Slashdot Mirror
Register your own .mil Domain
JWSmythe writes " As reported in This Story at theregister.co.uk ,and on dailyrotten.com, it seems the US Department of Defense has dropped the ball. Not only can you register a .mil domain, but you can find "secret" domains that aren't publically known (the gov't uses security through obscurity?). I'm looking forward to hacker.mil, warez.mil, and porn.mil."
goatse.mil?
I wonder if Osama has Al-Queda.mil?
-- OMFG = Oh My Floatse Goatse
runofthe.mil
peace.mil
Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?
Mmmm....cereal.
I am from a small, grease-loving country in the north called Ca-na-da.
http://www.nic.mil/dodnic. No, I didn't go poking around. If you've got bigger balls than I, perhaps you can link to the supposed admin area...
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Mmmm... caramel.
This is a runofthe.mil story
Why is this just hitting Slashdot now?
As far as I know The Register broke the story, and nobody else has cited information that wasn't in The Register's article.
Does anyone have a screenshot of this site?
Go here to create your own Slashdot dis
Pretty cool... First person to get a .va (Vatican City State) domain gets my vote though.
Whoever is stupid enough to screw with the DOD is on their own . I remeber the letter of the cyber terrorism bill all too clearly . They'll be bustin down your front door and haulin you away like you are illian(sp?) gonzales on crack . Oh an mind you once they have you your rights are revoked as you are a terrorist . Boy after this incident I'll be watching as i drive through washington dc for a line of the idiots heads who tried out this vulnerability on pikes per Rumsfields orders .This is a bad time to be poking at americas security . Kinda like throwing rocks at a rabid junkyard dog while sittin in his dog house .
The secret government TLD .bush was recently discover by a small group of drunken frat boys while searching for new free prOn sites...
:-)
Early reports indicated that Jenna was involved, but this has to be corroborated!
n2q
Beer is proof that God loves us and wants us to be happy. -- Benjamin Franklin
Unless your good at covering your tracks, and use lotsa proxy servers in the process, is it really worth the risk of going to jail for 5+ years for unauthorized use of a military computer system to register a domain name??
:P, and yes i do know the URL for registering these domains, even though it doesnt say in the article.
BTW, this story is old, i read it yesterday.
IIRC a few years ago the Chinese were caught buying up surplus military equipment including replacement parts for Apache helicopters and hard drives containing sensitive nuclear data. Admittedly with such a huge organization carelessness is to be expected, especially since these guys are overworked and underpaid, but I do wish that the government would stop encouraging average americans to be paranoid when they constantly drop the ball themselves.
Maybe the air force does make it difficult. I've certainly seen some pretty tight networks myself, but that doesn't mean that everything is. And the subject in question is actually kind of a fringe subject that one might believe to be missed in security sweeps and such.
poliglut.org: they're still alive and fighting the man
Perhaps this story would be best posted at the rumour.mil?
Come on, that was funny!
Oh well..
--Dan
This implies that even if the DoD fixes the problem, the Google caches will still be available (until they expire or are replaced). Now, in the past, we've heard reports of people being upset that Google cached information. However, this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache? Will Google be told that cacheing links is now illegal because it could aid terrorists? Will they be prevented from cacheing .gov and .mil? Will Google be sued out of existence?
We've all found Google caches to be useful, when, say the documentation for an open source project is hosted via 56K modem line in the Czech Republic, for example, or even when a site is Slashdotted, but it'll be interesting to see what happens about this, and how the goverment may over-react.
(Note, if you're too stupid to understand this, I'm not talking about blame here - don't bother saying "Google rulez, the militery is dum asses for leeving these sitez open, u r an idiot...". I'm talking about reprocussions. Certainly Google doesn't "know" what information a link contains when they cache it. Certainly it's the government's fault for leaving open admin pages with default passwords listed on the page. But just because someone isn't at fault, doesn't mean they can't get screwed over.)
There is no sig, there is only Zuul.
I found this without having to click on this
allyourbase.mil
??
Perfect for SlashDot... "Rumor.mil"
link
... the U.S. Government's DNS servers:
/. to there
1) Register slashdot.mil
2)Point
3)BANG!
-Mark
DARPA will be settting up a special project to coordinate the information. In keeping with its hiring policies the Bush administartion will give the post to a senior military official from a prior administration.
Oh wait...
http://www.nic.mil/visitors.txt and http://www.nic.mil/help
-madgeorge
I also found this
Now with all the linking on slashdot to .mil sites, I can see the military thinking it's a huge DDOS terrorist attack!
Now repeat after me...I will not slashdot military websites...:)
For posting directions to a publicly available, unprotected resource?
None whatsoever of course!
Anyone want to bet how much jail time they'll get?
Anyone want to bet whether the military can find the offender? Oh, they can probably find which country it was done from. Does anybody want to call the responsible person a terrorist and start a war against the country?
Do you care about the security of your wireless mouse?
Or rather...
in.soviet.russia.mil.registers.you.mil
Daniel
Carpe Diem
How long til the .mil and the .gov and the rest realise that spoofed sites like these could be a fantastic tool in capturing possible IPs of those stupid enough to actually try to use them. Even if you chained through a string of proxies to register the domain, it'd still be useless without somewhere to point it at.
;)
Editing *.mil* domains through a *logged* cgi form on a *.mil* server. Hello, no, I don't think so, thankyouverymuch. Might as well just a T-Shirt saying "got root?" or something...
I went to that link and it requires that you indicate a sponsoring agency. Since none of us have one, registering a domain would require entering false information into a DoD computer in order to gain unauthorized access. That is just a very bad idea.
While it might be funny to register al-qaeda.mil, grain.mil, or saddam.mil, you don't want to find yourself occupying Kevin Mitnick's old cell. The Department of Defense is not renowned for their lighthearted sense of humor and fun. They may very well decide to make an example of someone. Or they might just decide to hold someone for months or years prior to even filing charges.
It's not worth risking your freedom and your future livelihood for a prank.
The URL is http://sites.defenselink.mil/
It hasn't been possible to add new domains or run queries since Friday, so don't even bother.
I did the process at the .mil NIC site.
After you fill all the forms, there's:
PAY ATTENTION!
This online program makes no changes to the WHOIS database.
The scope of this online program is to send the template to the e-mail address entered in the field below.
Once you receive the completed template, you must forward it to the appropriate point of contact for action.
The NIC will not process any templates until it receives this template (by email) from the domain administrator or service PMO.
So you are essentially filling a template, which you can do by hand as well, following the instructions here.
It lets you retrieve POC by a handle though. I don't know the access level of this information in USA, but this is quite odd, since it seems that the handles are assigned by initials, and are of progressively increasing length.
I also wonder where does this interface gets that data from... There's a DB somewhere, and it can be probably hacked via this interface.
Don't get to excited:
Of course, not wanting to be labelled a combatent, that's as far as I went.
> Anyone want to bet how much jail time they'll get?
:-)
:-) That would be great.
Probably none at all. This seems like one of those special "extra-constitutional" areas where someone just disappears and winds up in Git-Mo (Guantanamo Bay). Perhaps "volunteering" their time being chased through the jungle with sensors attached so that 'American Army II' will be even more realistic.
You think that NataliePortman.mil is funny, wait till you see 270 pounds of 5'8" nerd huffing and puffing his way through the jungles of Cuba with the Marines in hot pursuit.
Matthew
/. finds me to be 20% Troll, 80% Funny
No, I didn't go poking around.
Smart move.
Can you say "honeypot"? I KNEW you could.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I'm responding to your sig.
Ok, so the new way of doing things is that instead of adding a point to your comment's overall score when you post with your karma bonus, your comment is posted at 1 with a separate "karma_bonus=yes|no" variable. Thereafter, users can specify how much weight to assign to the karma bonus on their preferences page. This was 0 when the editors quietly rolled in the changes without telling anyone (why so sneaky?), but has since been changed to '+1' by default, to by default be the same as the old way.
