And maybe friends, you could explain me what's so special about dia.mil ? I would actually understand if CIA central internal information system would use such trackers, but if it's a public web page, what's so special about it ? And ok, even if the information on visitors leaks - what's so interesting about visitors statistics to dia.mil ? What makes those visitors or the URL-s they request so special ?
Or maybe you suppose CIA will hold sensetive materials on a public webserver ? e.g. www.dia.mil/sometopsecretstuff... Well I agree, you can find stupid things everywhere nowdays, but I surely hope that they don't do it. I guess that visitor statistics to google.com are thousand times more interesting than dia.mil. >From my personal point of view dia.mil visitors statistics offer exactly the same interest like www.desperatehousewives.com visitor statistics. (intelligence guys, no offence :P) Kindest regards, --- Viktor Larionov snr. system administrator R&D team Salva Kindlustuse AS Parnu mnt. 16 10141 Tallinn ESTONIA tel: (+372) 683 0636, (+372) 680 0500 fax: (+372) 680 0501 gsm: (+372) 5668 6811 [EMAIL PROTECTED] ------------ MOTD: Dream Big. Think the impossible. If you can dream it - you can create it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Adrian P. Sent: Wednesday, October 29, 2008 12:02 PM To: [EMAIL PROTECTED]; Razi Shaban Cc: [email protected] Subject: Re: [Full-disclosure] www.dia.mil Welcome to the web! 1 website = content retrieved from dozens/hundreds of sites. Much more than what the browser's address bar shows ;) Think of ad banners, analytics JS ("legit" spyware), static content served from high-speed embedded httpds, etc ... And yes, there are security implications to this design problem. -----Original Message----- From: [EMAIL PROTECTED] Sent: 27 October 2008 17:22 To: Razi Shaban <[EMAIL PROTECTED]> Cc: [email protected] Subject: Re: [Full-disclosure] www.dia.mil On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said: > On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <[EMAIL PROTECTED]> wrote: > > > > A picture is worth a thousand words. > > > > But whats so wrong about it? > > > > :P > > > So what? A US intelligence agency is basically betting the bank that statcounter.com, a company apparently based in Ireland, doesn't get pwned or subverted. Does that give you warm-n-fuzzies? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
