Slashdot Mirror

← Back to Stories (view on slashdot.org)

Register your own .mil Domain

Posted by CmdrTaco on from the someone-should-register-paper.mil dept.

JWSmythe writes " As reported in This Story at theregister.co.uk ,and on dailyrotten.com, it seems the US Department of Defense has dropped the ball. Not only can you register a .mil domain, but you can find "secret" domains that aren't publically known (the gov't uses security through obscurity?). I'm looking forward to hacker.mil, warez.mil, and porn.mil."

19 of 311 comments (clear)

  1. sp by Anonymous Coward · · Score: 5, Funny

    goatse.mil?

    1. Re:sp by Patrick13 · · Score: 5, Funny

      antiwar.mil ?

      --
      ::.. check out some Cell Phone Reviews
  2. what about... by DarklordSatin · · Score: 5, Funny

    runofthe.mil

  3. Peace? by Vigilante42 · · Score: 5, Funny

    peace.mil

  4. General.mil by CheeseburgerBlue · · Score: 5, Funny

    Mmmm....cereal.

    --
    I am from a small, grease-loving country in the north called Ca-na-da.
  5. Link to .mil Registry by Motherfucking+Shit · · Score: 5, Informative

    http://www.nic.mil/dodnic. No, I didn't go poking around. If you've got bigger balls than I, perhaps you can link to the supposed admin area...

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  6. The Register story is two days old. by More+Karma+Than+God · · Score: 5, Insightful

    Why is this just hitting Slashdot now?

    As far as I know The Register broke the story, and nobody else has cited information that wasn't in The Register's article.

    Does anyone have a screenshot of this site?

    --
    Go here to create your own Slashdot dis
  7. How long before Google is sued? by jdreed1024 · · Score: 5, Interesting
    For those who didn't RTFA, one of the points of the article is not only are there unprotected admin interfaces that let you register your own domain (that's what they're talking about - you still can't register .mil through register.com or anything), add a user, and view traffic stats on DoD sites (even "hidden" ones), but that all these pages (including default passwords) are cached by Google.

    This implies that even if the DoD fixes the problem, the Google caches will still be available (until they expire or are replaced). Now, in the past, we've heard reports of people being upset that Google cached information. However, this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache? Will Google be told that cacheing links is now illegal because it could aid terrorists? Will they be prevented from cacheing .gov and .mil? Will Google be sued out of existence?

    We've all found Google caches to be useful, when, say the documentation for an open source project is hosted via 56K modem line in the Czech Republic, for example, or even when a site is Slashdotted, but it'll be interesting to see what happens about this, and how the goverment may over-react.

    (Note, if you're too stupid to understand this, I'm not talking about blame here - don't bother saying "Google rulez, the militery is dum asses for leeving these sitez open, u r an idiot...". I'm talking about reprocussions. Certainly Google doesn't "know" what information a link contains when they cache it. Certainly it's the government's fault for leaving open admin pages with default passwords listed on the page. But just because someone isn't at fault, doesn't mean they can't get screwed over.)

    --
    There is no sig, there is only Zuul.
  8. Aaahh by Anonymous Coward · · Score: 5, Informative

    I found this without having to click on this

    1. Re:Aaahh by Anonymous Coward · · Score: 5, Informative
      And this is the domain registration link.

      Won't work without a .mil email address, though.

    2. Re:Aaahh by Anonymous Coward · · Score: 5, Informative

      This too, for reserving your very own netblock.

    3. Re:Aaahh by xintegerx · · Score: 5, Informative

      Wow, I didn't believe it was there!

      I found references to http://www.nic.mil/cgi-bin/whois on google. I was debating on trying /admin and etc instead, but didn't :)

      Instead, I searched for

      admin http://www.nic.mil

      on Google, to verify the news. I ended up clicking on a web site that shows beginning web masters useful resources.

      From there, I went to the site one level above, and from there clicked a link to view a document about standard run of the mill no big whoop procedures about webmastering (pretty useful if you want to be a contractor or write software and have it comply, I assume.)

      BTW the security notice on this document is a link to army.mil's privacy policy, which says:

      Information presented on Army Home Page is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested.

      Anyway, on this document I was just describing, click the second link to the defenselink webmasters area.

      There (which is also public according to their stated policy) you can click on "Domain Registration in the .mil domain" and see this
      http://www.nic.mil/ftp/mgt/bul-9605.txt

      These are just public info resources. army.mil's security policy says if you try to upload or change stuff, that's what they care about.

      --

      Cover your eyes and click this link!
  9. Perfect... by SoSueMe · · Score: 5, Funny

    Perfect for SlashDot... "Rumor.mil"

  10. here it is... by Anonymous Coward · · Score: 5, Informative

    link

  11. Here is the access list by Anonymous Coward · · Score: 5, Informative

    http://www.nic.mil/visitors.txt and http://www.nic.mil/help

  12. Oh great by LordDartan · · Score: 5, Funny

    Now with all the linking on slashdot to .mil sites, I can see the military thinking it's a huge DDOS terrorist attack!

    Now repeat after me...I will not slashdot military websites...:)

  13. Re:Hmm.... by Anonymous Coward · · Score: 5, Interesting

    Dunno but you can do it for him:

    nic.mil/cgi-bin/domain

  14. Since Slashdot if a Pussy-land... by Q+Who · · Score: 5, Informative

    I did the process at the .mil NIC site.

    After you fill all the forms, there's:

    PAY ATTENTION!

    This online program makes no changes to the WHOIS database.

    The scope of this online program is to send the template to the e-mail address entered in the field below.

    Once you receive the completed template, you must forward it to the appropriate point of contact for action.

    The NIC will not process any templates until it receives this template (by email) from the domain administrator or service PMO.

    So you are essentially filling a template, which you can do by hand as well, following the instructions here.

    It lets you retrieve POC by a handle though. I don't know the access level of this information in USA, but this is quite odd, since it seems that the handles are assigned by initials, and are of progressively increasing length.

    I also wonder where does this interface gets that data from... There's a DB somewhere, and it can be probably hacked via this interface.

  15. Lose your +2? by schlach · · Score: 5, Interesting

    I'm responding to your sig.

    Ok, so the new way of doing things is that instead of adding a point to your comment's overall score when you post with your karma bonus, your comment is posted at 1 with a separate "karma_bonus=yes|no" variable. Thereafter, users can specify how much weight to assign to the karma bonus on their preferences page. This was 0 when the editors quietly rolled in the changes without telling anyone (why so sneaky?), but has since been changed to '+1' by default, to by default be the same as the old way.

    So, your comment that got 3 good moderations is scored at 4/1. Users who have a '+1' modifier to karma bonus will see this comment at 5, whereas users with a '0' karma modifier will see it at 4, and users with (for whatever reason) a '-6' modifier will see it at -2. If such a thing were possible.

    Unfortunately, I see this as making it unlikely that comments posted with a karma bonus will ever be modded up to 5, since most moderators will be viewing with a karma bonus and see that the comment is already scored at 5, and that it therefore cannot be modded up further.

    I'm going to say that the way this was changed was disgraceful. There is no reason not to maintain a place on slashdot indicating how the code is being changed. I have relied on CmdrTaco's journal to inform me of changes, but in this case it was silent, and after thinking about it further, it's still a crappy way of running things.

    It all goes back to the difference between slashdot as community and slashdot as business. As a business, sure, slashdot can do whatever the hell it wants, who am I to lecture, blah blah blah. But as a community, changing things in profound ways without approval, comment, or even notification is bastardly. And slashdot as a business would do well to perceive its dimensions as a community.