Full Disclosure mailing list archives
Re: www.dia.mil
From: "Viktor Larionov" <viktor.larionov () salva ee>
Date: Wed, 29 Oct 2008 13:08:00 +0200
And maybe friends, you could explain me what's so special about dia.mil ? I would actually understand if CIA central internal information system would use such trackers, but if it's a public web page, what's so special about it ? And ok, even if the information on visitors leaks - what's so interesting about visitors statistics to dia.mil ? What makes those visitors or the URL-s they request so special ? Or maybe you suppose CIA will hold sensetive materials on a public webserver ? e.g. www.dia.mil/sometopsecretstuff... Well I agree, you can find stupid things everywhere nowdays, but I surely hope that they don't do it. I guess that visitor statistics to google.com are thousand times more interesting than dia.mil.
From my personal point of view dia.mil visitors statistics offer exactly the
same interest like www.desperatehousewives.com visitor statistics. (intelligence guys, no offence :P) Kindest regards, --- Viktor Larionov snr. system administrator R&D team Salva Kindlustuse AS Parnu mnt. 16 10141 Tallinn ESTONIA tel: (+372) 683 0636, (+372) 680 0500 fax: (+372) 680 0501 gsm: (+372) 5668 6811 viktor.larionov () salva ee ------------ MOTD: Dream Big. Think the impossible. If you can dream it - you can create it. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Adrian P. Sent: Wednesday, October 29, 2008 12:02 PM To: Valdis.Kletnieks () vt edu; Razi Shaban Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] www.dia.mil Welcome to the web! 1 website = content retrieved from dozens/hundreds of sites. Much more than what the browser's address bar shows ;) Think of ad banners, analytics JS ("legit" spyware), static content served from high-speed embedded httpds, etc ... And yes, there are security implications to this design problem. -----Original Message----- From: Valdis.Kletnieks () vt edu Sent: 27 October 2008 17:22 To: Razi Shaban <razishaban () gmail com> Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] www.dia.mil On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said:
On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <bipin.gautam () gmail com>
wrote:
A picture is worth a thousand words. But whats so wrong about it? :PSo what?
A US intelligence agency is basically betting the bank that statcounter.com, a company apparently based in Ireland, doesn't get pwned or subverted. Does that give you warm-n-fuzzies? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: www.dia.mil, (continued)
- Re: www.dia.mil Valdis . Kletnieks (Oct 27)
- Re: www.dia.mil Razi Shaban (Oct 27)
- Re: www.dia.mil Valdis . Kletnieks (Oct 27)
- Re: www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Gary E. Miller (Oct 27)
- Re: www.dia.mil Bipin Gautam (Oct 27)
- Re: www.dia.mil Jorrit Kronjee (Oct 30)
- Re: www.dia.mil nocfed (Oct 30)
- Re: www.dia.mil Valdis . Kletnieks (Oct 27)
- Re: www.dia.mil Viktor Larionov (Oct 29)