lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: rms at computerbytesman.com (Richard M. Smith)
Subject: How *not* to point out a security problem

http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story  

Hacker Arrested in San Diego
The security specialist could face 30 years for 
downloading from the military and others. 
By Tony Perry, Times Staff Writer September 30, 2003

SAN DIEGO - A computer security specialist who claimed 
he hacked into top-secret military computers to show how 
vulnerable they were to snooping by terrorists was arrested 
and charged Monday with six felony counts that could bring 
a 30-year prison sentence.

Brett Edward O'Keefe, 36, president of ForensicTec Solutions, 
a start-up company here, is accused of hacking into computers 
of the Navy, the Army, the Department of Energy, the National 
Aeronautics and Space Administration and several private companies.

Before his arrest, O'Keefe told reporters that he had hacked 
into the computers to drum up business for his fledgling company 
and to show that the nation's top military secrets are not safe, 
despite pronouncements that security has been tightened since 
the terrorist attacks of Sept. 11, 2001.

....

http://www.washingtonpost.com/ac2/wp-dyn/A24191-2002Aug15?language=printer

Sleuths Invade Military PCs With Ease 
By Robert O'Harrow Jr.
Washington Post Staff Writer
Friday, August 16, 2002; Page A01 

SAN DIEGO, Aug. 15 -- Security consultants entered scores 
of confidential military and government computers without 
approval this summer, exposing vulnerabilities that specialists 
say open the networks to electronic attacks and spying.

The consultants, inexperienced but armed with free, widely 
available software, identified unprotected PCs and then 
roamed at will through sensitive files containing military 
procedures, personnel records and financial data.

One computer at Fort Hood in Texas held a copy of an air 
support squadron's "smart book" that details radio encryption 
techniques, the use of laser targeting systems and other field 
procedures. Another maintained hundreds of personnel records 
containing Social Security numbers, security clearance levels 
and credit card numbers. A NASA computer contained vendor 
records, including company bank account and financial routing numbers.

ForensicTec officials said they first stumbled upon the 
accessible military computers about two months ago, when 
they were checking network security for a private-sector 
client. They saw several of the computers' online identifiers, 
known as Internet protocol addresses. Through a simple Internet 
search, they found the computers were linked to networks at 
Fort Hood.

Former employees of a private investigation firm -- and 
relative newcomers to the security field -- the ForensicTec 
consultants said they continued examining the system because 
they were curious, as well as appalled by the ease of access. 
They made their findings public, said ForensicTec President 
Brett O'Keeffe, because they hoped to help the government 
identify the problem -- and to "get some positive exposure" 
for their company.

.....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