Re: [ISN] The War in All its Online Glory

From: InfoSec News (isnat_private)
Date: Tue Jun 04 2002 - 01:56:04 PDT

  • Next message: InfoSec News: "[ISN] Sure, Security Is Hard, But...."

    Forwarded from: H C <keydet89at_private>
    Cc: bobat_private, jerichoat_private
    > This doesn't give me any sort of confidence. The fact that these
    > machines are connected to any public network is disturbing.
    Who said the machines were connected to a public network?  The quote
    says "unidentified" machines, which could mean anything from
    misconfigured systems on the private network, to other machines on the
    network that are outside the scope of the exercise.
    Of course, the quote *was* from a's probably very likely
    that he hasn't even memorized the right buzzwords yet, so we have no
    idea what the *real* issue is...
    Does anyone know if the military is still doing the field grade
    lobotomy the old way, or if they're going through the nose now
    (doesn't leave the telltale scar)??  I had heard rumors that they had
    a medication taken orally now...  ;-)
    > I understand the desire for access to information, but given how
    > critical and sensitive these systems are, it seems that there would
    > be some real need for a physical gap in the network.
    I agree.  However, I've worked with the US Army before (they were the
    customer) and their support infrastructure, and to be quite honest, no
    amount of security awareness training is going to work in that
    environment.  I've seen senior-level execs get the briefing and sign
    the sheet saying that they understand that they're not to send or
    launch executables via email, blah, blah, blah...and then they do just
    that b/c they think it's funny.
    Of course, you've then got the whole issue of how the Army
    operates...those officers quoted in the article may not be in their
    positions in 6 months or a year.  Rotations are critical for
    advancement and promotion...and regardless of what anyone wants to
    believe, very little institutional knowledge survives.
    > Throwing up additional firewalls seems like a joke of a response.
    > It isn't about how many devices you have protecting your resources,
    > it's about how they are configured and monitored.
    We should get that on a t-shirt.
    > Even if someone isn't intent on a classic breakin, how would a DoS
    > attack affect their capability to reach the information they need?
    > How about a few hundred script kiddy style attacks and the diversion
    > of resources that could cause?
    We'd need to know more about the set up.  Unfortunately, when officers
    leave such positions, or the enlisted guys don't re-enlist, they very
    often get jobs w/ the contractor for the project, and sign NDAs
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 04:45:25 PDT