>>On 10/28/08, Gary E. Miller <[EMAIL PROTECTED]> wrote: >> >> A US intelligence agency is basically betting the bank that >> statcounter.com, >> a company apparently based in Ireland, doesn't get pwned or subverted. > > And betting that the plain text from the DIA job applicants to > statcounter.com is not sniffed by anyone along the way. If I was Russia > I would love to have the home IP for everyone that has applied to the DIA > for a job this year. A few small bribes would make that happen. >
And if http://www.statcounter.com/features/ is not actually a demo of what they already have for an agency i bet my money they have a huge potential to be one. But aren't these old school tricks already. How can security audits be so careless about such a shortcoming. The good old Microsoft saying goes almost like this, i.e " If a third party script is embedded in your website its no longer your website ( or unless the third party is your big brothers website ) " Once upon a time there was someone who use to blog software review's except he had clients who paid him for he use to redirect software downloads from a IP-list to a special spyware_infected_download. -bipin -- X-No-Archive: ___________________________________________ http://groups.google.com/group/Intelligence-Studies ************************************************************ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
