Register your own .mil Domain

JWSmythe writes " As reported in This Story at theregister.co.uk ,and on dailyrotten.com, it seems the US Department of Defense has dropped the ball. Not only can you register a .mil domain, but you can find "secret" domains that aren't publically known (the gov't uses security through obscurity?). I'm looking forward to hacker.mil, warez.mil, and porn.mil."

sp

goatse.mil?

Re:sp

[Patrick13]

antiwar.mil ?

Re:sp

[bluethundr]

bushwearsdiapers.mil ?

Re:sp

[bluethundr]

flour.mil ?

Re:sp

[Hognoxious]

bloodygreatbigrussianhelicopter.mil
noughtpointohthreeninethreeinches.mil
mark_ham.mil
saddamshagsaca.mil

Hmm....

[LinuxCumShot]

I wonder if Osama has Al-Queda.mil?

Re:Hmm....

Dunno but you can do it for him:

nic.mil/cgi-bin/domain

Re:Hmm....

[lommer]

Holy crap! This is serious...
Someone should file an incident report form!

:-)

Re:Hmm....

[buswolley]

don't follow that link! Its a honeypot to catch terrorists, silly bee.

Re:Hmm....

[Cramer]

And just how does that differ from the way InterNIC used to manage domains? (Answer: it doesn't)

Obviously, no one read the part about an email address within NIPRnet. If you have an email address within NIPRnet, then you work for the DoD. It's not like someone can use foo@bar.com to register dozens of domains.

And an other thing, all the web engine does is fillout the templates that have been available via ftp for years.

(I'm assuming Google has already removed the reffered to pages from the cache.)

Re:Hmm....

[Jace+of+Fuse!]

Rumor.Mil

what about...

[DarklordSatin]

runofthe.mil

Re:what about...

[RumpRoast]

rastafarian.mil

Re:what about...

[Blimey85]

Mod this fucker up!!!

That's the funniest shit so far today.

The peace.mil was also pretty good.

I'm wondering how with all the billions of dollars we spend on military shit, how the military can constanly screw things up... BTW, was .mil supposed to only be US mil or could any military anywhere get a .mil domain? And what kind of proof did you have to show to prove you were a military organization?

Re:what about...

[GMontag]

well, I prefer Piece.mil, as I find well toned and armed women hot, but I digress (digression in an intorduction?)

Anyway...

I'm wondering how with all the billions of dollars we spend on military shit, how the military can constanly screw things up...

Because it is run by humans, contrary to some theories on the Left.

BTW, was .mil supposed to only be US mil or could any military anywhere get a .mil domain?

US Military only.

And what kind of proof did you have to show to prove you were a military organization?

The command that handles the domain verifies the request. I am sure that there are ways to insert a fake request and have it approved (in addition to this new finding), the same way we inserted false reports about bad Chinese ammunition into the NVA system, etc.

Re:what about...

[blair1q]

Because we spend $$billions on toys, and virtually nothing on people.

Toys make defense companies rich. Servicemembers are paid less than fast-food workers.

Re:what about...

[Idarubicin]

And what kind of proof did you have to show to prove you were a military organization?

I think if you show up at the registrar's door with guns, then he'll accept that you deserve a .mil domain.

Re:what about...

[svyyn]

And servicemembers purchase food, housing and clothing for themselves and their families for far less than fastfood workers.

Re:what about...

[blair1q]

Guns or butter.

And at the top of every defense company is a small group of people being paid far too much to do far too little to promote peace.

Peace?

[Vigilante42]

peace.mil

Re:Peace?

[drinkypoo]

I think it would be more appropriate to name your machine peace.in.our.time.mil.

Re:Peace?

[JWSmythe]

Going to? You should have done that *BEFORE* reading slashdot.

I did.

Well, with my girlfriend, not yours. :)

Re:Peace?

[IKEA-Boy]

why thank you - i will now go smoke a joint and have sex with my long-haired girlfriend

who's the loser?

I think that depends on where the hair is growing...

hard to believe

I work for the Air Force and I really find this hard to believe -they are very careful with their networks, almost to the point of making working there very difficult!

Re:hard to believe

[thac0]

Maybe the air force does make it difficult. I've certainly seen some pretty tight networks myself, but that doesn't mean that everything is. And the subject in question is actually kind of a fringe subject that one might believe to be missed in security sweeps and such.

Re:hard to believe

[gmack]

I don't find it that supprising espectially if your given people who don't quite know what they are doing.

My last place of employment had a tech that overrode my plan to use an anonymous FTP server because he heard that was insecure. Instead he setup a username for the account and embedded the username and password in the publically available software .. but forgot to make sure that username couldn't add or remove files from it's own account. (oops)

But in general that's the exact sort of thing I expect to find anywhere you have people who know just a little too much but not quite enough to make informed security plans.

Re:hard to believe

[Cramer]

It's not so much a matter of "knowing"... A lot of the stupid stuff you'll find (and if you actually go looking for it...) that is simply the result of "lazy" contractors.

As the saying goes, "Close enough for government work."

get em while they're hot

[trb]

hmmm. diploma.mil? gin.min?

What was that about homelnd security?

[Anonymous+Butthead]

what was that about homeland security? I guess it's all a load...

2600 contest?

[capnjack41]

Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?

Re:2600 contest?

[neurostar]

Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?

Their contest says that if you resgister 2600.mil (or any 2600.something) and point it to their website, you get a free lifetime subscription. (I think it's any TLD)

neurostar

Re:2600 contest?

[weave]

2600 would be all into finding out how to do it and telling the world about it, but not going ahead and actually doing it. I've never seen them advocate breaking into systems, just how in can be done. If you read the letters to the editor in the mag and their responses to people who want to do malicious cracking, you'll see they stomp em pretty hard for being stupid.

Besides that, the military might have an incompetent admin that exposes something stupid like that, but I for one wouldn't want to try my luck at exploiting it. I think you'd face better odds for survival as a black man spitting on an LAPD officer in a remote area away from public view.

Re:2600 contest?

[capnjack41]

2600 would be all into finding out how to do it and telling the world about it, but not going ahead and actually doing it True, I should have been more careful in not implying that 2600 will actually reward people for doing this (and if you mess with the military's dns you're on your own, fool!).

Re:2600 contest?

[ral]

Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?

In addition, the first person to do this will get free room and board for life, courtesy of the U.S. Government.

Re:2600 contest?

[stefanlasiewski]

In order to receive that free subscription, you'd need to provide a mailing address or PO Box.

Once the military tracks you down, I'm not sure they'd let you read 2600 in prison...

Re:2600 contest?

[C0LDFusion]

In addition, the first person to do this will get free room and board for life, courtesy of the U.S. Government

And don't forget the trip to Cuba courtesy of USAF.

Re:2600 contest?

[fiftyfly]

In order to receive that free subscription, you'd need to provide a mailing address or PO Box. Once the military tracks you down, I'm not sure they'd let you read 2600 in prison...

The yank military can kiss my ass

Re:2600 contest?

[NoOneInParticular]

Mailing address: First Revolutionary Road, P'yongyang, North Korea

General.mil

[CheeseburgerBlue]

Mmmm....cereal.

Link to .mil Registry

[Motherfucking+Shit]

http://www.nic.mil/dodnic. No, I didn't go poking around. If you've got bigger balls than I, perhaps you can link to the supposed admin area...

Re:Link to .mil Registry

[SoSueMe]

Big balls or not, if you go poking around, you will probably find a ".mil/stone_around/your-neck"

Re:Link to .mil Registry

[geekoid]

Why not?
That site has some great RFC particularly RFC2901

that is an RFC rthat should be read by every person who wnts to set up a large network.
It seems as if there looking for comments on them.

