Full Disclosure mailing list archives
Re: www.dia.mil
From: "Bipin Gautam" <bipin.gautam () gmail com>
Date: Tue, 28 Oct 2008 01:49:23 +0545
On 10/28/08, Gary E. Miller <gem () rellim com> wrote: A US intelligence agency is basically betting the bank that statcounter.com, a company apparently based in Ireland, doesn't get pwned or subverted.And betting that the plain text from the DIA job applicants to statcounter.com is not sniffed by anyone along the way. If I was Russia I would love to have the home IP for everyone that has applied to the DIA for a job this year. A few small bribes would make that happen.
And if http://www.statcounter.com/features/ is not actually a demo of what they already have for an agency i bet my money they have a huge potential to be one. But aren't these old school tricks already. How can security audits be so careless about such a shortcoming. The good old Microsoft saying goes almost like this, i.e " If a third party script is embedded in your website its no longer your website ( or unless the third party is your big brothers website ) " Once upon a time there was someone who use to blog software review's except he had clients who paid him for he use to redirect software downloads from a IP-list to a special spyware_infected_download. -bipin -- X-No-Archive: ___________________________________________ http://groups.google.com/group/Intelligence-Studies ************************************************************ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Razi Shaban (Oct 27)
- Re: www.dia.mil Gary E. Miller (Oct 27)
- Re: www.dia.mil Valdis . Kletnieks (Oct 27)
- Re: www.dia.mil Razi Shaban (Oct 27)
- Re: www.dia.mil Valdis . Kletnieks (Oct 27)
- Re: www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Gary E. Miller (Oct 27)
- Re: www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Jorrit Kronjee (Oct 30)
- Re: www.dia.mil nocfed (Oct 30)
- Re: www.dia.mil Razi Shaban (Oct 27)
- <Possible follow-ups>
- Re: www.dia.mil Big R (Oct 27)
- Re: www.dia.mil Adrian P . (Oct 29)
- Re: www.dia.mil Viktor Larionov (Oct 29)