<<< Date Index >>>     <<< Thread Index >>>

[IP] more on "Fiscal 2005 spending bill addresses privacy issues"



Begin forwarded message:

From: Rich Kulawiec <rsk@xxxxxxx>
Date: December 8, 2004 7:23:45 AM EST
To: Peter Swire <peter@xxxxxxxxxxxxxx>
Cc: David Farber <dave@xxxxxxxxxx>
Subject: Re: [IP] more on "Fiscal 2005 spending bill addresses privacy issues" 

On Tue, Dec 07, 2004 at 05:38:33PM -0500, David Farber wrote:

That may be a boon to the consulting companies, but may not
be the best use of a given amount of privacy and security dollars.


I concur.  One of the issues that I don't see addressed here
is the increasing risk to the public of unintentional privacy
violations caused by nearly non-existent computer/network security
throughout all levels of government.

Dr. Farber already ran (on IP) the note that I forwarded from NANOG
about a DDoS attack being conducted in part from .mil network
space; reports about other similar activities are now becoming
routine (example from a days ago appended below).

The severity level of these is unknown and probably unknowable
by outsiders, but the general picture that has emerged over the
psat few years is that Internet-connected federal/state/local
government computer systems and networks are horribly insecure.
The flaws appear to be systemic and begin with poor purchasing
decisions (e.g., DHS standardized on Windows, which is insane).

So we not only need to be worried about privacy violations being
carried out by government employees, we need to be worried about
privacy violations being carried out by unknown third parties.

I wonder how much in the way of, oh, identity theft, has been
carried out by attackers who simply wait for the relevant agencies
to collect private data and then harvest it when it's convenient?

And that's not the worst of it: little stops the same attackers
from _altering_ the data.

---Rsk



From: Bruce Gingery <bg7341@xxxxxxxx>
Subject: Re: Media: Tenet calls for Internet security
Date: Sat, 4 Dec 2004 04:34:28 -0700
To: SPAM-L@xxxxxxxxxxxxxxxxxxxx

Hal Murray wrote:

"Brian" cited

http://www.washingtontimes.com/national/20041201-114750-6381r.htm
Mr. Tenet called for industry to lead the way by "establishing and
enforcing" security standards. Products need to be delivered to
government and private-sector customers "with a new level of security
and risk management already built in."


QUESTION
One could turn that around and ask what would happen if the government 
 sector set a good example by not purchasing insecure software.

ANSWER
     40 years or so, perhaps?  First gotta get the salt pork out, and
  of course the spiced ham...
OTOH, I'd already started Tenet's advice, before the classified laptop was left in the bedroom -- well, not quite. I deny connections to the following, most of which have shown themselves to be at least REMOTELY driven by forgers and zombies... See any organizations you recognize? 

  Some of them were probably in the recent WiFi DC sweep.  I filtered
out .gov.ru, .gov.uk, .gov.ua, gov.au Canadian provinces, and the like 
  from this list.  There's plenty, around the world!
------------+----------------- +------------------------------------------ 
  Blocked   |      CIDR       |                 Comment
------------+----------------- +------------------------------------------ 2004-08-24 | 128.102.31.194 | arc-relay1.arc.nasa.gov env=<>,claimed t 
 2004-07-09 | 128.159.101.177 | kmail.ksc.nasa.gov
2004-07-16 | 128.231.2.103 | itchy.cit.nih.gov env=<MAILER-DAEMON@itc 
 2004-11-01 | 128.231.90.113  | nihhubims3.hub.nih.gov env=<>
2004-07-27 | 129.6.16.226 | rimp1.nist.gov env=<>,claimed to be smtp 
 2004-10-01 | 129.29.2.3      | westpf-doim001.usma.army.mil env=<>
 2004-09-29 | 129.139.10.126  | imail1.pica.army.mil env=<>,
 2004-08-16 | 129.164.30.24   | venus.ivv.nasa.gov env=<>,
 2004-09-14 | 131.6.84.3      | eagle2.langley.af.mil env=<>,
 2004-11-02 | 131.9.254.188   | amcuxns802.amc.af.mil env=<>,claimed to
 2004-06-03 | 131.9.254.189   | amcuxfw801.amc.af.mil env=<>,
 2004-06-22 | 131.158.50.105  | nmic-btmd-gwexc.med.navy.mil env=<>
 2004-10-24 | 131.158.50.238  | nmic-btmd-post3.med.navy.mil env=<>
 2004-06-15 | 132.45.192.3    | andes.arnold.af.mil
2004-10-22 | 132.52.154.10 | jayhawk.vance.af.mil env=<>,claimed to b 
 2004-06-27 | 132.58.234.9    | zeus.nellis.af.mil env=<>
2004-07-25 | 132.163.128.82 | franklin-node2.boulder.nist.gov env=<>,c 2004-10-12 | 132.250.1.115 | smail1.nrl.navy.mil env=<>,claimed to be 2004-09-14 | 132.250.83.3 | s2.itd.nrl.navy.mil env=<Symantec_AntiVi 
 2004-08-12 | 132.250.118.80  | mx-a0.ccs.nrl.navy.mil env=<>
 2004-10-15 | 137.244.215.8   | cits-darla.robins.af.mil env=<>
 2004-11-07 | 138.162.140.59  | gate21-sandiego.nmci.usmc.mil env=<>
 2004-08-09 | 140.90.121.142  | mocbox2.nems.noaa.gov env=<>
 2004-06-01 | 140.140.58.5    | diamondback.brooks.af.mil env=<>,
2004-06-04 | 140.185.1.133 | ddmfitayz003.osd.mil claimed to be ddmfi 
 2004-11-28 | 143.81.8.22     | dohaexch2.kuwait.army.mil env=<>,
 2004-09-11 | 143.231.86.9    | taurus.house.gov
2004-07-26 | 143.231.86.15 | cetus.house.gov env=<>,claimed to be ap0 
 2004-06-08 | 144.51.88.131   | zombie.ncsc.mil (forged) env=<>,
2004-09-11 | 144.141.194.2 | rnoc1.pacsw.navy.mil env=<>,claimed to b 2004-09-05 | 146.138.1.106 | HQMMS2.hr.DOE.GOV env=<>,claimed to be h 2004-10-02 | 146.138.1.107 | HQMMS1.hr.doe.gov env=<>,claimed to be h 
 2004-09-09 | 147.35.30.8     | cesklnexch1.26asg.army.mil env=<>
 2004-09-29 | 148.129.129.22  | dispatch.tco.census.gov env=<>
 2004-09-12 | 150.192.50.56   | lewiml006.lewis.army.mil env=<>
2004-11-25 | 155.216.56.4 | env=<>,claimed to be dixxml000000002.dix 
 2004-09-30 | 156.33.203.20   | senmail2.senate.gov
 2004-08-02 | 156.33.203.25   | senmail4.senate.gov
2004-08-15 | 159.233.156.35 | ntdotex.dot.pima.gov env=<>,claimed to b 
 2004-09-17 | 160.91.4.110    | emroute3.ornl.gov env=<>,
 2004-09-01 | 160.133.207.225 | pom-mail1.monterey.army.mil
2004-07-05 | 162.2.111.9 | cdssmsg03.cdss.dss.ca.gov env=<>,claimed 2004-09-22 | 164.65.217.32 | dddc025.ha.osd.mil env=<>,W32.Swen <mgd@ 2004-06-12 | 164.82.144.31 | dcmail1b.dc.gov claimed to be dcmail0.dc 2004-10-24 | 164.223.1.100 | NPRI54MAI01.NPT.NUWC.NAVY.MIL env=<>,cla 
 2004-09-01 | 165.110.1.18    | nthq8.sba.gov env=<>,
 2004-08-01 | 169.154.210.185 | A-169-154-210-185.giss.nasa.gov
2004-07-17 | 169.253.4.3 | acheson-c.state.gov env=<>,claimed to be 
 2004-06-04 | 192.58.199.187  | pxcg5.navair.navy.mil env=<>,
 2004-08-02 | 192.58.199.188  | pxcg6.navair.navy.mil env=<>,
2004-08-09 | 192.77.84.46 | X500ROOT.NASA.GOV env=<MAILER-DAEMON@x50 
 2004-07-21 | 192.104.54.10   | mailgate1.fcc.gov env=<>,
 2004-09-05 | 192.234.164.3   | claimed to be rch1.deq.virginia.gov
 2004-07-31 | 198.238.118.230 | dist.dis.wa.gov
2004-10-12 | 199.134.141.70 | stl-mail-edge1.fsc.usda.gov env=<>,claim 2004-07-02 | 204.124.231.11 | fw.cns.gov env=<>,claimed to be [204.124 2004-08-27 | 204.193.246.81 | mail2.osec.doc.gov env=<lAnadal1@xxxxxxx 
 2004-06-22 | 205.56.129.110  | noca1.uar.navy.mil env=<>,claimed to be
2004-08-27 | 205.56.129.112 | env=<>,claimed to be dnsmail2.uar.navy.m 2004-07-19 | 205.56.145.37 | pacfc.fleet.navy.mil env=<>,claimed to b 2004-08-28 | 205.128.215.120 | deptvass-cp.va.gov env=<postmaster@xxxxx 
 2004-08-10 | 207.133.162.39  | grizzly2.clear.af.mil env=<>,
 2004-09-22 | 208.27.111.22   | resav1i.gtwy.uscourts.gov env=<>,
2004-09-24 | 208.242.80.9 | msgate.pstripes.osd.mil env=<>,claimed t ------------+----------------- +------------------------------------------ 


I often wonder how long it would take MS to clean up their act if the
(US) GSA based their pricing on total cost of ownership and added in
the operational costs of keeping MS boxes clean.


  You forgot your C&C warning.  Take a look at 144.51.88.131  Does the
  name "Rainbow" strike a familiar note?  How about 129.6.16.226 or
  132.163.128.82?  Or the champions at 146.138.1.0/24.  Or 162.2.111.9?
  Fortunately, 204.193.246.81 isn't what it looks like from the name.
  How about 132.250.0.0/16?  Or 164.223.1.100?

  To be fair, there are a couple politicians writing to forged feedback
addresses, for a couple of those. And the West Point entry appears to 
  be some plebe's dorm room, not some slightly-downgraded seclab.



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/