Re:Link to .mil Registry

[Zaiff+Urgulbunger]

Just change your user-agent string to read "Googlebot/2.1+(+http://www.googlebot.com/bot.html )" and you'll be fine!! Go on - dare ya!!

Anyways, its clear they don't check their access logs anyways, otherwise they might've guessed there was a problem when the googlebot started nosing around.

Sigh!

Cara.mil

[handsomepete]

Mmmm... caramel.

Place your bets......

[MullerMn]

From The Register: We are, of course, straining against every natural, journalistic impulse in our beings by neglecting to mention any useful search strings with which to find it.

How long will it be before some A/C posts them here?

Nothing to see here

[isorox]

This is a runofthe.mil story

The Register story is two days old.

[More+Karma+Than+God]

Why is this just hitting Slashdot now?

As far as I know The Register broke the story, and nobody else has cited information that wasn't in The Register's article.

Does anyone have a screenshot of this site?

Re:The Register story is two days old.

[girl_geek_antinomy]

Yeah, I submitted this story Friday evening GMT, just after it hit The Register. My guess is Slashdot was checking their legal responsibilites (and cta) etc... being a good 'Merkin site, and all that...

And yeah, I'm a bit peeved I didn't get the credit...

Re:The Register story is two days old.

[lingenfr]

>My guess is Slashdot was checking their legal
>responsibilites (and cta) etc...

I doubt it, they were probably just too busy processing hard-hitting, controversial stuff like:

The 1991 "X-Box" and
Why VHS Was Better

I had to laugh reading the first one trying to imagine how slow a news day it would take to get that one printed.

Re:The Register story is two days old.

[AndroidCat]

checking their legal responsibilites

Either that or trying to lock down slashdot.mil :^)

Re:The Register story is two days old.

[KingDaveRa]

I submitted this one too. Oh well!

Re:The Register story is two days old.

[DrDaman]

tried, but all nameservers must be registered with THEIR whois, therefor the nameservers for slashdot NS1.VASOFTWARE.COM isn't valid and their whois client is offline, assuming this is their fix for the time being.

Re:The Register story is two days old.

[girl_geek_antinomy]

Never mind. Give it another day or so and one of ours may yet turn up as a Dupe :)

Re:The Register story is two days old.

[JWSmythe]

Don't feel bad. I submitted it yesterday too.. It just took them some time to post it..

Usually when I submit a story, someone else had gotten one in earlier too, but theirs are always pathetically written, but get posted first.. I have a whole box of rejected stories like that.

Just keep trying. :)

Re:The Register story is two days old.

[JWSmythe]

Soul for sale: Good Working Order, One Lady Owner. Prefer Lucifer to Micro$oft, but will accept Best Offer.

How much for the soul? :)

Re:The Register story is two days old.

[girl_geek_antinomy]

Um, enough to fund a new desktop Apple? (penniless student with old dead PowerBook)

Re:The Register story is two days old.

[JWSmythe]

And exactly does the title to your soul provide? When can I collect? :)

Adding another soul to my collection doesn't do much for me, after you've died from old age. Along with it would be the weights from your life..

Re:The Register story is two days old.

[girl_geek_antinomy]

Well, given I only graduate this summer there's rather a lot of my life left... plus, my sins aren't *that* great...

I guess the specific collection terms would have to be negotiable...

Re:The Register story is two days old.

[JWSmythe]

I'll have to think about the terms..

If you don't have a good collection of sins, you'll definately have to work on that.. What am I going to do with a pure sole? Well, besides corrupt it. :)

Re:The Register story is two days old.

[girl_geek_antinomy]

What am I going to do with a pure sole?

Poach it slowly in a herb sauce? *grin*

Re:The Register story is two days old.

[JWSmythe]

Hmmmm.. Poached soul in herb sauce.. Good evil thought..

Are you sure you want to sell your soul? You sound like you'd make a great partner in our world domination.

Well, at least with you intact.. :)

Re:The Register story is two days old.

[girl_geek_antinomy]

If I sign up for world domination, do I get a shiny new PowerBook?

*grin*

Re:The Register story is two days old.

[JWSmythe]

Baby, once we conqueror the world, you can have Apple. :)

Re:The Register story is two days old.

[girl_geek_antinomy]

Sounds good to me :)

honeypot?

[masteroveride]

I strongly doubt that the DoD would give the IP addresses of machines with sensitive data on the web without them knowing about it. Then again if they don't, what does that mean about them fighting a war in Iraq?!?

Impressive?

[hafree]

Pretty cool... First person to get a .va (Vatican City State) domain gets my vote though.

Re:Impressive?

[MrEd]

Hey, I've got www.gayboysinbondage.va! Do I get a prize?

Re:Impressive?

[liquidice5]

porn.va
would be oh so funny

Re:Impressive?

[colonel.sys]

like gina.va ? moohaha

Re:Impressive?

I vote for the "hellu.va" domain. ;-)

Re:Impressive?

[tzanger]

I don't know about the others but I can think of several better domains than those already suggested.

hairy.va/gina
tight.va/gina
wet.va/gina
...

Re:Impressive?

[falonaj]

First person to get a .va (Vatican City State) domain gets my vote though.

Hafree, I'm sure you will break this promise.

The first person to get a .va domain was the pope, actually. And according to Roman Catholic Canon Law, only cardinals are allowed to vote for the pope. And even if you are a cardinal - which is very unlikely for a Slashdot reader, but of course not totally impossible - you won't be allowed to vote for him, only for the next one.

I'm sorry, hafree, but you can impossibly keep your promise.

I pitty the poor idiot who actually uses that !

[red-beard's]

Whoever is stupid enough to screw with the DOD is on their own . I remeber the letter of the cyber terrorism bill all too clearly . They'll be bustin down your front door and haulin you away like you are illian(sp?) gonzales on crack . Oh an mind you once they have you your rights are revoked as you are a terrorist . Boy after this incident I'll be watching as i drive through washington dc for a line of the idiots heads who tried out this vulnerability on pikes per Rumsfields orders .This is a bad time to be poking at americas security . Kinda like throwing rocks at a rabid junkyard dog while sittin in his dog house .

Re:I pitty the poor idiot who actually uses that !

[carlos_avdas]

I live in Australia. Unless they can somehow convince the Australian Federal Government/Military/Police/whatever that I have somehow caused a breach to the ANZUS treaty, the US government can do absolutely jack fuck to me.

Re:I pitty the poor idiot who actually uses that !

[red-beard's]

Th us government can , will and has gone to other countries to get supposed terrorists . Do what you want (however dumb it may be) . Also austalia is quite friendly with the us . Does the word "extradition" ring a bell .

Re:I pitty the poor idiot who actually uses that !

[seann]

in soviet russia
they fear not the americans.

Re:I pitty the poor idiot who actually uses that !

[jameslore]

I can beat that - I live in NZ and we were expelled from ANZUS as the US can't hack us being nuclear free. We're not even an ally, just 'a friend'. :-)

Having said that, I wouldn't put it past our inept politicians to assist the US DoD in their witchhunt....

Re:I pitty the poor idiot who actually uses that !

[numark]

Not to mention the fact that you'd better not step foot in America or any American territory/possession, because then you're on their terms. Example: Skylarov.

Re:I pitty the poor idiot who actually uses that !

[belroth]

I can beat that - I live in NZ and we were expelled from ANZUS as the US can't hack us being nuclear free. We're not even an ally, just 'a friend'.

