[vox] what do they pay their staff for?!?

Samuel Merritt vox@lists.lugod.org
Tue, 18 Mar 2003 12:51:46 -0800


--Rzq/nSLlHy1djmXS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 18, 2003 at 12:26:41PM -0800, Peter Jay Salzman wrote:
[snip]
> today i read the news.  the US army's webserver was hacked.  the webdav
> hole is to blame.
>=20
>=20
> ok, let's forget the issue of why the army is using IIS to begin with.
> that's a whole different issue.  i'm wondering who gets paid to sit
> around and administrate army webservers, and why it didn't occur to them
>=20
>    "hey, wait a minute.  WE'RE running IIS on win2k servers!"
>=20
> a website isn't a big deal, but considering we're on the brink of war,
> you'd think the administrators would be a bit more on the ball.  who
> knows what's networked to what.  heck, i don't have microsoft anything,
> and i still knew about the webdav hack.

Nothing of any importance to the military could get leaked via the web
servers. No classified computer can be connected to the Internet.=20

That's really important, so I'll say it again: No classified computer
can be connected to the Internet. If an Army computer is behind a
thousand different firewalls, but could conceivably send or receive a
packet from the Internet through those firewalls, the computer is not
classified.

There are people who do nothing but go over classified networks, again
and again, to make sure that there is absolutely no path from them to
any unclassified network or system, including the Internet.=20

Hence, there is no path to classified information from the Army's web
servers, and so if the web servers get hacked, it's embarassing, but
nothing more.=20

--=20
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org=
.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/p=
gp/

--Rzq/nSLlHy1djmXS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+d4bhW3tuPJ1t7wURAtFaAJ9SxS+tklkbKqoA2nrLAF3awcZyDgCfV/0J
WnZYvSY7Y3Of2sXBmRm0DjE=
=4S+y
-----END PGP SIGNATURE-----

--Rzq/nSLlHy1djmXS--