more on "Fiscal 2005 spending bill addresses privacy issues"

[David Farber <dave () farber net>]

Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: December 8, 2004 7:23:45 AM EST
To: Peter Swire <peter () peterswire net>
Cc: David Farber <dave () farber net>
Subject: Re: [IP] more on "Fiscal 2005 spending bill addresses privacy  
issues"

On Tue, Dec 07, 2004 at 05:38:33PM -0500, David Farber wrote:
> That may be a boon to the consulting companies, but may not
> be the best use of a given amount of privacy and security dollars.

I concur.  One of the issues that I don't see addressed here
is the increasing risk to the public of unintentional privacy
violations caused by nearly non-existent computer/network security
throughout all levels of government.

Dr. Farber already ran (on IP) the note that I forwarded from NANOG
about a DDoS attack being conducted in part from .mil network
space; reports about other similar activities are now becoming
routine (example from a days ago appended below).

The severity level of these is unknown and probably unknowable
by outsiders, but the general picture that has emerged over the
psat few years is that Internet-connected federal/state/local
government computer systems and networks are horribly insecure.
The flaws appear to be systemic and begin with poor purchasing
decisions (e.g., DHS standardized on Windows, which is insane).

So we not only need to be worried about privacy violations being
carried out by government employees, we need to be worried about
privacy violations being carried out by unknown third parties.

I wonder how much in the way of, oh, identity theft, has been
carried out by attackers who simply wait for the relevant agencies
to collect private data and then harvest it when it's convenient?

And that's not the worst of it: little stops the same attackers
from _altering_ the data.

