[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] www.dia.mil
- To: "Adrian P." <unknown.pentester@xxxxxxxxx>, <Valdis.Kletnieks@xxxxxx>, "Razi Shaban" <razishaban@xxxxxxxxx>
- Subject: Re: [Full-disclosure] www.dia.mil
- From: "Viktor Larionov" <viktor.larionov@xxxxxxxx>
- Date: Wed, 29 Oct 2008 13:08:00 +0200
And maybe friends, you could explain me what's so special about dia.mil ?
I would actually understand if CIA central internal information system would
use such trackers, but if it's a public web page, what's so special about it
?
And ok, even if the information on visitors leaks - what's so interesting
about visitors statistics to dia.mil ?
What makes those visitors or the URL-s they request so special ?
Or maybe you suppose CIA will hold sensetive materials on a public webserver
? e.g. www.dia.mil/sometopsecretstuff... Well I agree, you can find stupid
things everywhere nowdays, but I surely hope that they don't do it.
I guess that visitor statistics to google.com are thousand times more
interesting than dia.mil.
>From my personal point of view dia.mil visitors statistics offer exactly the
same interest like www.desperatehousewives.com visitor statistics.
(intelligence guys, no offence :P)
Kindest regards,
---
Viktor Larionov
snr. system administrator
R&D team
Salva Kindlustuse AS
Parnu mnt. 16
10141 Tallinn
ESTONIA
tel: (+372) 683 0636, (+372) 680 0500
fax: (+372) 680 0501
gsm: (+372) 5668 6811
viktor.larionov@xxxxxxxx
------------
MOTD: Dream Big. Think the impossible. If you can dream it - you can create
it.
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx]On Behalf Of Adrian P.
Sent: Wednesday, October 29, 2008 12:02 PM
To: Valdis.Kletnieks@xxxxxx; Razi Shaban
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] www.dia.mil
Welcome to the web!
1 website = content retrieved from dozens/hundreds of sites. Much more than
what the browser's address bar shows ;)
Think of ad banners, analytics JS ("legit" spyware), static content served
from high-speed embedded httpds, etc ...
And yes, there are security implications to this design problem.
-----Original Message-----
From: Valdis.Kletnieks@xxxxxx
Sent: 27 October 2008 17:22
To: Razi Shaban <razishaban@xxxxxxxxx>
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] www.dia.mil
On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said:
> On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <bipin.gautam@xxxxxxxxx>
wrote:
> >
> > A picture is worth a thousand words.
> >
> > But whats so wrong about it?
> >
> > :P
>
>
> So what?
A US intelligence agency is basically betting the bank that statcounter.com,
a company apparently based in Ireland, doesn't get pwned or subverted.
Does that give you warm-n-fuzzies?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/