Slashdot Mirror


DOD Kicks Up Cybersecurity Efforts

codingOgre writes "The US Army will try to secure an entire computer network against a team led by the NSA. They are cadets at West Point competing against military academies and other schools in a four-day Cyber Defense Exercise this week. I would have to think that this would be a lot of fun! I would like to see what the NSA and friends could throw at my network, although one would think they wouldn't reveal all their cards...like the backdoor into any Windows box :)" In a related story, jkinney3 writes: "The feds are wising up to the needs for a verifiable, secure code base for all of the DOD stuff, according to Government Computing News. A proposed solution 'would create a single executive organization responsible for software integrity and information assurance.' Joe Jarzombek, deputy director for software assurance in DOD's Information Assurance Directorate, said 'DOD possesses so many millions of lines of code in countless thousands of packages, that it would take years of effort and millions of dollars just to identify what was developed where.' I'm envisioning a lot of Bugzilla installations."

4 of 178 comments (clear)

  1. Re:GNAA claims responsibility for Momfuck virus (F by Anonymous Coward · · Score: -1, Offtopic

    5.4.4 Connecting to the MySQL Server

    MySQL client programs generally expect you to specify connection parameters when you want to access a MySQL server:

    * The name of the host where the MySQL server is running
    * Your username
    * Your password

    For example, the mysql client can be started as follows from a command-line prompt (indicated here by shell>):

    shell> mysql -h host_name -u user_name -pyour_pass

    Alternate forms of the -h, -u, and -p options are --host=host_name, --user=user_name, and --password=your_pass. Note that there is no space between -p or --password= and the password following it.

    If you use a -p or --password option but do not specify the password value, the client program will prompt you to enter the password. The password is not displayed as you enter it. This is more secure than giving the password on the command line. Any user on your system may be able to see a password specified on the command line by executing a command such as ps auxww. See section 5.5.7 Keeping Your Password Secure.

    MySQL client programs use default values for any connection parameter option that you do not specify:

    * The default hostname is localhost.
    * The default username is ODBC on Windows and your Unix login name on Unix.
    * No password is supplied if -p is missing.

    Thus, for a Unix user with a login name of joe, all of the following commands are equivalent:

    shell> mysql -h localhost -u joe
    shell> mysql -h localhost
    shell> mysql -u joe
    shell> mysql

    Other MySQL clients behave similarly.

    You can specify different default values to be used when you make a connection, so that you need not enter them on the command line each time you invoke a client program. This can be done in a couple of ways:

    * You can specify connection parameters in the [client] section of an option file. The relevant section of the file might look like this:

    [client]
    host=host_name
    user=user_name
    passwo rd=your_pass

    Option files are discussed further in section 4.3.2 Using Option Files.
    * You can specify some connection parameters using environment variables. The host can be specified for mysql using MYSQL_HOST. The MySQL username can be specified using USER (this is for Windows and NetWare only). The password can be specified using MYSQL_PWD, although this is insecure; see section 5.5.7 Keeping Your Password Secure. For a list of variables, see section E Environment Variables.

    Previous / Next / Up / Table of Contents

    User Comments
    Posted by Lars Aronsson on June 8 2002 10:11am [Delete] [Edit]

    In several places, the MySQL documentation talks
    about the "-ppassword" option to the mysql
    command. However, the default use under Unix/Linux
    seems to be that "-p" will cause mysql prompt for
    a password, while leaving out "-p" will cause
    mysql to attempt accessing the database without
    using any password at all.
    Posted by Nancy Ging on August 22 2002 3:23pm [Delete] [Edit]

    This is also true with the Windows NT/2K version.
    The password will not be requested if -p is omitted.
    Posted by Jim M on April 11 2003 5:28am [Delete] [Edit]

    As root I ran the included mysql_secure_installation program this set the necessary permssions for me to have it require a password by default.
    Posted by Kevin Mitchell on June 11 2003 1:56pm [Delete] [Edit]

    Below is an extract of my documentation which clearly states that you only be prompted for the password if "-p" is included:

    Exiting and Reconnecting to the MySQL Monitor
    In order to test the new password, exit the MySQL database using the following command:

    mysql>\q

    This will return you to the system shell. Now log back into the monitor, this time using the following command:

    %>mysql -u root -p

    Doing so will result in a prompt for the root user password, as follows:

  2. Re:Meanwhile... by Shakrai · · Score: 0, Offtopic
    Maybe he could quit the AAA or the Subway Sub Club, or something like that.

    Hey! Why are you trying to drag poor Jared into this? What did he do to offend you?

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  3. Re:hacker wargames by Shakrai · · Score: 2, Offtopic
    Not quite. The Army cadets are not allowed to attack the NSA or the other military academies. It's strictly a defensive exercise.

    It's more realistic that way. Wouldn't it be considered an act of war if our Army started attacking other nations computer systems? There's a whole different set of rules in place when you start using your military to inflict damage upon your enemies.

    The point being that the military would probably have to wait until the onset of hostilities before they could start screwing around with the other nations computer systems/infrastructure. At least according to International Law and tradition anyway.

    I guess my friends went to the Air Force academy about six years too early. This would be pretty fun to be a part of I bet. I wonder what qualifications you need to join the NSA? At least they won't outsource you :P

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  4. Re:A single gov't entity responsible for infosec? by Anonymous Coward · · Score: -1, Offtopic

    amen