Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: J. Oquendo (silinfiltrated.net)
Date: Fri Sep 14 2007 - 12:21:59 CDT
> You're suffering from a logical falicy, I worked in that arena (albeit
> it a different agency) in incident response for quite some time
Nice to know. I hope my government can either install ispell or send
some of you guys to Clueful University.
> of workstations and servers on a regular basis and downloaded
> everything that ended in extensions like .pdf, .eml, .doc, et cetera,
> it wouldn't take that long to get up to very high numbers. This is
> exactly what has occurred and makes your assertion that of ignorance
> and presumption.
So again, look at the statement from the previous article where the boys
from this gov state NIPR. Translation? Shit anyone can find on
> You again fall victim to foolish ignorance and presumption, just
> because a red network isn't connected, doesn't mean a yellow network
> isn't. I can't speak for DoD in that sense, I just know how it works
> in other agencies.
"I just know how it works in other agencies."... Not knowing, isn't this
the same quote on quote ignorance you accused me of. If you don't know I
would Google STFU if you haven't already heard/been told the term.
> Furthermore, with ratings like SBU/et cetera, and lots of it, you can
> gain valueable intelligence by combining all of it.
Irrelevant to what the government has stated. China has hacked
"TERABYTES OF DATA" ... Define hacked. Google hacked? How about gov
employees get a clue before they decide to leave top secret information
on a non secure webserver.
Here is one for you from the horses mouth. 100% true so help me any
deity. So I get a group of individuals visit my company about two weeks
ago. Golf shirts slacks, etc., really clean cut. Nice little blue and
white plates can be seen from the conference room with a big old G on
it. They start asking about pentesting EV-DO... They ramble on and
mention "we're using 128 bit..."
"Wait a minute" I told the gentleman. "You know you shouldn't be using
128 bit for encryption of TS documents in according with NIST." (And I
know this because I got a personal schooling from Bruce Schneier on
this. (http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf for clarity on
this)) Their response: "We know but we have M16's on each side of the
stream" and they chuckled.
My thoughts at that time... What a bunch of idiots. So what. M16's mean
nothing if you can't track someone sniffing you - you idiot... In
essence its stupid - and I sincerely and obnoxiously mean this - STUPID
IDIOTS in the government who allow these so called pseudoIntrusions
(add that to your buzzwords too).
See an intrusion hasn't occurred here period, error and human stupidity
has though and now the US government is calling the kettle black. In
case you have either forgotten or never heard of the abuses of ECHELON
not to even bother pointing out the mess we have in this country with
our warrantless M&M color coded uberDuber terrorAlert crapaganda systems.
So politics aside, its stupidity black and white, not an intrusion that
is leading to the compromise of data. If the data is on unsecured
webservers that are on the Internet, don't blame the ingenuity of
someone for finding something that should have been on SIPR instead of
being online (NIPR) to the public in the first place.
The gov should re-iterate the differences between SIPR, NIPR, RIPR and
other systems to clueless idiots on computers, servers, crackberries or
whatever other mediums they choose to use.
"Excusatio non petita, accusatio manifesta"
sil . infiltrated net http://www.infiltrated.net
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature