lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 14 Sep 2007 13:21:59 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: Valdis.Kletnieks@...edu
Cc: jnf@...ec.net, full-disclosure <full-disclosure@...ts.grok.org.uk>,
	j_tripp_283@...oo.com
Subject: Re: Pro US government hackerganda


> You're suffering from a logical falicy, I worked in that arena (albeit
> it a different agency) in incident response for quite some time

Nice to know. I hope my government can either install ispell or send
some of you guys to Clueful University.

> of workstations and servers on a regular basis and downloaded
> everything that ended in extensions like .pdf, .eml, .doc, et cetera,
> it wouldn't take that long to get up to very high numbers. This is
> exactly what has occurred and makes your assertion that of ignorance
> and presumption.

So again, look at the statement from the previous article where the boys
from this gov state NIPR. Translation? Shit anyone can find on
Google.com/unclesam


> You again fall victim to foolish ignorance and presumption, just
> because a red network isn't connected, doesn't mean a yellow network
> isn't. I can't speak for DoD in that sense, I just know how it works
> in other agencies.

"I just know how it works in other agencies."... Not knowing, isn't this
the same quote on quote ignorance you accused me of. If you don't know I
would Google STFU if you haven't already heard/been told the term.

> Furthermore, with ratings like SBU/et cetera, and lots of it, you can
> gain valueable intelligence by combining all of it.

Irrelevant to what the government has stated. China has hacked
"TERABYTES OF DATA" ... Define hacked. Google hacked? How about gov
employees get a clue before they decide to leave top secret information
on a non secure webserver.

Here is one for you from the horses mouth. 100% true so help me any
deity. So I get a group of individuals visit my company about two weeks
ago. Golf shirts slacks, etc., really clean cut. Nice little blue and
white plates can be seen from the conference room with a big old G on
it. They start asking about pentesting EV-DO... They ramble on and
mention "we're using 128 bit..."

"Wait a minute" I told the gentleman. "You know you shouldn't be using
128 bit for encryption of TS documents in according with NIST." (And I
know this because I got a personal schooling from Bruce Schneier on
this. (http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf for clarity on
this)) Their response: "We know but we have M16's on each side of the
stream" and they chuckled.

My thoughts at that time... What a bunch of idiots. So what. M16's mean
nothing if you can't track someone sniffing you - you idiot... In
essence its stupid - and I sincerely and obnoxiously mean this - STUPID
IDIOTS in the government who allow these so called pseudoIntrusions
(add that to your buzzwords too).

See an intrusion hasn't occurred here period, error and human stupidity
has though and now the US government is calling the kettle black. In
case you have either forgotten or never heard of the abuses of ECHELON
not to even bother pointing out the mess we have in this country with
our warrantless M&M color coded uberDuber terrorAlert crapaganda systems.

So politics aside, its stupidity black and white, not an intrusion that
is leading to the compromise of data. If the data is on unsecured
webservers that are on the Internet, don't blame the ingenuity of
someone for finding something that should have been on SIPR instead of
being online (NIPR) to the public in the first place.

The gov should re-iterate the differences between SIPR, NIPR, RIPR and
other systems to clueless idiots on computers, servers, crackberries or
whatever other mediums they choose to use.



-- 
====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