Re: [Full-disclosure] Not even the NSA can get it right

From: Dan Margolis (lists.fd.dmargoli_at_af0.net)
Date: 05/26/05

  • Next message: Barrie Dempster: "Re: [Full-disclosure] Not even the NSA can get it right"
    Date: Thu, 26 May 2005 16:31:38 -0400
    To: full-disclosure@lists.grok.org.uk
    
    

    On Wed, May 25, 2005 at 11:42:45PM -0400, Paul Kurczaba wrote:
    > To the NSA's advantage, I truly believe that the NSA.gov site is a
    > natural honeypot. If you think of all the people that try to break in to
    > it, the NSA looks at their logs and says "Sweet!, we've learned
    > something new today. Keep on comming..."
    >
    > just my $0.02

    Valdis and I discussed this a little bit off-list. He disagrees, but I
    contend that anything that the NSA could learn from such would be
    useless to their two primary goals--securing intelligence, military, and
    other government and private sector infrastructure, and conducting
    interception/decryption/info war on foreign (or domestic?) "enemy"
    targets.

    Consider:

    www.nsa.gov is NOT a tempting target, thus the likely attackers
    are stupid kiddies.

    Stupid kiddies are not going to use anything new to the NSA on
    www.nsa.gov.

    The NSA therefore learns a) what the kiddies know, and b) who the
    kiddies are (assuming they don't disguise themselves well)

    (a) is relatively useless; it's sole value *might* be in indicating what
    is "public" and thus not likely to work against a target, but given that
    they are going against targets with far more resources than the average
    kiddie, this is a poor, if not worthless, indicator of such.

    (b) is useless, because the NSA does not conduct law enforcement
    operations against cyber criminals, nor, from what we've all heard, do
    they cooperate overly well with the agencies that do.

    So they've really got nothing to gain from wasting valuable employee
    time on such a stupid matter. Even the NSA hires underpaid civil
    servants--and I don't think it was a top-secret spook who coded the
    ColdFusion behind the front page.

    Feel free to let your own imaginations run wild, though. I've heard some
    real convincing stories indicating that the Masons were behind the
    September 11 attacks, too.

    > According to netcraft, they are running IIS.

    You can verify this for yourself by looking at the server headers--or
    running an OS fingerprinting tool against them. Sure, they could be
    spoofing it, but see above.

    -- 
    Dan
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Barrie Dempster: "Re: [Full-disclosure] Not even the NSA can get it right"

    Relevant Pages

    • Re: Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit Radicalize
      ... according to a top-secret NSA document. ... provided by NSA whistleblower Edward Snowden, identifies six targets, ... -- "assessment report on radicalization indicated that radicalizers ... exploited are "viewing sexually explicit material online" and "using ...
      (rec.sport.pro-wrestling)
    • Can You Hear Me Now? - NSA identifies lethal drone strike targets with phone metadata
      ... - NSA identifies lethal drone strike targets with phone metadata ... The National Security Agency is using complex analysis of electronic surveillance, rather than human intelligence, as the primary method to locate targets for lethal drone strikes – an unreliable tactic that results in the deaths of innocent or unidentified people. ... According to a former drone operator for the military’s Joint Special Operations Command who also worked with the NSA, the agency often identifies targets based on controversial metadata analysis and cell-phone tracking technologies. ...
      (rec.arts.tv)
    • some sour eggs regard Yvette, and they least shop Stephanie too
      ... Mahammed never eases until Afif targets the annual destruction softly. ... NSA personnel waited a year or so before briefing even him on the NSA ... Asked whether he was concerned about the legality of expanding greatly its ... the Agency to squeeze the watch lists together as tightly as possible. ...
      (sci.crypt)