That would surely make it AUS, but that might give the wrong impression about who was in charge....

Re:I pitty the poor idiot who actually uses that !

[monkeyfamily]

Dude, get with the times! These days the U.S. uses flying killer robots to pick off terrorists who try to hide outside the borders of the empire.

Re:I pitty the poor idiot who actually uses that !

[BrianH]

Geez people, I worked for enough government agencies to know that you DO NOT F**K with this stuff. Even just browsing the admin interfaces can get you charged with "trespassing on a government network", a felony for most American citizens. If you're actually dumb enough to try and register a domain, that "trespassing" turns into illegal access, and the penalties go WAY up. These people do NOT play around, they WILL turn the IP's over to the FBI, and if they get annoyed enough, you could easily find yourself cuffed and stuffed (they probably wouldn't charge you, but an embarrasing arrest at work or at school, coupled with an overnight visit to the nearest federal holding facility and some intensive questioning are NOT something you want to experience).

I know curiosity can be great, but leavitalone!

Re:I pitty the poor idiot who actually uses that !

[norculf]

That is a lot of people to arrest. Do you think they will come after every slashdog reader who typed in "crimsonjihad.mil" and pressed submit?

Re:I pitty the poor idiot who actually uses that !

[BrianH]

No, but you can bet they'd log the IP's and ID everyone who did (you'll have your very own file in the Homeland Defense offices). After that, they might pick up a handful of people randomly and prosecute them "to set an example". After so many recent high profile attacks against military web targets, the Pentagon is out to get anyone who touches their networks and even smells like a hacker right now. Even if thousands of people use the forms or admin interface, both the military and the FBI have the resources to track and ID each and every one. I'm not sure that they could get a conviction, but even without one they could seriously screw with your life.

In a related story...

[NOT-2-QUICK]

The secret government TLD .bush was recently discover by a small group of drunken frat boys while searching for new free prOn sites...

Early reports indicated that Jenna was involved, but this has to be corroborated! :-)

n2q

Re:In a related story...

[JohnFluxx]

I was searching for porn, "bush" wouldn't be the first word to pop into my head..

Re:In a related story...

[kasperd]

I was searching for porn, "bush" wouldn't be the first word to pop into my head..

Clinton?

Re:In a related story...

[SoSueMe]

There's a difference between "pornographic" and "obscene".

ya, but is it worth the risk?

[LinuxPunk]

Unless your good at covering your tracks, and use lotsa proxy servers in the process, is it really worth the risk of going to jail for 5+ years for unauthorized use of a military computer system to register a domain name??

BTW, this story is old, i read it yesterday. :P, and yes i do know the URL for registering these domains, even though it doesnt say in the article.

Your Government At Work

[GabrielF]

IIRC a few years ago the Chinese were caught buying up surplus military equipment including replacement parts for Apache helicopters and hard drives containing sensitive nuclear data. Admittedly with such a huge organization carelessness is to be expected, especially since these guys are overworked and underpaid, but I do wish that the government would stop encouraging average americans to be paranoid when they constantly drop the ball themselves.

I'd like to see...

[Sentry21]

Perhaps this story would be best posted at the rumour.mil?

Come on, that was funny!

Oh well..

--Dan

How long before Google is sued?

[jdreed1024]

For those who didn't RTFA, one of the points of the article is not only are there unprotected admin interfaces that let you register your own domain (that's what they're talking about - you still can't register .mil through register.com or anything), add a user, and view traffic stats on DoD sites (even "hidden" ones), but that all these pages (including default passwords) are cached by Google.

This implies that even if the DoD fixes the problem, the Google caches will still be available (until they expire or are replaced). Now, in the past, we've heard reports of people being upset that Google cached information. However, this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache? Will Google be told that cacheing links is now illegal because it could aid terrorists? Will they be prevented from cacheing .gov and .mil? Will Google be sued out of existence?

We've all found Google caches to be useful, when, say the documentation for an open source project is hosted via 56K modem line in the Czech Republic, for example, or even when a site is Slashdotted, but it'll be interesting to see what happens about this, and how the goverment may over-react.

(Note, if you're too stupid to understand this, I'm not talking about blame here - don't bother saying "Google rulez, the militery is dum asses for leeving these sitez open, u r an idiot...". I'm talking about reprocussions. Certainly Google doesn't "know" what information a link contains when they cache it. Certainly it's the government's fault for leaving open admin pages with default passwords listed on the page. But just because someone isn't at fault, doesn't mean they can't get screwed over.)

Re:How long before Google is sued?

[vericgar]

http://www.google.com/webmasters/3.html#B2 Google has in place functionality to not cache a page, and has had this for a long time. The fault here is with the DoD. They need to learn some security.

Re:How long before Google is sued?

[leprkan]

I don't think they will prevent the cacheing of .gov sites considering this: Google Search: .

Re:How long before Google is sued?

[ReadParse]

"National security" is not a new buzzword. "Homeland defense" is a new buzzword, but "national security" has origins much older than 9/1/01 -- at least as far back as the beginning of the cold war.

Good point in general, though. Seems like the maintainer of a website should have the ability to remove content from said website, in the event that it turns out to not be true, to be libelous, dangerous, or any number of other things. I've always thought a Google feature to purge specific pages from the cache would be a good idea, but the implementation of that would be tricky.

One of the biggest problems with this is how to ensure that the requestor is authorized to speak for the website? A good first thought is to coordinate with the e-mail addresses in the whois record for the domain, but of course any domain can have any number of separate websites managed by different people.

Let me think aloud for a moment... we know that Google looks for a robots.txt file before indexing a site. Let's say that a field were added to the robots.txt file that identifies a specific PGP key that is authorized to perform such actions. Not specific to Google, of course... this would be the e-mail address that speaks for the site in any number of ways. Something as simple as:

MaintainerKey: 9AB3250D

I don't know a whole LOT about PGP, but I think I know that each public key has a hex identifier (mine is above) that uniquely identifies it and allows others to request it from a keyserver.

When an e-mail formatted in a specific format (at the discretion of Google and other individual publishers of course) comes in, the public key can be retrieved and the signature of the e-mail validated, and they at least know that the sender is authorized by the site to speak for it. Action from this point forward would be at the discretion of Google, but this is at least a potential TECHNICAL solution to the problem of access.

Then there's the matter of public key revocation and expiration. Perhaps it's a better idea to have an e-mail address is the robots.txt file and to accept e-mail from that address provided that the current PGP public key is used to sign the message.

Again, just thinking out loud...

Re:How long before Google is sued?

[dr.badass]

I wonder, what will happen? Will these URLs be silently deleted from the cache?

Yup. Google even has a nice handy web interface

"If you believe your request is urgent".
(Rather than waiting for the GoogleBot to re-spider the site.)

I think it's a bit of an overreaction to think that somehow Google will get sued due to something that is overwhelmingly a government webmaster's mistake, and something so easily remedied.

Re:How long before Google is sued?

[sir_cello]

I don't think that Google can be considered liable here. Google honours the Robots Exclusion Protocol: and this protocol is so well known and defined as a standard, that any website owner who failed to use it would be considered negligent. What I mean to say is, that if any website owner claimed that its content was in Google when it shouldn't be, then Google could use the defence that the global web community has a well known standard at its availability to use to prevent its content from being indexed or cached, and if a website owner fails to implement the protocol, then the website owner get the default behaviour: index and caching.

Re:How long before Google is sued?

