Re: U.S. Military Wants to Exert Influence Over Private Cyber Infrastructure

["Marc" <marc () marcd org>]

> > Considering how the U.S. Military can't even protect it's own networks
> > against well-known USB malware, I find this suggestion laughable.
> [...]
>
> But not just *any* of their networks, a *classified* network.
>
> I think I'm more offended than in hysterics.  A) they've proven they're
> not up to the job on their "critical assets" network - let alone their
> garden variety networks.  B) uhmmm.. right.  US Military having control
> over private networks.  Pretty sure something in the Constitution says
> that's against the rules.

maybe...they just need...more...err...practice...

Remember this?  I do have mixed feelings about it - one side is the
OMG!!WTF!! newbie error, the other is that they did at least have the guts
to show up and put it on the line... 

"Come to think about it, day 2 was actually quite
interesting all because of two teams, MIIT1 and Army Strong. 
Why was it interesting you ask? Well, Army strong was running daemon6 as
root
and MIIT1 finally discovered the buffer overflow in
daemon6. So we all know what happened after that
;). With root privileges on Army Strong's box, MIIT1
managed to capture all of Army Strong's flags through
only one single daemon. Even though MIIT1 only
managed to exploit 1 daemon throughout the entire
CTF, but thanks to Army Strong they were boosted
up to 3rd place."

https://www.hackinthebox.org/misc/HITB-CTF2009-Special-Report.pdf

and a picture:

http://photos.hackinthebox.org/gallery/view_photo.php?set_albumName=hitb2009
kl-party&id=hitb2009_pcparty_024



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.