Re: [Full-disclosure] Not even the NSA can get it right

[Paul Kurczaba <seclists@xxxxxxxxxxxxxx>]

To the NSA's advantage, I truly believe that the NSA.gov site is a 
natural honeypot. If you think of all the people that try to break in to 
it, the NSA looks at their logs and says "Sweet!, we've learned 
something new today. Keep on comming..."

just my $0.02




Valdis.Kletnieks@xxxxxx wrote:
> On Wed, 25 May 2005 07:14:12 CDT, "milw0rm Inc." said:
>
> > lol are you guys joking?  They wouldn't allow an xss bug on their
> > website on purpose come on now.
>
>
> You're not devious enough.  Remember that the *best* place to put a
> honeypot is right out there in plain sight where it's likely to attract
> attention.
So now they've grepped their *Apache* logs

According to netcraft, they are running IIS.

, and they've
> added several dozen people to their "suspected script kiddie" list.
>
> (Remember - the NSA probably knows more about proper airgapping than anybody.
> All *those* webservers have on them is non-sensitive content, so you can't
> actually *get* anything really interesting to happen - in the NSA view of the
> world, "public website gets defaced" isn't particularly interesting or
> noteworthy).
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/