• Home
  • Reviews
  • Articles
  • News
  • Tools
  • GamingHeaven
  • Forums
  • Network
 

Go Back   DriverHeaven.net > Forums > News > News
Reload this Page

DoD offering admin privileges on .mil Web sites

Register FAQ Members List Search Today's Posts Mark Forums Read

Notices
DriverHeaven is currently recruiting for the AWOMO Beta Test / Elite Op Team. AWOMO is a digital download service for games, and we're looking to expand the beta team. If you're interested. Sign up as a member here at DriverHeaven and then head HERE to submit your details. Thanks
For more info on AWOMO visit their site HERE
Welcome to the DriverHeaven.net forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us.

Reply
 
LinkBack Thread Tools
Old Jan 26, 2003, 07:12 PM   #1
Unbiased.
 
Join Date: Jun 2002
Posts: 4,812
Rep Power: 0
ToshiroOC is on a distinguished road

DoD offering admin privileges on .mil Web sites
Care to register a .mil Web site of your own for free? The DoD has gone out of its way to make it a snap. An unbelievably badly-protected admin interface welcomes you to register whatever domain you please (http://Rotten.mil anyone?), or edit anything they've already got. The interface is so ludicrously unprotected that it's been cached by Google and fails to mention that you must be authorized to muck about with it. Incredibly, default passwords are cheerfully provided on the page.

Following an anonymous tip from an observant Reg reader, we've encountered the page in question in the Google cache, and after a bit of our own poking about have also discovered an equally unprotected (and Google-cached) admin interface encouraging us to add a new user, like ourselves, say, which requires no authentication.

All you have to do is find that page and you can set yourself up with a user account, manage your new .mil Web site, fiddle about with other people's .mil Web sites, and generally make an incredible nuisance of yourself. We are, of course, straining against every natural, journalistic impulse in our beings by neglecting to mention any useful search strings with which to find it.

Another unprotected and cached page, this one discovered by our tipster, lists traffic to a major DoD Web site by URL/IP address. This worries us because it may list .mil sites and networked DoD machines that are not public, not hotlinked anywhere, and which might contain (or be networked with other machines that contain) sensitive data. Merely knowing that all those URLs and IP addys are valid and owned by DoD would give a significant advantage to attackers by narrowing their target area dramatically.

--By Thomas C Greene, source: The Register

Article can be read here.
ToshiroOC is offline   Reply With Quote


Old Jan 26, 2003, 07:24 PM   #2
Unbiased.
 
Join Date: Jun 2002
Posts: 4,812
Rep Power: 0
ToshiroOC is on a distinguished road

I have a friend who independantly verified this - if not for that, I wouldn't have posted this sort of "sensationalism" from The Register... and no, I don't have the URLs, and even if I did, I would not disclose them under any circumstances.
ToshiroOC is offline   Reply With Quote
Old Jan 26, 2003, 07:28 PM   #3
Colour Commentator
 
digitalwanderer's Avatar
 
Join Date: May 2002
Location: Highland, IN USA
Posts: 5,619
Rep Power: 0
digitalwanderer is an unknown quantity at this point

OMFG!
Looks like Cyborg added that smiley just in time, that is fricking INSANE!!! With all the talk of "cyber-terrorism" and such the idea of a security hole that you can drive a freaking truck thru existing like that is just inexcusable!!!! I'd go and mess with it just to bring it to their attention/let 'em know how bloody idiotic it is....but I don't want the guys in the sunglasses coming around and knocking on the door asking me questions again! Stay away from the temptation peeps, the US govt is NOT in a humorous mood about such things right now.
digitalwanderer is offline   Reply With Quote
Old Jan 26, 2003, 07:29 PM   #4
"Amusing Comment Here"
 
Join Date: Nov 2002
Location: Birmingham UK
Posts: 232
Rep Power: 0
Aspect is on a distinguished road

I cant be bothered to read all that? Can u tell me in a short version?
Aspect is offline   Reply With Quote
Old Jan 27, 2003, 12:11 AM   #5
confutatis maledictis
 
Vampyromaniac's Avatar
 
Join Date: May 2002
Location: somewhere dark
Posts: 5,952
Rep Power: 0
Vampyromaniac is on a distinguished road
System Specs

ok

DoD

the D's are the cheeks, and the little 'o' is unprotected
Vampyromaniac is offline   Reply With Quote
Old Jan 27, 2003, 01:30 PM   #6
Flash Banner Hater
 
Join Date: Jun 2002
Location: UK
Posts: 3,011
Rep Power: 46
Matth will become famous soon enough
System Specs

I predict that sites in the .mil domain will be experiencing something looking like a DOS attack - as the sightseers try to be the one to say "I found it too!"

http://www.nic.mil/cgi-bin/domain
I don't think that's it, as it looks pretty well protected (address required etc.)
Last edited by Matth; Jan 27, 2003 at 01:44 PM.
Matth is offline   Reply With Quote
 

  
Powered by: vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0
vBulletin implementation by Craig '5320' Humphreys

Contact Us - DriverHeaven.net - Top
All times are GMT -5. The time now is 08:42 PM. Copyright ©2008 HeavenMedia.net