Vulnerability Development mailing list archives
RE: Operation TIPS - the FEMA response
From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Tue, 30 Jul 2002 13:27:32 -0400
I've had conversations with FBI field office staff assigned to NIPC. Each time I've spoken with someone that had a clue. I was actually expecting what you describe below, but was pleasantly surprised. Maybe the central co-ordination center is staffed with less-than-optimal folks, but the field folks (in my experience) seem to be clued-up. Note however, that my contact has been with a small group of folks out of one field office. Maybe I just got lucky. Maybe it's a case of beaurocrats in technical positions, while the real techies are out in the field. Who knows. Maybe duck below the middle management and make your reports to field folks. Maybe that'll land you in jail. I think I'd prefer to not deal with them except when absolutely necessary from an investigative standpoint.
-----Original Message----- From: KF [mailto:dotslash () snosoft com] Sent: Tuesday, July 30, 2002 9:41 AM To: vuln-dev () securityfocus com Subject: Re: Operation TIPS - the FEMA response Ever try to call NIPC and have an intelligent "computer security" conversation? Don't bother... The 2 times I called to report security issues I found it hard to find someone someone to speak to that had skill beyond your local whopper flopper at burger king. -KF George Imburgia wrote:It wasn't quite as bad as a friend expected; "those people will say you have an infectious disease and lock you up forever 20 stories under the nevada desert" ...but it wasn't nice either. I called FEMA's technical contact, got voicemail, left my name, phone number, stated that it was a security problem with a FEMA web server, asked that they return my call and then said my name and phone number again. The next day, they claimed they hadn't contacted me becausethey didn'thave my phone number. After being prodded by the press, they did call and a hostile woman identifying herself as being with "FEMA's cybersecurityoffice" began toberate me for talking to the press. I informed her that I didn't like the tone of theconversation, and didnot want to continue without assurances that "this won't get ugly". We went back and forth over what that meant for a while, and then the previously unidentified and unannounced Mr. Schmidt spokeup, identifiedhimself as the "head of cybersecurity" and tried to convinceme to complywith their demands by using the term "federal governmentcomputer system"a lot. The term "____ off" comes to mind. Then the content and underlying code of the site changed. Now, they are telling people "he has a long history offalsely reportingsecurity problems with government computer systems". Are they claiming that the FBI's windows 3.51 web server was not vulnerable to dir?C| and variants in 1999? Are they claiming that the Dept of Ed. didn't have a worldwritable ftpmirror of their web site? Or did the fact that it took 6 calls, and responses like "we don't know what permissions are, we all use Macs here" make it a false report? Are they claiming it was a bad idea to null route the old www.whitehouse.gov net block when codered hit? Then why is it still a blackhole? Are they claiming that DG/UX wasn't vulnerable, or that a 3letter agencywasn't running it as a mail server? Are they claiming a state legislature wasn't running a vulnerable configuration of Lotus, their admin confirmed it, and statedhe didn'tknow it was accessible from the internet? Are they claiming a popular DSLAM doesn't have a default password of ANS#150 and a firmware backdoor? Are they claiming that Qwest didn't have variants of"Algiers97" as thepassword on most of their routers as an algerian wasattempting to blow upSeattle's millenium celebration? Or maybe they are claiming the login bug I discovered in the1970's andenjoyed for years never existed? Verizon, Wilshire, Xerox and Comcast are a few of my recent(false?!?)reports. Who has the credibility problem here? George Imburgia Senior Network Security Engineer Capitol Networking gti () armorfirewall com
Current thread:
- RE: Operation TIPS - the FEMA response Keith T. Morgan (Jul 30)