Skip to comments.
U.S. military computer attacked
MSNBC.com ^
| 3/17/03
| Bob Sullivan
Posted on 03/17/2003 2:17:12 PM PST by Bloody Sam Roberts
March 17 A computer intruder armed with a secret, particularly effective attack tool recently took control of an Army Web server, MSNBC.com has learned. Both Microsoft and the CERT Coordination Center released hastily-prepared warnings about the vulnerability that led to the attack on Monday. But it was a disturbingly successful attack, experts say, because the intruder found and exploited a flaw that took security researchers completely by surprise.
Its unknown what Army computer was attacked, how significant a target it was, or what the intruders intentions were. But the exploit was sophisticated and well designed, and it was alarmingly successful, said Russ Cooper, security researcher for TruSecure Corp. The company learned of the attack through sources in the U.S. military last Tuesday, Cooper said. We believe the Army was being targeted, Cooper said. We dont believe anybody else has been targeted by this.
(Excerpt) Read more at msnbc.com ...
TOPICS: Announcements; Breaking News; Crime/Corruption; Culture/Society; Government; Miscellaneous; News/Current Events; Technical
KEYWORDS: attack; computer; hacker; microsoft; usmilitary
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
Didn't see this posted when I did a search.
To: Bloody Sam Roberts
They'll never know the successful ones.
2
posted on
03/17/2003 2:19:14 PM PST
by
VRWC_minion
(Opinions posted on Free Republic are those of the individual posters and most are right)
To: VRWC_minion
They'll never know the successful ones. Only when it's too late.
To: Bloody Sam Roberts
Does this explain why there have been almost daily software "updates" from Microsoft recently?
4
posted on
03/17/2003 2:27:14 PM PST
by
NewYorker
To: Bloody Sam Roberts
Wow they took down a Web server. That will show us!
/sarcasm
5
posted on
03/17/2003 2:27:17 PM PST
by
demlosers
To: Bloody Sam Roberts
If they're using off-the-shelf Windows servers, they get what they deserve. The inherent insecurity of them is the sort of thing you learn on the very first day of IT 101.
6
posted on
03/17/2003 2:28:52 PM PST
by
Timesink
(Hi, Billy Mays here for new MOAB! It'll wipe your worst stains right off the face of the planet!)
To: Bloody Sam Roberts
Any idiot, military or otherwise, who runs Win2k and IIS on a publicly available server deserves what he gets. The history of MS software is bug-infested, security-unaware code.
7
posted on
03/17/2003 2:30:20 PM PST
by
ikka
To: Timesink
I am hopefull that we do not place important secrets on servers that are connected to the public internet via firewalls or not.
8
posted on
03/17/2003 2:31:01 PM PST
by
Noslrac
To: Bloody Sam Roberts
Im a big fan os ASP and the ability of IIS but their securty risks are for personal use only in my opinion. I have grown to like PHP with Apache. Im a big MS user too. I just know their limitations.
9
posted on
03/17/2003 2:32:50 PM PST
by
smith288
("The reason I am not a liberal is because im not as certain about my guesswork" -Dennis Miller)
To: Bloody Sam Roberts
Isn't there a secure software package that isn't microsoft, that is designed specifically for the government? Like the red phones. Please, let me be dictator of the US for one day.....
To: Bloody Sam Roberts
Not to worry. The miltary doesn't put classified stuff on computers that can be accessed via public networks. For obvious reasons.
To: Bloody Sam Roberts
Microsoft That says it all.
12
posted on
03/17/2003 2:43:32 PM PST
by
PianoMan
(Liberate the Axis of Evil)
To: Bloody Sam Roberts
And so it begins.....
13
posted on
03/17/2003 2:47:08 PM PST
by
Beck_isright
(A good battle plan that you act on today can be better than a perfect one tomorrow. - Gen. Patton)
To: VRWC_minion
You are correct. This kind of attack has no military purpose. A "trojan horse" attack that collected information and otherwise caused no disruption is one of the only kinds of attack worth pursuing for national security purposes. Odds are this is just a particularly good cracker.
14
posted on
03/17/2003 2:56:48 PM PST
by
eno_
To: Indy Pendance
A lot of military systems use Unix or Linux. More secure. The microsoft nuts will come on this thread shortly and say it isn't so, but they will be wrong. :)
To: eno_
Odds are this is just a particularly good cracker. I'm told that people from Georgia aren't fond of that moniker. We need to be more sensitive in our use of such phrases. We wouldn't want to offend anyone.
</sarcasm>
To: FreeTheHostages
I know about Unix and Linux, BUT I'M NOT A GEEK OR AN EXPERT ABOUT IT. (just had to say that). But don't you think in the best interest of the US for security, we should develop a totally new system strictly for government applications? Something that's not advertised, ala, phone systems, which only those with security clearance can access?
To: FreeTheHostages
Many closed systems do.....hackable systems generally don't.
18
posted on
03/17/2003 3:29:18 PM PST
by
Archie Bunker on steroids
(DNC is funding & organizing international and national antiwar movement)
To: Indy Pendance
There are a variety of systems used on governmental facilities and different ways of having access. I imagine that if anyone knows anything specific along the lines of what you suggest (and I don't), they'd be forbidden to discuss it.
To: Indy Pendance
What you're suggesting is "security through obscurity."
That approach is NOT immune to glaring security holes--witness the number of buffer exploits available on closed-source systems such as Windows NT/2000, SunOS, HP-UX, et cetera.
And limiting access to those having a security clearance may only mean that the attackers will have a better idea of what boxes to attack.
John Walker had a Top Secret Clearance for many years.
The solution for open AND closed-source software is for coders to use well-established techniques to avoid buffer overflows (the most common form of exploit), and system admins to pay attention to what their systems are doing (something that is not always available).
20
posted on
03/17/2003 3:33:41 PM PST
by
Poohbah
(Beware the fury of a patient man -- John Dryden)
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson