1996-10-29 - [NOISE][no-cripto-here]Re: Rumours of NSA breakin
Header Data
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
To: hallam@ai.mit.edu
Message Hash: fc8f3384ce320935cabfc675a7bafacfc755ead62e6d81c332f4a3852f72da6b
Message ID: <Pine.BSF.3.91.961029155328.15195B-100000@mcfeely.bsfs.org>
Reply To: <9610291723.AA05462@etna.ai.mit.edu>
UTC Datetime: 1996-10-29 22:20:44 UTC
Raw Date: Tue, 29 Oct 1996 14:20:44 -0800 (PST)
Raw message
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 29 Oct 1996 14:20:44 -0800 (PST)
To: hallam@ai.mit.edu
Subject: [NOISE][no-cripto-here]Re: Rumours of NSA breakin
In-Reply-To: <9610291723.AA05462@etna.ai.mit.edu>
Message-ID: <Pine.BSF.3.91.961029155328.15195B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 29 Oct 1996 hallam@ai.mit.edu wrote:
>
> Hi,
>
> I've been hearing rumours of an alledged compromise
> of the NSA Web server but no hard evidence. The claim made is
> that several Mb of files were downloaded from the server and
> posted to the "Internet". I can't see it in sci.crypt or
> alt.conspiracy though.
I have not heard this one, though every damn mailing list I'm on has
people posting messages about "web servers being hacked" on a daily
basis. Most of these have turned out to be "spoof" sites, like "nasa.com"
instead of "nasa.gov." Big deal. Some nut even started posting the url to
his "hacked nasa.com mirror site." Free advertising for a group that
registers piles of domain names, and re-sells them.
I've set up a number of networks for gubmint agencies, and all but one of
these put their web servers on a completely different network with its own
feed to a commercial ISP, and no other link to any internal agency
network. If you look at the address range assigned to the web server,
you'll see that it falls within a commercial CIDR block and isn't part of
the gubmint agency's usual range. Many use "co-locate" sites AT an ISP,
and contract out the web server - it isn't on the agency network OR the
agency premesis.
If anyone does compromise the site, they won't get any proprietary info,
can't use the systems to attack other "trusted" systems, etc. About all
they do is prove the agency hired a less-than-thorough contractor to run
the web system.
I would not be too concerned about threats to "National Security"
regarding this alleged "incident."
In my experience, most of the agencies putting up web servers are fairly
security aware and capable. The holes are generally elsewhere, on legacy
systems set up ages ago, located at under-staffed locations still
using systems installed and maintained by someone who retired (or died)
years ago.
Just my $.02.
-r.w.
Thread
Return to October 1996
- Return to “hallam@ai.mit.edu”
- Return to “michael.tighe@Central.Sun.COM (Michael Tighe SUN IMP)”
Return to “Rabid Wombat <wombat@mcfeely.bsfs.org>”
- 1996-10-29 (Tue, 29 Oct 1996 09:17:02 -0800 (PST)) - Rumours of NSA breakin - hallam@ai.mit.edu
- 1996-10-29 (Tue, 29 Oct 1996 14:20:44 -0800 (PST)) - [NOISE][no-cripto-here]Re: Rumours of NSA breakin - Rabid Wombat <wombat@mcfeely.bsfs.org>
- 1996-10-31 (Thu, 31 Oct 1996 12:10:19 -0800 (PST)) - Re: Rumours of NSA breakin - michael.tighe@Central.Sun.COM (Michael Tighe SUN IMP)