Full Disclosure mailing list archives
Re: www.dia.mil
From: Valdis.Kletnieks () vt edu
Date: Mon, 27 Oct 2008 14:13:01 -0400
On Mon, 27 Oct 2008 21:33:19 +0400, Razi Shaban said:
Yes, they're including a remote javascript. Then again, tens if not hundreds of thousands of other websites include the very same script. If statcounter's servers aren't very secure, they would have already been compromised.
One would *hope* that a major country's spook agencies kept themselves to a *slightly* higher security standard than Sixpack Joe's Website and Bait-n-Tackle Emporium. The risk/benefit analysis for the average .com and the average .spook are a bit different.
On the other hand, look at the voting machines the US gov't has contracted. They have a tendency to screw up with technology, making this one of their lesser problems (if you want to consider it a problem at all).
A totally separate problem, but one that's not in DIA's jurisdiction.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Razi Shaban (Oct 27)
- Re: www.dia.mil Gary E. Miller (Oct 27)
- Re: www.dia.mil Valdis . Kletnieks (Oct 27)
- Re: www.dia.mil Razi Shaban (Oct 27)
- Re: www.dia.mil Valdis . Kletnieks (Oct 27)
- Re: www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Gary E. Miller (Oct 27)
- Re: www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Jorrit Kronjee (Oct 30)
- Re: www.dia.mil nocfed (Oct 30)
- Re: www.dia.mil Razi Shaban (Oct 27)
- <Possible follow-ups>
- Re: www.dia.mil Big R (Oct 27)
- Re: www.dia.mil Adrian P . (Oct 29)
- Re: www.dia.mil Viktor Larionov (Oct 29)