> You're suffering from a logical falicy, I worked in that arena (albeit > it a different agency) in incident response for quite some time Nice to know. I hope my government can either install ispell or send some of you guys to Clueful University. > of workstations and servers on a regular basis and downloaded > everything that ended in extensions like .pdf, .eml, .doc, et cetera, > it wouldn't take that long to get up to very high numbers. This is > exactly what has occurred and makes your assertion that of ignorance > and presumption. So again, look at the statement from the previous article where the boys from this gov state NIPR. Translation? Shit anyone can find on Google.com/unclesam > You again fall victim to foolish ignorance and presumption, just > because a red network isn't connected, doesn't mean a yellow network > isn't. I can't speak for DoD in that sense, I just know how it works > in other agencies. "I just know how it works in other agencies."... Not knowing, isn't this the same quote on quote ignorance you accused me of. If you don't know I would Google STFU if you haven't already heard/been told the term. > Furthermore, with ratings like SBU/et cetera, and lots of it, you can > gain valueable intelligence by combining all of it. Irrelevant to what the government has stated. China has hacked "TERABYTES OF DATA" ... Define hacked. Google hacked? How about gov employees get a clue before they decide to leave top secret information on a non secure webserver. Here is one for you from the horses mouth. 100% true so help me any deity. So I get a group of individuals visit my company about two weeks ago. Golf shirts slacks, etc., really clean cut. Nice little blue and white plates can be seen from the conference room with a big old G on it. They start asking about pentesting EV-DO... They ramble on and mention "we're using 128 bit..." "Wait a minute" I told the gentleman. "You know you shouldn't be using 128 bit for encryption of TS documents in according with NIST." (And I know this because I got a personal schooling from Bruce Schneier on this. (http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf for clarity on this)) Their response: "We know but we have M16's on each side of the stream" and they chuckled. My thoughts at that time... What a bunch of idiots. So what. M16's mean nothing if you can't track someone sniffing you - you idiot... In essence its stupid - and I sincerely and obnoxiously mean this - STUPID IDIOTS in the government who allow these so called pseudoIntrusions (add that to your buzzwords too). See an intrusion hasn't occurred here period, error and human stupidity has though and now the US government is calling the kettle black. In case you have either forgotten or never heard of the abuses of ECHELON not to even bother pointing out the mess we have in this country with our warrantless M&M color coded uberDuber terrorAlert crapaganda systems. So politics aside, its stupidity black and white, not an intrusion that is leading to the compromise of data. If the data is on unsecured webservers that are on the Internet, don't blame the ingenuity of someone for finding something that should have been on SIPR instead of being online (NIPR) to the public in the first place. The gov should re-iterate the differences between SIPR, NIPR, RIPR and other systems to clueless idiots on computers, servers, crackberries or whatever other mediums they choose to use. -- ==================================================== J. Oquendo "Excusatio non petita, accusatio manifesta" http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E sil . infiltrated @ net http://www.infiltrated.net
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/