[mtnharo]

One would think that once the proper security measures are put in place, even if someone looks at the Google cache, none of the scripts, links or data on those pages would be reachable without proper authentication. I didn't go look at them myself (Rather not get kicked out of school for "Hacking the Army"), but it sounds like the pages in question searched and registered data remotely from the Dod servers. So even if the forms are still in the cache, they would at least require authentication to use once the real sites are properly locked down. This is absolutely the DoD's fault for leaving these sites open.

On a side note, anyone take the time to have a look at what they are running these sites on?

Re:How long before Google is sued?

[Mike1024]

Hey,

this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache?

I'm guessing they'll follow the clear, easy-to-use instructions here, and hide/edit/erase the page on thier servers, then use this tool to get the googlebot to spider the page again, overwriting the current cached copy.

That would seem the sensible option to me, anyway.

Michael

Re:How long before Google is sued?

[Buzz_Litebeer]

Actually Homeland Defence was used by hitler, so its not new either.

Re:How long before Google is sued?

[jjon]

Google already has a way to get cached pages removed. You just add a new robots.txt page denying access to the page, then enter the URL on Google's website.

I don't know a whole LOT about PGP, but I think I know that each public key has a hex identifier (mine is above) that uniquely identifies it and allows others to request it from a keyserver.

Yep, but it's possible for somebody to create a key with the same identifier. For this, you'd want to use the key fingerprint, which is shorter and is practically impossible to clone. But just changing the robots.txt file to the value it should have had in the first place is easier.

Re:How long before Google is sued?

[dousette]

From http://www.google.com/help/features.html: "The "Cached" link will be missing for sites that have not been indexed, as well as for sites whose owners have requested we not cache their content."

Also, putting headers on your page like these might work, too:

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="0">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">

But probably the best way would be to just not cache .mil or .gov sites, just in case.

Re:How long before Google is sued?

[aengblom]

Will these URLs be silently deleted from the cache?

Yes, read Google's FAQ #2

Insert: [META NAME="ROBOTS" CONTENT="NOARCHIVE"] into the head of the page.

and "If you want the change to take effect sooner than this, the site owner must contact us and request immediate removal of archived content."

Re:How long before Google is sued?

[chiph]

What will be more interesting is in what manner the .mil admins will request the cached pages to be dropped. From Google's webmaster page, it sounds like a simple e-mail request will be sufficient. However, going by recent events in the web world, a cease & desist letter is more likely.

{Sigh} An excess of lawyers is a sign of the forthcoming end of civility.

Chip H.

Re:How long before Google is sued?

[McCrapDeluxe]

A simple idea: just have the maintainer either add a comment to the page such as and then go to a page on Google which reads that page and then deletes all the cached versions.

Re:How long before Google is sued?

[Mournblade]

I would imagine that Google would delete the "offending" pages from their cache when presented with a request by the DOD to do so.

Re:How long before Google is sued?

[skipscum]

> I've always thought a Google feature to purge specific pages from the cache would be a good idea, but the implementation of that would be tricky.

An easy way for a owner of a site to do this could be for the maintainer of the site to change the contents of robots.txt and then to send a request to Google to rescan their robots.txt and to act on the new file instead of the old one.

This would negate the need for any need for an e-mail request to google to be authenticated as only the maintainer of the site would be able to change the robots.txt file.

Aaahh

I found this without having to click on this

Re:Aaahh

And this is the domain registration link.

Won't work without a .mil email address, though.

Re:Aaahh

This too, for reserving your very own netblock.

Re:Aaahh

[Big+Mark]

From the ftp link they gave. You need this info to register:

H2B. Sponsoring Agency..........:

Indicate the Service, Unified or Specified Command, DoD operating
Agency, or non-DoD Agency of the US government that you are affiliated
with. (for a valid list of agencies, please refer to the
service-agencies.txt located in the netinfo directory).

Example: AF

Ah. So you can't get one if you're not a serviceman. No story, methinks.

-Mark

Re:Aaahh

[xintegerx]

Wow, I didn't believe it was there!

I found references to http://www.nic.mil/cgi-bin/whois on google. I was debating on trying /admin and etc instead, but didn't :)

Instead, I searched for

admin http://www.nic.mil

on Google, to verify the news. I ended up clicking on a web site that shows beginning web masters useful resources.

From there, I went to the site one level above, and from there clicked a link to view a document about standard run of the mill no big whoop procedures about webmastering (pretty useful if you want to be a contractor or write software and have it comply, I assume.)

BTW the security notice on this document is a link to army.mil's privacy policy, which says:

Information presented on Army Home Page is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested.

Anyway, on this document I was just describing, click the second link to the defenselink webmasters area.

There (which is also public according to their stated policy) you can click on "Domain Registration in the .mil domain" and see this
http://www.nic.mil/ftp/mgt/bul-9605.txt

These are just public info resources. army.mil's security policy says if you try to upload or change stuff, that's what they care about.

Re:Aaahh

[skermit]

HO-LY CRAP

"Delete an existing host"???

Some 14-year-old is going to get arrested for taking down af.mil, army.mil, navy.mil, ad nauseum ad infinitum...

Geez. Shouldn't Homeland Security be bitchslapping our own agencies around as well as chasing bad guys?

Re:Aaahh

[root(at)jdm]

It works just fine without a .mil address. At the end of the registration process it has a check box you can check if you don't have a working .mil address. 6-B: If you do not have a working e-mail address (due to various network problems, or because its creation depends on this registration), you may indicate so by toggling the checkbox below.

Re:Aaahh

[afree87]

OK, who wants to rev up the Anonymizer and register peace.mil? :)

Re:Aaahh

[ShdwFear]

Well lets just put it this way for those of us in the know, this is pathetic, this interface was around back in the days of the 2600 competition for 2600.mil I should I used it and talked to an administrator after submitting it, and it has probably been around much longer and will be around much longer than that, Summary: nothing new here move along

Re:Aaahh

And then from there, it does...
NOTHING.
It gives you a text template which you are intended to then mail in.

This is not a story.

Re:Aaahh

[ShdwFear]

http://nic.mil/cgi-bin/cs
http://nic.mil/cgi-bin/ domain
http://nic.mil/cgi-bin/ip-num
http://nic. mil/cgi-bin/occ
http://nic.mil/cgi-bin/asn
http: //nic.mil/cgi-bin/xtac
http://nic.mil/cgi-bin/rou ter
http://nic.mil/cgi-bin/host

other toys
http://frwebgate.access.gpo.gov/cgi-bin/usef tp.cgi ?IPaddress=162.140.64.88&filename=he99027.txt&dire ctory=/diskb/wais/data/gao

http://boulder.noaa.gov/noc/nhcexit.txt

Re:Aaahh

[j3ss]

The people who run Anonymizer will give up their logs to any law enforcement agency if asked to do so. Anonymizer is good for hiding your tracks from other netizens but I wouldn't trust it for anything illegal.

Re:Aaahh

[GMontag]

Oh PALEEEEEEZE! LOL!

AF.mil does not count, we are only talking about the real military here.

Re:Aaahh

[JWSmythe]

Anyone with a decent sized pay site only needs to check their web server logs.. The script kiddies that try to crack passwords are great for supplying me with an endless supply of anonymous web proxies. :)

Re:Aaahh

[circusnews]

For those without email they recomend that you use this template

41 minutes...

[turbosaab]

... is my bet on how long it will take for someone to post the link. Anyone want to bet how much jail time they'll get?

Re:41 minutes...

For posting directions to a publicly available, unprotected resource?

None whatsoever of course!

Re:41 minutes...

