Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: www.dia.mil
From: "Bipin Gautam" <bipin.gautam () gmail com>
Date: Tue, 28 Oct 2008 01:49:23 +0545

On 10/28/08, Gary E. Miller <gem () rellim com> wrote:

A US intelligence agency is basically betting the bank that
statcounter.com,
a company apparently based in Ireland, doesn't get pwned or subverted.

And betting that the plain text from the DIA job applicants to
statcounter.com is not sniffed by anyone along the way.  If I was Russia
I would love to have the home IP for everyone that has applied to the DIA
for a job this year.  A few small bribes would make that happen.


And if    http://www.statcounter.com/features/    is not actually a
demo of what they already have for an agency i bet my money they have
a huge potential to be one. But aren't these old school tricks
already.

How can security audits be so careless about such a shortcoming.

The good old Microsoft saying goes almost like this, i.e " If a third
party script is embedded in your website its no longer your website (
or unless the third party is your big brothers website ) "

Once upon a time there was someone who use to blog software review's
except he had clients who paid him for he use to redirect software
downloads from a IP-list to a special spyware_infected_download.

-bipin

-- 
X-No-Archive:
___________________________________________

http://groups.google.com/group/Intelligence-Studies
************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault