Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: www.dia.mil
From: Valdis.Kletnieks () vt edu
Date: Mon, 27 Oct 2008 14:13:01 -0400

On Mon, 27 Oct 2008 21:33:19 +0400, Razi Shaban said:
Yes, they're including a remote javascript. Then again, tens if not
hundreds of thousands of other websites include the very same script.
If statcounter's servers aren't very secure, they would have already
been compromised.

One would *hope* that a major country's spook agencies kept themselves to a
*slightly* higher security standard than Sixpack Joe's Website and
Bait-n-Tackle Emporium.  The risk/benefit analysis for the average .com and
the average .spook are a bit different.

On the other hand, look at the voting machines the US gov't has
contracted. They have a tendency to screw up with technology, making
this one of their lesser problems (if you want to consider it a
problem at all).

A totally separate problem, but one that's not in DIA's jurisdiction.

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]