[kasperd]

Anyone want to bet how much jail time they'll get?

Anyone want to bet whether the military can find the offender? Oh, they can probably find which country it was done from. Does anybody want to call the responsible person a terrorist and start a war against the country?

Re:41 minutes...

[mchappee]

> Anyone want to bet how much jail time they'll get?

Probably none at all. This seems like one of those special "extra-constitutional" areas where someone just disappears and winds up in Git-Mo (Guantanamo Bay). Perhaps "volunteering" their time being chased through the jungle with sensors attached so that 'American Army II' will be even more realistic. :-)

You think that NataliePortman.mil is funny, wait till you see 270 pounds of 5'8" nerd huffing and puffing his way through the jungles of Cuba with the Marines in hot pursuit. :-) That would be great.

Matthew

Re:41 minutes...

[carlos_avdas]

My country is allied with the US....

clever

allyourbase.mil

??

But, but.. the RFC says...

[Ndr_Amigo]

This depends on whether they follow the .mil registration RFC (1956) - if not, then that's what you get for violating RFCs! Just having access to an admin interface does not imply it's automatic. All registrations should still have to be accepted by the hostmaster first. As the RFC says, security implications are not discussed :)

Re:But, but.. the RFC says...

[xintegerx]

http://www.nic.mil/ftp/mgt/bul-9605.txt

That's the memorandum

Perfect...

[SoSueMe]

Perfect for SlashDot... "Rumor.mil"

here it is...

link

Re:here it is...

From the site, before it gets taken down...

Please complete the information below then click the SUBMIT button to send this request to the proper office. If you are not a DOD Employee you must complete the Non-DOD Employee section. If you are requesting access other than QUERY ONLY you must notify your Contracting Officer or Government Sponsor so they can obtain and send verification of access level authorized by the appropriate Functional Data Administrator or Component Data Administrator to the Help Desk. Once received by the DDDS Help Desk your request will be processed and you will be sent via Email, Telephone or mail a USERID which you will use to logon to the DDDS. The first time you logon you will be required to enter a password.

If you do not receive your userid within a few days please contact the DDDS Help Desk. We have been experiencing problems that we do not always get the online submissions. You may be requested to please print this request form and fax it to the Help Desk for processing.

Also, please be sure that if you fill and print this page that the printout is legible. Many applications that are faxed can not be read thus slowing the process of getting an id.

Karma Whoring is gay, that's why this is A/C. Plus I'm outside the US, they can't touch me. Oh waitasec...

Re:here it is...

[Charles+Dodgeson]

The site certainly allows anyone to fill out the form. But it gives the distinct impression that all submitted requests are processed by a human. So until I see something like "rumor.mil" registered, I'm not convinced that this is as wide open as the original article suggests.

And, no. I'm not going to be the one to try it.

Re:here it is...

[commodoresloat]

Plus I'm outside the US, they can't touch me.

We don't have to. We'll simply send an unmanned drone plane to shoot missiles up your ass.

How to bring down...

[Big+Mark]

... the U.S. Government's DNS servers:

1) Register slashdot.mil
2)Point /. to there
3)BANG!

-Mark

interesting

[linuxislandsucks]

slashdot.mil
kevinmitnick.mil
2600.mil
fuckedco mpany.mil
bushisanidiot.mil
ashcroftisan ass.mil

This just in

[DoctorFrog]

The Department of Homeland Security will now be starting a file on anyone who uses Google.

DARPA will be settting up a special project to coordinate the information. In keeping with its hiring policies the Bush administartion will give the post to a senior military official from a prior administration.

Oh wait...

Here is the access list

http://www.nic.mil/visitors.txt and http://www.nic.mil/help

Re:Here is the access list

[Mish]

Out of all the 'links' that have been posted in the comments of this article this one is the scariest.

Open access to a list of IP addresses of .mil workstations or at least proxies...

Re:Here is the access list

[joshuac]

and what is _really_ scary is looking at the this list, it looks like plenty of admins have been accessing this system from home; the log dates back to 1-jan-2002. If you are a lazy cracker, grep for all the lines with "DSL" in them, and probably 80-90% of those hosts are home workstations of military sysadmins of one type or another. If they are dumb enough to leave logfiles of users accessing a server used for military network administration open to the public, imagine what their home computers are like...

What's even more depressing is that it looks like some of these guys use AOL...

Gives new meaning to...

[madgeorge]

Total Information Awareness, now doesn't it?

-madgeorge

I'm not so sure about this.

[Eideteker]

Do you think it could be a trap? Given the gov't's of-late interest in total information, they just got a whole list of names for their file.

Want more info...try RFC 1956...

[NOT-2-QUICK]

At least the DOD has been kind enough to post best practices for registering your new .mil domain name through the use of a standard format...

For more info, help yourself to RFC 1956

n2q

hmm

[rask22]

I also found this

Oh great

[LordDartan]

Now with all the linking on slashdot to .mil sites, I can see the military thinking it's a huge DDOS terrorist attack!

Now repeat after me...I will not slashdot military websites...:)

ooo ooo!

[zephc]

i waana get SGC.mil!

(Yes, I'm a Stargate fan.)

Great, piss off the DOD

[nurb432]

Then have their agents visit you at your house tomorrow, and haul you away under the patriot act..

Not my idea of a fun weekend, trying to explain to a guy with an M16 why he shouldn't shoot me.

Technically anyone that even reports the mistake to the *public* is potentially violating it. And irresponsible in this case, we aren't talking about some cutesy harmless web defacing, this is the US government defense department.. Morons.

The good part of the DMCA will save them

[Jerf]

The DMCA partially protects Google in their caching. I say "partially" because a close reading of the bill shows that it is debatable whether or not they qualify for the caching provisions, but after a while they should have a certain amount of de facto protection, I would hope.

In addition to their compliance with the DMCA notification, they also provide a help page and automated removal system for the desparate. (See the last section of the page for the DMCA notification instructions, which involve physical letters and legal affirmation of ownership.)

Note that this is the "good" provision of the DMCA, preventing people from being liable for content they merely cache, not actively provide.

Since in this country the military isn't above the law, they'd still have a hard time finding something illegal that Google did. They don't have the luxury of simply not liking someone, like in some countries. If they don't want to be cached, the law says it is their obligation to opt-out, not Google's.

Whoever creating the registration app was an MCSE

[Hero+Zzyzzx]

And creating it was part of his exam.

That's my guess, anyway. My feeling is that most *nix folks COULDN'T create anything than insecure intentionally, ever fibers of our being would scream in complaint.

Perfect for........

[failedlogic]

The arms dealers who didn't want to advertise much before. Now they can claim to be a department of the US military.

Now that whitehouse.com is a porn site, will pentagon.mil, cia.mil and nsa.mil become porn sites as well?

Re:A superbly awesome idea

[KDan]

Or rather...

in.soviet.russia.mil.registers.you.mil

Daniel

to late...

[the_mind_]

i was going to register blackop.mil but it was already taken...

For fresh ground pepper...

[Vidiot3k]

go to pepper.mil ... Spicy!

Patriotic Honeypots

[Unfallen]

How long til the .mil and the .gov and the rest realise that spoofed sites like these could be a fantastic tool in capturing possible IPs of those stupid enough to actually try to use them. Even if you chained through a string of proxies to register the domain, it'd still be useless without somewhere to point it at.

Editing *.mil* domains through a *logged* cgi form on a *.mil* server. Hello, no, I don't think so, thankyouverymuch. Might as well just a T-Shirt saying "got root?" or something... ;)

Re:Patriotic Honeypots

[Midnight+Thunder]

How long til the .mil and the .gov and the rest realise that spoofed sites like these could be a fantastic tool in capturing possible IPs of those stupid enough to actually try to use them.

If the posts, here on /., are anything to go by, then they will probably end up having range of IP addresses covering the globe, which would probably be a waste of resources trying to see who these people are. A would guess the larger percentage of crackers are akin to the person who tries to get two papers instead of one, from those vending machines, because they are curious to see if it is that easy.

Don't do it...

[fmaxwell]

I went to that link and it requires that you indicate a sponsoring agency. Since none of us have one, registering a domain would require entering false information into a DoD computer in order to gain unauthorized access. That is just a very bad idea.

While it might be funny to register al-qaeda.mil, grain.mil, or saddam.mil, you don't want to find yourself occupying Kevin Mitnick's old cell. The Department of Defense is not renowned for their lighthearted sense of humor and fun. They may very well decide to make an example of someone. Or they might just decide to hold someone for months or years prior to even filing charges.

It's not worth risking your freedom and your future livelihood for a prank.

Re:Don't do it...

[GMontag]

The Department of Defense is not renowned for their lighthearted sense of humor and fun.

Oh come on! Look at the Osprey(sp?) aircraft or the M-60A2 tank . . .

Re:Don't do it...

[fmaxwell]

Ahhhh. the land of the free.... sailing into NY harbour....the statue of liberty......freedom of speech......guantanamo bay......

We don't have freedom to commit illegal acts and computer fraud and abuse falls into that category. It is a crime and, unfortunately, the punishment does not always fit the crime (e.g., 3-strikes laws, Kevin Mitnick, etc.).

Re:Don't do it...

[Patrick13]

If they are going to punish someone, it should be the .mil nic admins.

No harm is going to come to the military if someone spoofs their system somehow and registers gaysex.mil and sends it goatse.cx or some other juvenile prank.

If a spoofed site actually got up (no pun intended) the admins can delete the domain in 5 seconds.

However, if they want to make examples of someone its not going to be some 14-year-old who used linux-on-an-xbox to hack their facile domain registration template, its going to be the gatekeepers who had their trousers around their ankles, and their heads in the gaping anus of the goatsecx guy.

Re:Don't do it...

[Idarubicin]

I went to that link and it requires that you indicate a sponsoring agency. Since none of us have one, registering a domain would require entering false information into a DoD computer in order to gain unauthorized access. That is just a very bad idea.

You could get away with it if you happen to be reading /. from a country that (a) doesn't have an extradition treaty with the United States or (b) doesn't extradite people who do things that are secretly amusing to members of your own government.

That said, I agree that Joe Sixpack from Detroit probably shouldn't register his own .mil domain.

Re:Don't do it...

[fmaxwell]

If they are going to punish someone, it should be the .mil nic admins.

An interesting theory, but not one that is likely to prevail in court. While there is no clear law against making an insecure web site, there are laws against "computer fraud and abuse."

Re:Don't do it...

[fmaxwell]

You could get away with it if you happen to be reading /. from a country that (a) doesn't have an extradition treaty with the United States or (b) doesn't extradite people who do things that are secretly amusing to members of your own government.

No, you might get away with it. The U.S. government can put a tremendous amount of pressure on a country and extradition without a treaty is clearly within the realm of possibility.

Re:Don't do it...

[martin-boundary]

You could also be labeled a terrorist, in which case the US government only needs to find out your address and send a rocket through your window.

Address

[AirLace]

The URL is http://sites.defenselink.mil/

It hasn't been possible to add new domains or run queries since Friday, so don't even bother.

Re:Address

The above comment is the only correct one I've seen so far. nic.mil is obviously a standard mail form template, and submissions are reviewed by a human. sites.defenselink.com on the other hand, is a custom app to manage the domains. It also fits the description of adding a new user without authenticating, as described in the story.

http://sites.defenselink.mil/
http://sites.defenselink.mil/servlet/DataEntry
http://sites.defenselink.mil/servlet/DataEntry/add user

BTW, I found this independantly by searching for '"add user" site:.mil'.

There must be more to it...

[Sajarak]

I'll leave it as an exercise to the reader to verify this, but chances are that any request for a new domain gets reviewed by a real person somewhere down the line before it is added into their DNS. Given that, the chances of getting www.iloveosama.mil would be substantially lower.

Since Slashdot if a Pussy-land...

[Q+Who]

I did the process at the .mil NIC site.

After you fill all the forms, there's:

PAY ATTENTION!

This online program makes no changes to the WHOIS database.

The scope of this online program is to send the template to the e-mail address entered in the field below.

Once you receive the completed template, you must forward it to the appropriate point of contact for action.

The NIC will not process any templates until it receives this template (by email) from the domain administrator or service PMO.

So you are essentially filling a template, which you can do by hand as well, following the instructions here.

It lets you retrieve POC by a handle though. I don't know the access level of this information in USA, but this is quite odd, since it seems that the handles are assigned by initials, and are of progressively increasing length.

I also wonder where does this interface gets that data from... There's a DB somewhere, and it can be probably hacked via this interface.

Re:Since Slashdot if a Pussy-land...

[commodoresloat]

I did the process at the .mil NIC site [nic.mil].

How are you enjoying your new suite at the Guantanamo Bay Hilton?

Re:Since Slashdot if a Pussy-land...

[commodoresloat]

Anything else would be ridiculous.

True. Almost as ridiculous as detaining American citizens at a military base on a hostile island without declaring the charges against them, and claiming that they are covered neither by domestic laws nor by the laws of war. What's next, shooting American citizens from unmanned planes? Oh, wait....

How about...

[rastachops]

... freespeech.mil

Because after all these AC posts it really does seem that in "the land of freedom" there in fact is very little freedom. Just because someone is finding holes, its best to air them rather than have them go unoticed by the owners. Thats what many people who report bugs say...

and im sure people wouldnt care one jot if it was say, India's Military site or something.

My new domain

[Jim+the+Bad]

I'm going to pop over right now and register dark.satanic.mil :)

Re:Of course...

[killthiskid]

Don't get to excited:

Also Important!

In order to use this online registration utility, you MUST have a WORKING e-mail address located on the NIPRNET.

If you do not have an e-mail address, you should use the plain-text templates available by FTP

Of course, not wanting to be labelled a combatent, that's as far as I went.

starfleet.mil (for the trekkies)

[margaret]

starfleet.mil (for the trekkies)

Re:Whoever creating the registration app was an MC

[Embrionic]

Lame post detected.
Keyword: MCSE

OT: Re:This just in

[DoctorFrog]

Gee, a knee-jerk reaction when I wasn't even trying... maybe I should take up trolling as a hobby. I never said a mumblin' word about Republicans, Democrats or any other political party being any better or worse than any other.

The fact is, the current Bush administration is quite a bit more obvious in its cronyism than most, simply because we've actually seen most of the faces before; usually it's an unfamiliar set of cronies that comes in with a new President.

I find that amusing, that's all. This administration isn't filling me with a lot of joy in other respects, so please don't begrudge me that. Oh, and wash your mouth out with soap, preferably lye.

How about

[Kinlan]

Wind.mil

The Address: honeypot.mil

[Myriad]

If you are having trouble finding the admin URL, you can find it at: http:// honeypot.mil

If it's not there, it will be shortly...

Re:future livelihood?

[fmaxwell]

wow. what a shitty country you live in.

So tell me, in your country, is breaking in to government military computers legal? If so, in what country do you live?

Smart move

[Ungrounded+Lightning]

No, I didn't go poking around.

Smart move.

Can you say "honeypot"? I KNEW you could.

Just call 'em up!

[MediaBoy77]

From http://www.nic.mil/dodnic/:

NIC Help Desk:

1-800-365-3642
1-703-676-1051

Lose your +2?

[schlach]

I'm responding to your sig.

Ok, so the new way of doing things is that instead of adding a point to your comment's overall score when you post with your karma bonus, your comment is posted at 1 with a separate "karma_bonus=yes|no" variable. Thereafter, users can specify how much weight to assign to the karma bonus on their preferences page. This was 0 when the editors quietly rolled in the changes without telling anyone (why so sneaky?), but has since been changed to '+1' by default, to by default be the same as the old way.

So, your comment that got 3 good moderations is scored at 4/1. Users who have a '+1' modifier to karma bonus will see this comment at 5, whereas users with a '0' karma modifier will see it at 4, and users with (for whatever reason) a '-6' modifier will see it at -2. If such a thing were possible.

Unfortunately, I see this as making it unlikely that comments posted with a karma bonus will ever be modded up to 5, since most moderators will be viewing with a karma bonus and see that the comment is already scored at 5, and that it therefore cannot be modded up further.

I'm going to say that the way this was changed was disgraceful. There is no reason not to maintain a place on slashdot indicating how the code is being changed. I have relied on CmdrTaco's journal to inform me of changes, but in this case it was silent, and after thinking about it further, it's still a crappy way of running things.

It all goes back to the difference between slashdot as community and slashdot as business. As a business, sure, slashdot can do whatever the hell it wants, who am I to lecture, blah blah blah. But as a community, changing things in profound ways without approval, comment, or even notification is bastardly. And slashdot as a business would do well to perceive its dimensions as a community.

Re:Lose your +2?

[SN74S181]

Well, I for one always turn off my karma bonus when I enter a comment, because I figure if what I say is important enough someone will mark it up.

Also, I have it set up not to display karma when I read comments.

I'm sorry, but it seems rather juvenile, even pathetically so, to obsess so much about what 'score' your comment gets.

Re:Lose your +2?

[schlach]

I'm sorry, but it seems rather juvenile, even pathetically so, to obsess so much about what 'score' your comment gets.

Only if you assume that everyone reads at -1, which I guarantee you, we don't. What score your comment is determines who reads it, which determines who responds to it. If you have something worth saying (which remains to be seen), then you should care whether anyone reads it, or whether anyone replies to it. Otherwise, you might as well just say it on your webpage.

(haha sorry to dig, I figured you were fishing for it tho, what with the "pathetically juvenile" crack)

Besides, you missed my point. I'm concerned the way changes are rolled in to our community. The editors own the code, not the community, yet the community is profitable, not the code. This would dictate a logical course of action, but is still unheeded.

Incidentally, I'm not posting this reply with a karma bonus, because I don't think it would be interesting to everyone, only you and anyone who read your comment. Maybe. Which I think is the best way that the karma bonus can be applied. Don't shun it - use it responsibly. My parent comment got modded up 4 times so far, so obviously it was worthy of using my karma bonus.

Here is the one for .GOV/.US

[UnifiedTechs]

https://www.nic.gov/register/register_domain.html/

Just like .mil it looks like all you are doing is submiting a request, it's not an automatic thing. I have looked through the whole site and unless I missed something I saw no admin data.I am still looking, I do invite someone to show me what I missed though

AND!!!

[NilObject]

They even give you instructions *and* a sample form to follow! How convinient.

http://www.nic.mil/ftp/templates/domain-template.t xt

Re:AND!!!

[NilObject]

*sigh*

"convenient" not con-vinnie-ent

How pureile of me...

It looks like a reputation attack

[Zeinfeld]

Don't get to excited:

It looks to me like it is a reputation attack. Its not enough for these systems to be secure they have to be seen to be secure.

A while back when I was security consultant to a certain well known federal site we had a bunch of Russian hackers claim that they had done a DDos on the site. In fact the claim was completely untrue, the site was down because a router had gone out. But the hackers managed to get their claim into wired.

It is like when there is a terrorist outrage and seventeen organizations claim responsibility.

Summary

[JWSmythe]

Here's a summary of the proposed domains. :)

If you want to know who submitted it, read through the comments again.

Enjoy!

Al-Queda.mil
runofthe.mil
General.mil (cereal)
Cara.mil (caramel)
Rumor.mil (which would be slashdot.org.. hehe)
rastafarian.mil
peace.mil
Piece.mil ("as I find well toned and armed women hot")
starfleet.mil
diploma.mil
peace.in.our.ti me.mil
gin.mil
pointlessdeath.mil
2600.mil
Nat aliePortman.mil
runofthe.mil
slashdot.mil
allyo urbase.mil
IN-SOVIET-RUSSIA-we-practice-better-in ternet-secur ity-than-lazy-capitalist-pigs.mil
in.soviet.russi a.mil.registers.you.mil
slashdot.mil
kevinmitnic k.mil
2600.mil
fuckedcompany.mil
bushisanidiot. mil
ashcroftisan ass.mil
sgc.mil
weoverthrewiran.mil
weoverthrew guatemala.mil
weassinatevietnamese.mil
wekillciv iliansinasia.mil
wesupportcoupinchile.mi
wesuppo rtmilitartyinemsavabor.mil
wetrainedosama.mil
we supportcontras.mil
wegavesaddammoney.mil
wegavei raqweapons.mil
weoverthrewpanama.mil
webombaspir infactories.mil
"noches.mil" (Thousand nigths)
"dos.mil" (Two thousand)
blackop.mil
pepper.mil
paper.mil
dar k.satanic.mil
deathstar.mil (for dvader@deathstar.mil)
milf.mil
Wind.mil
honeypo t.mil

Quick

[LooseChanj]

Someone register peace.mil

Strategic Arms Limitsation Talks...

[hardcode]

salt.mil

Good Citizen

[Jouster]

I spoke to a lady at the NIC Help Desk (linked from here). She gave me the number for the security response team; I contacted them.

A lady answered the phone and told me that they were aware of the problem and looking into it.

Jouster

for the poor spellers in all of us

[prockcore]

youve-got.mil

Re:for the poor spellers in all of us

[Ziviyr]

"got.mil?"

Go dairy products!!!

more .mil

[yalla]

illuminati.mil
allyourbase.mil
borg.mil

Alex.

Anyone else see the CNN special last night?

[Slack3r78]

slightly OT but along the same lines, but did anyone else happen to catch the 10 min or so segment CNN did on "information warfare" during yet another War on Iraq show last night?

I have to admit, I was pretty amused that from a glance at the monitors they let CNN tape, you could that the machines were all running Win 95. And the army rep did everything short of wave his arms in the air in a mystical manner while showing off the army's (again, Win9x, GUI based) port scanner to the interviewer.

The register article and this CNN piece help me sleep easier at night, knowing that our military has such 1337 h4x0r5 working for them...

Argh

[zapfie]

... find "secret" domains that aren't publically known (the gov't uses security through obscurity?)

Grr. Security through obscurity is NOT A BAD THING. It is only a bad thing if it is the ONLY security measure you have, or if you are heavily relying on it. But as an added security measure on top of a solid system, there is nothing wrong with that.

The RSPCA digs in ...

