Mapping The CIA Nonclassified Network

jeffy124 writes "A security firm Matta Security in London has mapped the CIA non-classified network. Using only legal and open sources, the company mapped topology of machines and even found networks otherwise closed to the public. The company never port scanned or probed the network directly. Among items they found were emails and phone numbers of sys admins and other employees. Amazingly, they did all this in two days."

Re:Portscanning?

[Monkelectric]

Im a sysadmin for a major university, and I can tell you first hand that even pinging will get you a letter from the agency you pinged.

One of my users decided to ping a DOD (department of defense) computer ... he pinged it, and a few days later we got an email from them asking us A: if we have been compromised B: if we hadn't please dont do it again. The letter was very courtious, and explained they understand that pinging in itself is not illegal or not even unusual, the real point was to inform us that we may have been compromised (prolly a good idea). A buddy of mine who works for the air force claims if you ping an air-force server, armed FBI agents will appear at your door quickly ... Obviously I am unwilling to test this :)

Anyone else notice the Lotus Domino Server

version 5.0.6a

Why you may ask?

Because Lotus Notes and Lotus Domino is the only mail product that gives email administrators zero access to information within mail files. Each Notes database has an access control list, and you can specify who's on it. The mail server can have "depositor" access, which means it can only place information inside the database. The database can also be encrypted so that only the server can read it -- meaning someone has to steal a copy of the database itself off of the file system, in order to have a chance at decryption.