Re: Operation TIPS - the FEMA response

From: George Imburgia (gtiat_private)
Date: Mon Jul 29 2002 - 19:16:34 PDT

Next message: uraken: "Re: Does MSN Messenger Bypass Group Policy?"

Previous message: dan kennedy: "RE: Possible cable modem denial of service ?"
In reply to: George Imburgia: "Operation TIPS"
Next in thread: KF: "Re: Operation TIPS - the FEMA response"
Reply: KF: "Re: Operation TIPS - the FEMA response"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It wasn't quite as bad as a friend expected;

"those people will say you have an infectious disease and lock you up
forever 20 stories under the nevada desert"

...but it wasn't nice either.

I called FEMA's technical contact, got voicemail, left my name, phone
number, stated that it was a security problem with a FEMA web server,
asked that they return my call and then said my name and phone number
again.

The next day, they claimed they hadn't contacted me because they didn't
have my phone number.

After being prodded by the press, they did call and a hostile woman
identifying herself as being with "FEMA's cybersecurity office" began to
berate me for talking to the press.

I informed her that I didn't like the tone of the conversation, and did
not want to continue without assurances that "this won't get ugly". 

We went back and forth over what that meant for a while, and then the
previously unidentified and unannounced Mr. Schmidt spoke up, identified
himself as the "head of cybersecurity" and tried to convince me to comply
with their demands by using the term "federal government computer system"
a lot.

The term "____ off" comes to mind.

Then the content and underlying code of the site changed.

Now, they are telling people "he has a long history of falsely reporting
security problems with government computer systems".

Are they claiming that the FBI's windows 3.51 web server was not
vulnerable to dir?C| and variants in 1999?

Are they claiming that the Dept of Ed. didn't have a world writable ftp
mirror of their web site? Or did the fact that it took 6 calls, and
responses like "we don't know what permissions are, we all use Macs
here" make it a false report?

Are they claiming it was a bad idea to null route the old
www.whitehouse.gov net block when codered hit? Then why is it still a
blackhole?

Are they claiming that DG/UX wasn't vulnerable, or that a 3 letter agency
wasn't running it as a mail server?

Are they claiming a state legislature wasn't running a vulnerable
configuration of Lotus, their admin confirmed it, and stated he didn't
know it was accessible from the internet?

Are they claiming a popular DSLAM doesn't have a default password of
ANS#150 and a firmware backdoor?

Are they claiming that Qwest didn't have variants of "Algiers97" as the
password on most of their routers as an algerian was attempting to blow up
Seattle's millenium celebration?

Or maybe they are claiming the login bug I discovered in the 1970's and
enjoyed for years never existed?

Verizon, Wilshire, Xerox and Comcast are a few of my recent (false?!?)
reports.

Who has the credibility problem here?




George Imburgia
Senior Network Security Engineer
Capitol Networking
gtiat_private

Next message: uraken: "Re: Does MSN Messenger Bypass Group Policy?"
Previous message: dan kennedy: "RE: Possible cable modem denial of service ?"
In reply to: George Imburgia: "Operation TIPS"
Next in thread: KF: "Re: Operation TIPS - the FEMA response"
Reply: KF: "Re: Operation TIPS - the FEMA response"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 20:53:33 PDT