So, your comment that got 3 good moderations is scored at 4/1. Users who have a '+1' modifier to karma bonus will see this comment at 5, whereas users with a '0' karma modifier will see it at 4, and users with (for whatever reason) a '-6' modifier will see it at -2. If such a thing were possible.
Unfortunately, I see this as making it unlikely that comments posted with a karma bonus will ever be modded up to 5, since most moderators will be viewing with a karma bonus and see that the comment is already scored at 5, and that it therefore cannot be modded up further.
I'm going to say that the way this was changed was disgraceful. There is no reason not to maintain a place on slashdot indicating how the code is being changed. I have relied on CmdrTaco's journal to inform me of changes, but in this case it was silent, and after thinking about it further, it's still a crappy way of running things.
It all goes back to the difference between slashdot as community and slashdot as business. As a business, sure, slashdot can do whatever the hell it wants, who am I to lecture, blah blah blah. But as a community, changing things in profound ways without approval, comment, or even notification is bastardly. And slashdot as a business would do well to perceive its dimensions as a community.
Here's a summary of the proposed domains.
If you want to know who submitted it, read through the comments again.
Enjoy!
Al-Queda.mil
runofthe.mil
General.mil (cereal)
Cara.mil (caramel)
Rumor.mil (which would be slashdot.org.. hehe)
rastafarian.mil
peace.mil
Piece.mil ("as I find well toned and armed women hot")
starfleet.mil
diploma.mil
peace.in.our.t
gin.mil
pointlessdeath.mil
2600.mil
Na
runofthe.mil
slashdot.mil
ally
IN-SOVIET-RUSSIA-we-practice-better-i
in.soviet.russ
slashdot.mil
kevinmitni
2600.mil
fuckedcompany.mil
bushisanidiot
ashcroftisan ass.mil
sgc.mil
weoverthrewiran.mil
weoverthre
weassinatevietnamese.mil
wekillci
wesupportcoupinchile.mi
wesupp
wetrainedosama.mil
w
wegavesaddammoney.mil
wegave
weoverthrewpanama.mil
webombaspi
"noches.mil" (Thousand nigths)
"dos.mil" (Two thousand)
blackop.mil
pepper.mil
paper.mil
da
deathstar.mil (for dvader@deathstar.mil)
milf.mil
Wind.mil
honeyp
Serious? Seriousness is well above my pay grade.
For those who REALLY want a .MIL domain name...
Having spent a good deal of time in the US Navy dealing with the fun of keeping seperated, classified and unclassified networks, I can tell you exactly how much of a threat this problem is, to national security..
None. At the very worst, as pointed out in earlier posts... slashdotting a public domain .mil site (like http://chinfo.navy.mil/) would only serve to seriously tick off servicemembers family's, and the average run of the mill PR guys for the navy.
Classified servers, sites, and networks are encrypted before they ever touch the same cables as the internet. In many cases, they never DO touch the same cables, but.. Yes, alot of that -classified- traffic passes over the same lines as your average slashdot post, BUT... its highly encrypted before it ever gets there (encryption level and equipment obviously varied by classification level, some data doesn't even get to TOUCH a networked computer).
As well, a LARGE portion of the .mil domain's are setup to ONLY see traffic from another authorized .mil network (usually managed by IP address's). If your .mil network needs access to see my network, as well as getting the usual userids and passwords, my net admins need to talk to yours, and put your 1.2.3.xxx address into our firewall.
So, the threat here? The threat is really only to the fact that its completely possible to now have a bazillion "yourname.yourwebsite.mil" websites running around... And this wouldn't HURT anything persay, because most .mil websites are acronyms like "subhqnorva.navy.mil" (for Submarine Squadron Headquarters Norfolk Virginia).
US Military bungle? Yes
National Security Threat? Minimal...
Do you really want a .mil domain? Gee, only if you want to cause unnecessary trouble for a government trying to prepare for war...
~~~ SCO sued me because I printed this t-shirt with a Linux driven printer...