l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2003 Mar 18 13:32

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] what do they pay their staff for?!?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] what do they pay their staff for?!?



On Tue, Mar 18, 2003 at 12:26:41PM -0800, Peter Jay Salzman wrote:
[snip]
> today i read the news.  the US army's webserver was hacked.  the webdav
> hole is to blame.
> 
> 
> ok, let's forget the issue of why the army is using IIS to begin with.
> that's a whole different issue.  i'm wondering who gets paid to sit
> around and administrate army webservers, and why it didn't occur to them
> 
>    "hey, wait a minute.  WE'RE running IIS on win2k servers!"
> 
> a website isn't a big deal, but considering we're on the brink of war,
> you'd think the administrators would be a bit more on the ball.  who
> knows what's networked to what.  heck, i don't have microsoft anything,
> and i still knew about the webdav hack.

Nothing of any importance to the military could get leaked via the web
servers. No classified computer can be connected to the Internet. 

That's really important, so I'll say it again: No classified computer
can be connected to the Internet. If an Army computer is behind a
thousand different firewalls, but could conceivably send or receive a
packet from the Internet through those firewalls, the computer is not
classified.

There are people who do nothing but go over classified networks, again
and again, to make sure that there is absolutely no path from them to
any unclassified network or system, including the Internet. 

Hence, there is no path to classified information from the Army's web
servers, and so if the web servers get hacked, it's embarassing, but
nothing more. 

-- 
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00010.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.