---Rsk


> From: Bruce Gingery <bg7341 () GTCS COM>
> Subject: Re: Media: Tenet calls for Internet security
> Date: Sat, 4 Dec 2004 04:34:28 -0700
> To: SPAM-L () PEACH EASE LSOFT COM
>
> Hal Murray wrote:
> > "Brian" cited
> > > http://www.washingtontimes.com/national/20041201-114750-6381r.htm
> > > Mr. Tenet called for industry to lead the way by "establishing and
> > > enforcing" security standards. Products need to be delivered to
> > > government and private-sector customers "with a new level of security
> > > and risk management already built in."
>
> QUESTION
> >  One could turn that around and ask what would happen if the  
> > government
> >  sector set a good example by not purchasing insecure software.
> ANSWER
>      40 years or so, perhaps?  First gotta get the salt pork out, and
>   of course the spiced ham...
>
>   OTOH, I'd already started Tenet's advice, before the classified  
> laptop
>   was left in the bedroom -- well, not quite.  I deny connections to  
> the
>   following, most of which have shown themselves to be at least  
> REMOTELY
>   driven by forgers and zombies...  See any organizations you  
> recognize?
>
>   Some of them were probably in the recent WiFi DC sweep.  I filtered
>   out .gov.ru, .gov.uk, .gov.ua, gov.au Canadian provinces, and the  
> like
>   from this list.  There's plenty, around the world!
>
> ------------+----------------- 
> +------------------------------------------
>   Blocked   |      CIDR       |                 Comment
> ------------+----------------- 
> +------------------------------------------
>  2004-08-24 | 128.102.31.194  | arc-relay1.arc.nasa.gov env=<>,claimed  
> t
>  2004-07-09 | 128.159.101.177 | kmail.ksc.nasa.gov
>  2004-07-16 | 128.231.2.103   | itchy.cit.nih.gov  
> env=<MAILER-DAEMON@itc
>  2004-11-01 | 128.231.90.113  | nihhubims3.hub.nih.gov env=<>
>  2004-07-27 | 129.6.16.226    | rimp1.nist.gov env=<>,claimed to be  
> smtp
>  2004-10-01 | 129.29.2.3      | westpf-doim001.usma.army.mil env=<>
>  2004-09-29 | 129.139.10.126  | imail1.pica.army.mil env=<>,
>  2004-08-16 | 129.164.30.24   | venus.ivv.nasa.gov env=<>,
>  2004-09-14 | 131.6.84.3      | eagle2.langley.af.mil env=<>,
>  2004-11-02 | 131.9.254.188   | amcuxns802.amc.af.mil env=<>,claimed to
>  2004-06-03 | 131.9.254.189   | amcuxfw801.amc.af.mil env=<>,
>  2004-06-22 | 131.158.50.105  | nmic-btmd-gwexc.med.navy.mil env=<>
>  2004-10-24 | 131.158.50.238  | nmic-btmd-post3.med.navy.mil env=<>
>  2004-06-15 | 132.45.192.3    | andes.arnold.af.mil
>  2004-10-22 | 132.52.154.10   | jayhawk.vance.af.mil env=<>,claimed to  
> b
>  2004-06-27 | 132.58.234.9    | zeus.nellis.af.mil env=<>
>  2004-07-25 | 132.163.128.82  | franklin-node2.boulder.nist.gov  
> env=<>,c
>  2004-10-12 | 132.250.1.115   | smail1.nrl.navy.mil env=<>,claimed to  
> be
>  2004-09-14 | 132.250.83.3    | s2.itd.nrl.navy.mil  
> env=<Symantec_AntiVi
>  2004-08-12 | 132.250.118.80  | mx-a0.ccs.nrl.navy.mil env=<>
>  2004-10-15 | 137.244.215.8   | cits-darla.robins.af.mil env=<>
>  2004-11-07 | 138.162.140.59  | gate21-sandiego.nmci.usmc.mil env=<>
>  2004-08-09 | 140.90.121.142  | mocbox2.nems.noaa.gov env=<>
>  2004-06-01 | 140.140.58.5    | diamondback.brooks.af.mil env=<>,
>  2004-06-04 | 140.185.1.133   | ddmfitayz003.osd.mil claimed to be  
> ddmfi
>  2004-11-28 | 143.81.8.22     | dohaexch2.kuwait.army.mil env=<>,
>  2004-09-11 | 143.231.86.9    | taurus.house.gov
>  2004-07-26 | 143.231.86.15   | cetus.house.gov env=<>,claimed to be  
> ap0
>  2004-06-08 | 144.51.88.131   | zombie.ncsc.mil (forged) env=<>,
>  2004-09-11 | 144.141.194.2   | rnoc1.pacsw.navy.mil env=<>,claimed to  
> b
>  2004-09-05 | 146.138.1.106   | HQMMS2.hr.DOE.GOV env=<>,claimed to be  
> h
>  2004-10-02 | 146.138.1.107   | HQMMS1.hr.doe.gov env=<>,claimed to be  
> h
>  2004-09-09 | 147.35.30.8     | cesklnexch1.26asg.army.mil env=<>
>  2004-09-29 | 148.129.129.22  | dispatch.tco.census.gov env=<>
>  2004-09-12 | 150.192.50.56   | lewiml006.lewis.army.mil env=<>
>  2004-11-25 | 155.216.56.4    | env=<>,claimed to be  
> dixxml000000002.dix
>  2004-09-30 | 156.33.203.20   | senmail2.senate.gov
>  2004-08-02 | 156.33.203.25   | senmail4.senate.gov
>  2004-08-15 | 159.233.156.35  | ntdotex.dot.pima.gov env=<>,claimed to  
> b
>  2004-09-17 | 160.91.4.110    | emroute3.ornl.gov env=<>,
>  2004-09-01 | 160.133.207.225 | pom-mail1.monterey.army.mil
>  2004-07-05 | 162.2.111.9     | cdssmsg03.cdss.dss.ca.gov  
> env=<>,claimed
>  2004-09-22 | 164.65.217.32   | dddc025.ha.osd.mil env=<>,W32.Swen  
> <mgd@
>  2004-06-12 | 164.82.144.31   | dcmail1b.dc.gov claimed to be  
> dcmail0.dc
>  2004-10-24 | 164.223.1.100   | NPRI54MAI01.NPT.NUWC.NAVY.MIL  
> env=<>,cla
>  2004-09-01 | 165.110.1.18    | nthq8.sba.gov env=<>,
>  2004-08-01 | 169.154.210.185 | A-169-154-210-185.giss.nasa.gov
>  2004-07-17 | 169.253.4.3     | acheson-c.state.gov env=<>,claimed to  
> be
>  2004-06-04 | 192.58.199.187  | pxcg5.navair.navy.mil env=<>,
>  2004-08-02 | 192.58.199.188  | pxcg6.navair.navy.mil env=<>,
>  2004-08-09 | 192.77.84.46    | X500ROOT.NASA.GOV  
> env=<MAILER-DAEMON@x50
>  2004-07-21 | 192.104.54.10   | mailgate1.fcc.gov env=<>,
>  2004-09-05 | 192.234.164.3   | claimed to be rch1.deq.virginia.gov
>  2004-07-31 | 198.238.118.230 | dist.dis.wa.gov
>  2004-10-12 | 199.134.141.70  | stl-mail-edge1.fsc.usda.gov  
> env=<>,claim
>  2004-07-02 | 204.124.231.11  | fw.cns.gov env=<>,claimed to be  
> [204.124
>  2004-08-27 | 204.193.246.81  | mail2.osec.doc.gov  
> env=<lAnadal1 () doc gov
>  2004-06-22 | 205.56.129.110  | noca1.uar.navy.mil env=<>,claimed to be
>  2004-08-27 | 205.56.129.112  | env=<>,claimed to be  
> dnsmail2.uar.navy.m
>  2004-07-19 | 205.56.145.37   | pacfc.fleet.navy.mil env=<>,claimed to  
> b
>  2004-08-28 | 205.128.215.120 | deptvass-cp.va.gov  
> env=<postmaster@med.v
>  2004-08-10 | 207.133.162.39  | grizzly2.clear.af.mil env=<>,
>  2004-09-22 | 208.27.111.22   | resav1i.gtwy.uscourts.gov env=<>,
>  2004-09-24 | 208.242.80.9    | msgate.pstripes.osd.mil env=<>,claimed  
> t
> ------------+----------------- 
> +------------------------------------------
>
> > I often wonder how long it would take MS to clean up their act if the
> > (US) GSA based their pricing on total cost of ownership and added in
> > the operational costs of keeping MS boxes clean.
>
>   You forgot your C&C warning.  Take a look at 144.51.88.131  Does the
>   name "Rainbow" strike a familiar note?  How about 129.6.16.226 or
>   132.163.128.82?  Or the champions at 146.138.1.0/24.  Or 162.2.111.9?
>   Fortunately, 204.193.246.81 isn't what it looks like from the name.
>   How about 132.250.0.0/16?  Or 164.223.1.100?
>
>   To be fair, there are a couple politicians writing to forged feedback
>   addresses, for a couple of those.  And the West Point entry appears  
> to
>   be some plebe's dorm room, not some slightly-downgraded seclab.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/