I've had conversations with FBI field office staff assigned to NIPC. Each time I've spoken with someone that had a clue. I was actually expecting what you describe below, but was pleasantly surprised. Maybe the central co-ordination center is staffed with less-than-optimal folks, but the field folks (in my experience) seem to be clued-up. Note however, that my contact has been with a small group of folks out of one field office. Maybe I just got lucky. Maybe it's a case of beaurocrats in technical positions, while the real techies are out in the field. Who knows. Maybe duck below the middle management and make your reports to field folks. Maybe that'll land you in jail. I think I'd prefer to not deal with them except when absolutely necessary from an investigative standpoint. > -----Original Message----- > From: KF [mailto:dotslashat_private] > Sent: Tuesday, July 30, 2002 9:41 AM > To: vuln-devat_private > Subject: Re: Operation TIPS - the FEMA response > > > Ever try to call NIPC and have an intelligent "computer security" > conversation? Don't bother... The 2 times I called to report security > issues I found it hard to find someone someone to speak to that had > skill beyond your local whopper flopper at burger king. > -KF > > > > George Imburgia wrote: > > >It wasn't quite as bad as a friend expected; > > > >"those people will say you have an infectious disease and lock you up > >forever 20 stories under the nevada desert" > > > >...but it wasn't nice either. > > > >I called FEMA's technical contact, got voicemail, left my name, phone > >number, stated that it was a security problem with a FEMA web server, > >asked that they return my call and then said my name and phone number > >again. > > > >The next day, they claimed they hadn't contacted me because > they didn't > >have my phone number. > > > >After being prodded by the press, they did call and a hostile woman > >identifying herself as being with "FEMA's cybersecurity > office" began to > >berate me for talking to the press. > > > >I informed her that I didn't like the tone of the > conversation, and did > >not want to continue without assurances that "this won't get ugly". > > > >We went back and forth over what that meant for a while, and then the > >previously unidentified and unannounced Mr. Schmidt spoke > up, identified > >himself as the "head of cybersecurity" and tried to convince > me to comply > >with their demands by using the term "federal government > computer system" > >a lot. > > > >The term "____ off" comes to mind. > > > >Then the content and underlying code of the site changed. > > > >Now, they are telling people "he has a long history of > falsely reporting > >security problems with government computer systems". > > > >Are they claiming that the FBI's windows 3.51 web server was not > >vulnerable to dir?C| and variants in 1999? > > > >Are they claiming that the Dept of Ed. didn't have a world > writable ftp > >mirror of their web site? Or did the fact that it took 6 calls, and > >responses like "we don't know what permissions are, we all use Macs > >here" make it a false report? > > > >Are they claiming it was a bad idea to null route the old > >www.whitehouse.gov net block when codered hit? Then why is it still a > >blackhole? > > > >Are they claiming that DG/UX wasn't vulnerable, or that a 3 > letter agency > >wasn't running it as a mail server? > > > >Are they claiming a state legislature wasn't running a vulnerable > >configuration of Lotus, their admin confirmed it, and stated > he didn't > >know it was accessible from the internet? > > > >Are they claiming a popular DSLAM doesn't have a default password of > >ANS#150 and a firmware backdoor? > > > >Are they claiming that Qwest didn't have variants of > "Algiers97" as the > >password on most of their routers as an algerian was > attempting to blow up > >Seattle's millenium celebration? > > > >Or maybe they are claiming the login bug I discovered in the > 1970's and > >enjoyed for years never existed? > > > >Verizon, Wilshire, Xerox and Comcast are a few of my recent > (false?!?) > >reports. > > > >Who has the credibility problem here? > > > > > > > > > >George Imburgia > >Senior Network Security Engineer > >Capitol Networking > >gtiat_private > > > > > > > > > > > >
This archive was generated by hypermail 2b30 : Tue Jul 30 2002 - 11:40:44 PDT