[krumms]

ana.mil

All security is through obscurity, on the internet

[Cranx]

Obscurity is all we have. When you obfuscate the truth of something, as long as it is done to a degree that the truth itself cannot be interpolated directly, that's generally good enough. The strength of the obfuscation then lies in how difficult it is to "guess" at the truth, but when you guess correctly, the truth will make itself known.

If I make a password for a system, the password exists to allow me entrance to the system, and if I reveal it to others, they will be able to enter the system. The password must be made of keystrokes, so the possibilities are finite...but the number of them is so large that it is, for all intents and purposes, completely unavailable to most people. The password is merely obscure, but to a highly effective degree of obscurity. The possible combinations seem infinite, but they are not. You could guess at the password and, eventually, gain access to the system.

The mathematics of encryption, public and private, is also merely obfuscation. The number of "guesses" you must make to gain entrance is often extremely high, and that makes it strong...but guess correctly and, voila, the encryption is made null and void. It is still "security through obscurity." In public key encryption you are given a clue, a smoky look at the private key. You may make guesses at what the private key is and, if you guess correctly using your clue, you will be rewarded with the truth of it.

In the physical world, you can augment your methods of obfuscation with physical deterrents, such as placing data within iron safes, or placing armed guards at the entrance to the building housing the data. Most of the world's most secure places are protected physically in this way, with obscurity providing an extra measure of security. But on a place like the internet, you have no such luxury. All security on the internet is a form of obscurity. Therefore, all information for which there is any way to access it from a remote location is subject to compromise to a degree that physical protection would not allow.

Interesting

[mu51c10rd]

I think what people fail to realize is that no .mil address contains classified or otherwise "cool" information. So you can find out what units exist in the military? I can do that by going to any bar near a base. Something about drunk service members make them very talkative. Considering all the antimilitary rhetoric I see in many of these posts, how many of you would really *want* a .mil domain? If you are against the concept of a military, it seems silly to want a domain that advertises for them merely by the suffix. On a side note (and a bit offtopic), I venture to say that the military is not at fault for political decisions, the politicians are. Blame the person, not the tool.

This is a great find.. .

[toker95]

For those who REALLY want a .MIL domain name... Having spent a good deal of time in the US Navy dealing with the fun of keeping seperated, classified and unclassified networks, I can tell you exactly how much of a threat this problem is, to national security.. None. At the very worst, as pointed out in earlier posts... slashdotting a public domain .mil site (like http://chinfo.navy.mil/) would only serve to seriously tick off servicemembers family's, and the average run of the mill PR guys for the navy. Classified servers, sites, and networks are encrypted before they ever touch the same cables as the internet. In many cases, they never DO touch the same cables, but.. Yes, alot of that -classified- traffic passes over the same lines as your average slashdot post, BUT... its highly encrypted before it ever gets there (encryption level and equipment obviously varied by classification level, some data doesn't even get to TOUCH a networked computer). As well, a LARGE portion of the .mil domain's are setup to ONLY see traffic from another authorized .mil network (usually managed by IP address's). If your .mil network needs access to see my network, as well as getting the usual userids and passwords, my net admins need to talk to yours, and put your 1.2.3.xxx address into our firewall. So, the threat here? The threat is really only to the fact that its completely possible to now have a bazillion "yourname.yourwebsite.mil" websites running around... And this wouldn't HURT anything persay, because most .mil websites are acronyms like "subhqnorva.navy.mil" (for Submarine Squadron Headquarters Norfolk Virginia). US Military bungle? Yes National Security Threat? Minimal... Do you really want a .mil domain? Gee, only if you want to cause unnecessary trouble for a government trying to prepare for war...

How about?

[whig]

youvegot.mil

Anti-SPCA Site?

[kentyman]

puppy.mil

dks.mil?

[bluethundr]

How long before members of the old leftist punk band grab the domains:

• deadkennedys.mil
• jellobiafra.mil
• klausflouride.mil
• eastbayray.mil
• dhpelligro.mil

???

seeind as how we are open these days...

[lordsid]

gaymen.mil

hmmm

[getitconnected]

OKay, I just wanna know one thing. If this is freely available online, do you really think that the government would come seek you out or that they would put potentially very secret documents right here on the web? I mean, they may not be the smartest, but they CAN think a little. Anyone?

North Korea?

[bluethundr]

Think North Korea will register kimjongil.mil just to piss off the Pentagon?

Who keeps modding me Off Topic??

[schlach]

Listen, it's not "off topic", it's just on a different topic. Relax. A lot of people are wondering why scoring is different now, I was one of them, I found out, I tried to share, other people decided that was worth modding up, so let it go. Until there's an article devoted to "Everything you always wanted to know about slash code changes last week, but we never told you", I'm afraid this is the only venue.

So relax. I'm not trying to subvert the discussion or anything with all this crazy scoring talk, I just figured it was something other people would be interested in. A few people agreed with me. What you're saying by modding me down is that you think other people wouldn't be interested, and I think you're doing them a disservice.

Let us hope metamoderation finds you swiftly.

Re:Who keeps modding me Off Topic??

[schlach]

...means far far fewer people actually see that post, and it sits forever marked as a troll or flamebait or offtopic.

You know, I used to think so, too, but every time I've ever been modded down (except for the parent post above) it's been because I made a joke at Micros~1's expense. =) I've had a joke get posted at 2, hit -1, and then go up to 5, where it stayed, twice in the same story. Probably the same damn moderators... anyway, I've never worried about something that gets unfairly burned not working its way back up, just comments that I think should have been scored higher / read more widely that died a lonely, neglected, silent death.

Every user with a login should be afforded the opportunity to fight against unfair mods.

And that's kind of the idea behind metamoderation. I know you wish you could right the wrong, rather than punishing the fiend, but if you metamoderate often enough, you'll find you almost always have mod points.

Keep track of my journal. I talked with Taco a bit this morning, and I'm going to post something either tonight or tomorrow about ways for the community to keep track of changes to the slashcode, as well as providing feedback to our benevolent Janitors. I think that the community, working together, can come up with some interesting ways to solve these problems.

YOU NEED TO READ

[getitconnected]

Okay. I talked to someone at DoD. The main idea was that anything you can access on here is not a secret. They have a public accessible area for you to look at.

Anything that they don't want you to look at will not be available to you. He also made a point to say that, "I would not recommend trying to 'hack' into the site." I decided to just say okay and bye. Hmmm, what will Slashdot throw at me next?

Re:YOU NEED TO READ

[elveu]

and i assume that they wanted to give people passwords to edit the sites and allow people to create new sites.

Re:YOU NEED TO READ

[getitconnected]

You are dumb. They didn't give out any passwords on the site. Nor did they have a place to create a password for it. :(

1600 Pennsylvania Ave, Wash.DC 20006

[billstewart]

My address for the subscription.

How long before A/C posts them CORRECTLY?

[billstewart]

Lots of answers were posted here :-) One of them sounded like he knew what he was doing, and said that the site had stopped working as of Friday, which suggests it may have been the correct one..

the cached

[Ford+Lincoln+Mercury]

http://216.239.57.100/search?q=cache:fbpd-4b2KmsC: sites.defenselink.mil/servlet/DataEntry+&hl=en&ie= UTF-8

It's good to look at but this is not a secret anymore. It's not like anyone is going to use it anyway

Re:speaking of mills:

[Hognoxious]

johnstuart.mil

Whos the moron?

[nurb432]

Not *read* the thread, but those who *act* should be picked up. As should those that printed the details.

We are not talking about some highschool prank, we are discussing something that is 100% illegal, and anyone that should attempt it should be tried for treason and executed.

If you cant understand that, or dont care, then get the hell out of my country as you dont belong here.