you to use a cellphone that you paid for to do government work. Also ... if you use your personal device to connect to NASA and something goes wrong you had better shut up and do not complain about it - or bad things will happen.

- Do You Really Trust NASA Not to Ruin Your Mobile Device?, earlier post
- NASA Bring Your Own Device Update, earlier post

NASA Internal Memo: Do Not Access Public Web Sites Containing Classified Information

"Individuals with a security clearance have agreed to certain restrictions regarding classified information. Accessing classified information on Wikileaks, even from home, constitutes a security violation. Viewing classified information from a computer that isn't authorized to access classified information, and/or viewing classified information that he or she is not authorized access to, is a security violation. And, use of official Government computers for other than authorized purposes is prohibited by federal ethics laws."

ActiveSync Security Policies to be Applied to Mobile Devices Connecting to NOMAD

"a. The use of your own mobile device (i.e., cell phone or tablet) to retrieve your NASA email/calendar or to conduct NASA business is entirely voluntary. Users should refrain from using a personal mobile device to access NASA information and systems if uncomfortable, unable, or unwilling to comply with these minimum security requirements. As the use of personal mobile devices is purely optional, employees cannot be expected to use their own devices to accomplish their assigned tasks if they choose not to do so. Your supervisor may not require you to do so. If a mobile device is required for you to perform your assigned duties, management will provide you with an appropriate NASA-owned device consistent with the Negotiated Agreement, unless you voluntarily choose to use your own device. You cannot be required to provide your personal email address or cell-phone number to management.

b. Employees using their own mobile device for downloading NASA email /calendar directly via their phone's mail client should be aware that NASA has the ability to access your device and to erase ("wipe") it. While the current NASA policy is that no such access or wiping will occur without the employee's explicit permission, it remains possible that such adverse events could nonetheless occur inadvertently. Therefore, employees should backup their personal phones often to reduce their vulnerability of data loss."

Do You Really Trust NASA Not to Ruin Your Mobile Device?, earlier post

Keith's note: I just got an email from [] inviting me to an event on the 9th floor today. The email (from someone at Valador Inc. who works at NASA, uses a email account, sent this on official NASA business) had this rather odd disclaimer at the bottom (twice):

"Visit for British foreign policy news and travel advice and to read our blogs. Please note that all messages sent and received by members of the Foreign & Commonwealth Office and its missions overseas may be automatically logged, monitored and/or recorded in accordance with the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. We keep and use information in line with the Data Protection Act 1998. We may release this personal information to other UK government departments and public authorities."

Why is anyone at NASA (an American government agency) sending out official email with a disclaimer that suggests that people (most likely Americans) visit a foreign government's official website - and then warn these same Americans that "We may release this personal information to other UK government departments and public authorities"?

Keith's update: I am told that the person who sent me the email was forwarding it from someone who had forwarded it from the UK Embassy ...



Monthly Archives

About this Archive

This page is an archive of entries in the IT/Web category from September 2013.

IT/Web: August 2013 is the previous archive.

IT/Web: October 2013 is the next archive.

Find recent content on the main index or look in the archives to find all content.