Re: Default Admin Account

["J. Oquendo" <sil () infiltrated net>]

On Fri, 06 Feb 2009, M.D.Mufambisi wrote:

> I do agree with scott. The young fellow did commit a crime. Curiosity
> is not an excuse. However, having said that, someone at the military
> should be held accountable for such poor security practice. Someone
> did not do their job correctly considering the sensitive info the
> military deal with. Whilst the young man should be charged for
> unauthorised access to computer systems, someone at the military
> security should be charged with negligence.
>
> Regards,
>
> Munyaradzi mufambisi

Going off topic (this entire thread) so hopefully, we can have
some more serious discussion. So this will be my last two cents
on this...

1) How do you know it wasn't the responsibility of an outsourced
contractor (deployment of the machine)

2) How do you know these weren't merely honeypots.

3) Apparently you've not heard about the mechanisms of government
and the bureaucracy involved with making such moves where it's not
always going to be up to the "military security".

I'll iterate briefly what I re-call from a recent discussion I had
with someone @ a higher agency... Went something like this:

"We'd go in to perform duty-x in the military. While we may have been
explicitly told not to surf the net, we implicitly understood we could.
I mean if they didn't want us surfing, disconnect the machine. It was
in the middle of nowhere solely because the CSM needed something to do
whenever he was around. Who was I to go up my rank and call out my CSM?"

There are plenty of reasons that a machine might not be taken out
of the loop (network) for whatever reason, it is not an invitation
to break in, but again - leaving your apartment door open and
expecting the world to be as *morally full of ethics* as most
have rambled on about, is outright dumb and borderline criminal.
So much so, negligent.

Also, the assumption that NIPR/SIPR/RIPR information traverses
some of these publicly accessible machines is debatable. Makes
for good budgeting requests, but horrible real world scenarios.
If anyone claimed it to be so (OMFG they stole uberNIPR secrets)
I say nonsense. If they did, heads would fly from all sorts of
posts. So many in fact, these job cuts would seem like small
fries for the amount of servers compromised by someone like
\\st0rm\\ during the late 90's (OMG! No he didn't!).

Anyhow, enough rambling on this. I thought it was pentesting
not "Days Oph 0ur 90's l1v3s!"


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Enough research will tend to support your
conclusions." - Arthur Bloch

"A conclusion is the place where you got
tired of thinking" - Arthur Bloch

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E