Slashdot Mirror

← Back to Stories (view on slashdot.org)

Compromised Government and Military Sites For Sale

Posted by Soulskill on from the your-tax-dollars-at-derp dept.

Khopesh writes "Imperva blogged today about the sale of compromised .gov, .mil, and .edu sites, illustrating that cyber-criminals are getting bolder. Krebs on Security has an unredacted view of the site list. Perhaps the biggest threat is yet to come; if an industrious criminal can break into top government and military sites, so too can government-backed teams, proving that GhostNet and Stuxnet are just the beginning."

5 of 51 comments (clear)

  1. Obvious by TaoPhoenix · · Score: 3, Informative

    Wikileaks.mil!

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  2. Cabsec can fix this by ka9dgx · · Score: 4, Interesting

    Capability based security (Cabsec) can provide OS with no exposed vulnerabilities. It's based on an L4 proven microkernel. The only problem is that it's vaporware.

    It doesn't have to be. The parts are starting to fall into place, but the open source community has to be made aware of the fact that it is possible to solve computer security, instead of patching it with layers of band-aids.

    1. Re:Cabsec can fix this by Cyberax · · Score: 3, Informative

      Nope, it won't help.

      Capability-based security omits one liiiiiiiittle detail: initial capability distribution. That's why most (all?) of proves of capability based security omit the initial image set up. That's the case with CoyotOS and other OSes. Or in other words, the question is: should IAmEvilExecutable get CAP_ALL_ACCESS permission if user starts it and grants it this permission?

      Another problem is that if I somehow inject myself into, say, web server then I'll get access to all capabilities granted to this webserver. Which is usually more than enough. The only 'fix' on the horizon for this problem is fully managed code (see: Singularity OS).

  3. Disturbing... by Sooner+Boomer · · Score: 3, Interesting

    I don't know which is more worrying - that some of these sites are for sale, or how cheaply they're going for...

    --
    Chaos maximizes locally around me.
  4. This is the hacker's site: by Anonymous Coward · · Score: 3, Informative

    The hacker's site is http://www.sbrlche.com/.

    Quite easily googleable from the phrases in the screenshots!