P2P Leaks Surprises
kilian.cavalotti writes "A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella.
The "See What You Share" site has been online for a week and has published photos ranging from a crashed military jet to a screenshot of a spreadsheet file that appears to include names, addresses and telephone numbers of marines. The site's operator, a 30-year-old named Rick Wallace, wrote in a blog posting that he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be."
I always thought military desks had two machines on them. A public internet and a military internet, and at no point were they ever interconnected. Is there any shade of truth of that *at all* in any branch of our military? It certainly sounds like any casual remark anyone might make at the watercooler, but it'd be interesting to hear from someone who's been there.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
It'll be interesting to see how long it'll take before the operator of that weblog is arrested, even though he's trying to prove a point.
In the extremely large military network I worked on, all P2P ports were blocked (the rule was deny all, allow by exception) and the IDS was tweaked to catch anyone who fiddled with the ports to get around that. The security guys were not nice to people they caught.
I guess some areas of the military just aren't set up that well.
Oh, and I submitted this with a funnier headli...er, wait, this isn't Fark, is it.
Well, I did submit it, with a link to a ZDNet article about it, in which they give a little more detail about what happened with the blogger's attempts to get the authorities involved:Ummmm...what??? How powerful is this senator, that he can pluck a given file off a decentralized P2P network? How did he do that? Am I going to get an insistent knock on my door for even questioning this?
Tell my wife I love her! AIEEEE!!!
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
A great example of this happened at my university about 10 years ago. The campus ran a cluster of unix machines for students to get email, read usenet, compile C programs, run nethack, etc.
The nerds amongst us were fairly concerned that the admins: 1) didn't keep the passwords in a shadow file, and 2) didn't run Crack on the password file to find weak passwords. I guess the reasons were that: 1) the OS (I think it was AIX at the time) didn't support
So... one of the nerds kinda... "settled" the issue for them. He ran Crack on the entire password table and POSTED all of the cracked login/password combos (a couple thousand out of something like 10,000 users, I think) to the local campus newsgroups.
Of course... this led to only one account being frozen... and you can probably guess whose it was.
But the campus did start to show a newfound interest in password robustness after that.