On Tue, 29 Oct 1996 hallam@ai.mit.edu wrote:
Hi,
I've been hearing rumours of an alledged compromise of the NSA Web server but no hard evidence. The claim made is that several Mb of files were downloaded from the server and posted to the "Internet". I can't see it in sci.crypt or alt.conspiracy though.
I have not heard this one, though every damn mailing list I'm on has people posting messages about "web servers being hacked" on a daily basis. Most of these have turned out to be "spoof" sites, like "nasa.com" instead of "nasa.gov." Big deal. Some nut even started posting the url to his "hacked nasa.com mirror site." Free advertising for a group that registers piles of domain names, and re-sells them. I've set up a number of networks for gubmint agencies, and all but one of these put their web servers on a completely different network with its own feed to a commercial ISP, and no other link to any internal agency network. If you look at the address range assigned to the web server, you'll see that it falls within a commercial CIDR block and isn't part of the gubmint agency's usual range. Many use "co-locate" sites AT an ISP, and contract out the web server - it isn't on the agency network OR the agency premesis. If anyone does compromise the site, they won't get any proprietary info, can't use the systems to attack other "trusted" systems, etc. About all they do is prove the agency hired a less-than-thorough contractor to run the web system. I would not be too concerned about threats to "National Security" regarding this alleged "incident." In my experience, most of the agencies putting up web servers are fairly security aware and capable. The holes are generally elsewhere, on legacy systems set up ages ago, located at under-staffed locations still using systems installed and maintained by someone who retired (or died) years ago. Just my $.02. -r.w.