Dailydave mailing list archives
Re: We got owned by the Chinese and didn't even get a "lessons learned"
From: Etaoin Shrdlu <shrdlu () deaddrop org>
Date: Wed, 24 May 2006 07:53:49 -0700
Martin Johns wrote:
On 5/24/06, Steve Wilson <S.Wilson () eris qinetiq com> wrote:A large government organisation with no egress firewalling policy? No restrictive and monitored outbound proxies? What sort of a perimeter is that[1]?
I do not think monitored outbound proxies are a feasible concept to prevent the leakage of classified material. As long as http traffic is allowed, there are about 100000000 hidden channels which could be used to encode the material.
Please, please, please, folks; unless you've worked in the classified area (which is where I've spent my entire professional life), try not to guess at these things. Truly classified documents are not *on* the Internet. They have multiple classified networks with only sneakernet between them, and while there have indeed been "spillages" of classified material, this has usually been the result of some fool or other mentioning something in email or in a document that makes the result classified (and the destruction and wiping of perfectly good disk drives due to inadvertent release of such minor details is *huge*, and very time consuming).
Sure, most of the gov and mil internet facing networks are a lot more lax than they should be, but the classified stuff (even the stuff classified at a mere Confidential level) is not there. Not. Look up things like siprnet.
Coffee. Need more coffee... -- Shrdlu
Current thread:
- We got owned by the Chinese and didn't even get a "lessons learned" Dave Aitel (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Joanna Rutkowska (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Nicolas RUFF (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Joanna Rutkowska (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" val smith (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Nicolas RUFF (May 25)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" mark (May 25)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Nicolas RUFF (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Joanna Rutkowska (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Martin Johns (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Etaoin Shrdlu (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Andrew Simmons (May 24)
- Re: We got owned by the Chinese and didn't even get a"lessons learned" Halvar Flake (May 24)
- Re: We got owned by the Chinese and didn't even get a"lessons learned" Etaoin Shrdlu (May 24)
- air gap vs. covert channels (was: We got owned by the Chinese...) Joanna Rutkowska (May 24)