Interesting People mailing list archives
more on "Fiscal 2005 spending bill addresses privacy issues"
From: David Farber <dave () farber net>
Date: Wed, 08 Dec 2004 11:15:33 -0500
Begin forwarded message: From: Rich Kulawiec <rsk () gsp org> Date: December 8, 2004 7:23:45 AM EST To: Peter Swire <peter () peterswire net> Cc: David Farber <dave () farber net>Subject: Re: [IP] more on "Fiscal 2005 spending bill addresses privacy issues"
On Tue, Dec 07, 2004 at 05:38:33PM -0500, David Farber wrote:
That may be a boon to the consulting companies, but may not be the best use of a given amount of privacy and security dollars.
I concur. One of the issues that I don't see addressed here is the increasing risk to the public of unintentional privacy violations caused by nearly non-existent computer/network security throughout all levels of government. Dr. Farber already ran (on IP) the note that I forwarded from NANOG about a DDoS attack being conducted in part from .mil network space; reports about other similar activities are now becoming routine (example from a days ago appended below). The severity level of these is unknown and probably unknowable by outsiders, but the general picture that has emerged over the psat few years is that Internet-connected federal/state/local government computer systems and networks are horribly insecure. The flaws appear to be systemic and begin with poor purchasing decisions (e.g., DHS standardized on Windows, which is insane). So we not only need to be worried about privacy violations being carried out by government employees, we need to be worried about privacy violations being carried out by unknown third parties. I wonder how much in the way of, oh, identity theft, has been carried out by attackers who simply wait for the relevant agencies to collect private data and then harvest it when it's convenient? And that's not the worst of it: little stops the same attackers from _altering_ the data. ---Rsk
From: Bruce Gingery <bg7341 () GTCS COM> Subject: Re: Media: Tenet calls for Internet security Date: Sat, 4 Dec 2004 04:34:28 -0700 To: SPAM-L () PEACH EASE LSOFT COM Hal Murray wrote:"Brian" citedhttp://www.washingtontimes.com/national/20041201-114750-6381r.htm Mr. Tenet called for industry to lead the way by "establishing and enforcing" security standards. Products need to be delivered to government and private-sector customers "with a new level of security and risk management already built in."QUESTIONOne could turn that around and ask what would happen if the governmentsector set a good example by not purchasing insecure software.ANSWER 40 years or so, perhaps? First gotta get the salt pork out, and of course the spiced ham...OTOH, I'd already started Tenet's advice, before the classified laptop was left in the bedroom -- well, not quite. I deny connections to the following, most of which have shown themselves to be at least REMOTELY driven by forgers and zombies... See any organizations you recognize?Some of them were probably in the recent WiFi DC sweep. I filteredout .gov.ru, .gov.uk, .gov.ua, gov.au Canadian provinces, and the likefrom this list. There's plenty, around the world!------------+----------------- +------------------------------------------Blocked | CIDR | Comment------------+----------------- +------------------------------------------ 2004-08-24 | 128.102.31.194 | arc-relay1.arc.nasa.gov env=<>,claimed t2004-07-09 | 128.159.101.177 | kmail.ksc.nasa.gov2004-07-16 | 128.231.2.103 | itchy.cit.nih.gov env=<MAILER-DAEMON@itc2004-11-01 | 128.231.90.113 | nihhubims3.hub.nih.gov env=<>2004-07-27 | 129.6.16.226 | rimp1.nist.gov env=<>,claimed to be smtp2004-10-01 | 129.29.2.3 | westpf-doim001.usma.army.mil env=<> 2004-09-29 | 129.139.10.126 | imail1.pica.army.mil env=<>, 2004-08-16 | 129.164.30.24 | venus.ivv.nasa.gov env=<>, 2004-09-14 | 131.6.84.3 | eagle2.langley.af.mil env=<>, 2004-11-02 | 131.9.254.188 | amcuxns802.amc.af.mil env=<>,claimed to 2004-06-03 | 131.9.254.189 | amcuxfw801.amc.af.mil env=<>, 2004-06-22 | 131.158.50.105 | nmic-btmd-gwexc.med.navy.mil env=<> 2004-10-24 | 131.158.50.238 | nmic-btmd-post3.med.navy.mil env=<> 2004-06-15 | 132.45.192.3 | andes.arnold.af.mil2004-10-22 | 132.52.154.10 | jayhawk.vance.af.mil env=<>,claimed to b2004-06-27 | 132.58.234.9 | zeus.nellis.af.mil env=<>2004-07-25 | 132.163.128.82 | franklin-node2.boulder.nist.gov env=<>,c 2004-10-12 | 132.250.1.115 | smail1.nrl.navy.mil env=<>,claimed to be 2004-09-14 | 132.250.83.3 | s2.itd.nrl.navy.mil env=<Symantec_AntiVi2004-08-12 | 132.250.118.80 | mx-a0.ccs.nrl.navy.mil env=<> 2004-10-15 | 137.244.215.8 | cits-darla.robins.af.mil env=<> 2004-11-07 | 138.162.140.59 | gate21-sandiego.nmci.usmc.mil env=<> 2004-08-09 | 140.90.121.142 | mocbox2.nems.noaa.gov env=<> 2004-06-01 | 140.140.58.5 | diamondback.brooks.af.mil env=<>,2004-06-04 | 140.185.1.133 | ddmfitayz003.osd.mil claimed to be ddmfi2004-11-28 | 143.81.8.22 | dohaexch2.kuwait.army.mil env=<>, 2004-09-11 | 143.231.86.9 | taurus.house.gov2004-07-26 | 143.231.86.15 | cetus.house.gov env=<>,claimed to be ap02004-06-08 | 144.51.88.131 | zombie.ncsc.mil (forged) env=<>,2004-09-11 | 144.141.194.2 | rnoc1.pacsw.navy.mil env=<>,claimed to b 2004-09-05 | 146.138.1.106 | HQMMS2.hr.DOE.GOV env=<>,claimed to be h 2004-10-02 | 146.138.1.107 | HQMMS1.hr.doe.gov env=<>,claimed to be h2004-09-09 | 147.35.30.8 | cesklnexch1.26asg.army.mil env=<> 2004-09-29 | 148.129.129.22 | dispatch.tco.census.gov env=<> 2004-09-12 | 150.192.50.56 | lewiml006.lewis.army.mil env=<>2004-11-25 | 155.216.56.4 | env=<>,claimed to be dixxml000000002.dix2004-09-30 | 156.33.203.20 | senmail2.senate.gov 2004-08-02 | 156.33.203.25 | senmail4.senate.gov2004-08-15 | 159.233.156.35 | ntdotex.dot.pima.gov env=<>,claimed to b2004-09-17 | 160.91.4.110 | emroute3.ornl.gov env=<>, 2004-09-01 | 160.133.207.225 | pom-mail1.monterey.army.mil2004-07-05 | 162.2.111.9 | cdssmsg03.cdss.dss.ca.gov env=<>,claimed 2004-09-22 | 164.65.217.32 | dddc025.ha.osd.mil env=<>,W32.Swen <mgd@ 2004-06-12 | 164.82.144.31 | dcmail1b.dc.gov claimed to be dcmail0.dc 2004-10-24 | 164.223.1.100 | NPRI54MAI01.NPT.NUWC.NAVY.MIL env=<>,cla2004-09-01 | 165.110.1.18 | nthq8.sba.gov env=<>, 2004-08-01 | 169.154.210.185 | A-169-154-210-185.giss.nasa.gov2004-07-17 | 169.253.4.3 | acheson-c.state.gov env=<>,claimed to be2004-06-04 | 192.58.199.187 | pxcg5.navair.navy.mil env=<>, 2004-08-02 | 192.58.199.188 | pxcg6.navair.navy.mil env=<>,2004-08-09 | 192.77.84.46 | X500ROOT.NASA.GOV env=<MAILER-DAEMON@x502004-07-21 | 192.104.54.10 | mailgate1.fcc.gov env=<>, 2004-09-05 | 192.234.164.3 | claimed to be rch1.deq.virginia.gov 2004-07-31 | 198.238.118.230 | dist.dis.wa.gov2004-10-12 | 199.134.141.70 | stl-mail-edge1.fsc.usda.gov env=<>,claim 2004-07-02 | 204.124.231.11 | fw.cns.gov env=<>,claimed to be [204.124 2004-08-27 | 204.193.246.81 | mail2.osec.doc.gov env=<lAnadal1 () doc gov2004-06-22 | 205.56.129.110 | noca1.uar.navy.mil env=<>,claimed to be2004-08-27 | 205.56.129.112 | env=<>,claimed to be dnsmail2.uar.navy.m 2004-07-19 | 205.56.145.37 | pacfc.fleet.navy.mil env=<>,claimed to b 2004-08-28 | 205.128.215.120 | deptvass-cp.va.gov env=<postmaster@med.v2004-08-10 | 207.133.162.39 | grizzly2.clear.af.mil env=<>, 2004-09-22 | 208.27.111.22 | resav1i.gtwy.uscourts.gov env=<>,2004-09-24 | 208.242.80.9 | msgate.pstripes.osd.mil env=<>,claimed t ------------+----------------- +------------------------------------------I often wonder how long it would take MS to clean up their act if the (US) GSA based their pricing on total cost of ownership and added in the operational costs of keeping MS boxes clean.You forgot your C&C warning. Take a look at 144.51.88.131 Does the name "Rainbow" strike a familiar note? How about 129.6.16.226 or 132.163.128.82? Or the champions at 146.138.1.0/24. Or 162.2.111.9? Fortunately, 204.193.246.81 isn't what it looks like from the name. How about 132.250.0.0/16? Or 164.223.1.100? To be fair, there are a couple politicians writing to forged feedbackaddresses, for a couple of those. And the West Point entry appears tobe some plebe's dorm room, not some slightly-downgraded seclab.
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on "Fiscal 2005 spending bill addresses privacy issues" David Farber (Dec 08)
- <Possible follow-ups>
- more on "Fiscal 2005 spending bill addresses privacy issues" David Farber (Dec 08)