lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 29 Oct 2008 13:08:00 +0200
From: "Viktor Larionov" <viktor.larionov@...va.ee>
To: "Adrian P." <unknown.pentester@...il.com>, <Valdis.Kletnieks@...edu>,
	"Razi Shaban" <razishaban@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: www.dia.mil

And maybe friends, you could explain me what's so special about dia.mil ?

I would actually understand if CIA central internal information system would
use such trackers, but if it's a public web page, what's so special about it
?
And ok, even if the information on visitors leaks - what's so interesting
about visitors statistics to dia.mil ?
What makes those visitors or the URL-s they request so special ?

Or maybe you suppose CIA will hold sensetive materials on a public webserver
? e.g. www.dia.mil/sometopsecretstuff... Well I agree, you can find stupid
things everywhere nowdays, but I surely hope that they don't do it.

I guess that visitor statistics to google.com are thousand times more
interesting than dia.mil.

>>From my personal point of view dia.mil visitors statistics offer exactly the
same interest like www.desperatehousewives.com visitor statistics.
(intelligence guys, no offence :P)


Kindest regards,
---
Viktor Larionov
snr. system administrator
R&D team
Salva Kindlustuse AS
Parnu mnt. 16
10141 Tallinn
ESTONIA
tel: (+372) 683 0636, (+372) 680 0500
fax: (+372) 680 0501
gsm: (+372) 5668 6811
viktor.larionov@...va.ee

------------
MOTD: Dream Big. Think the impossible. If you can dream it - you can create
it.



-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Adrian P.
Sent: Wednesday, October 29, 2008 12:02 PM
To: Valdis.Kletnieks@...edu; Razi Shaban
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] www.dia.mil


Welcome to the web!

1 website = content retrieved from dozens/hundreds of sites. Much more than
what the browser's address bar shows ;)

Think of ad banners, analytics JS ("legit" spyware), static content served
from high-speed embedded httpds, etc ...

And yes, there are security implications to this design problem.


-----Original Message-----
From: Valdis.Kletnieks@...edu
Sent: 27 October 2008 17:22
To: Razi Shaban <razishaban@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] www.dia.mil

On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said:
> On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <bipin.gautam@...il.com>
wrote:
> >
> > A picture is worth a thousand words.
> >
> > But whats so wrong about it?
> >
> > :P
>
>
> So what?

A US intelligence agency is basically betting the bank that statcounter.com,
a company apparently based in Ireland, doesn't get pwned or subverted.

Does that give you warm-n-fuzzies?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