Yesterday, James R. Van Zandt gleaned this insight:
> >It's also worth pointing out that MITRE Corp. has historically been
> >one of the greatest sources of Internet-based network breakins in the
> >world. Read Cliff Stoll, _The Cukoo's Egg_.
>
> Yes, MITRE got a black eye over that one. Right after that, they
> started requiring SecurID authentication for any access from outside
> to inside: dialup, ftp, telnet, or ssh.
>
> The classified machines are generally protected by alarms, combination
> locks, badge magnetic strip readers, and 4-digit PIN electric locks
> (yes, all four - and you thought your procedures were a PITA?). The
> classified and unclassified nets are kept apart by physical separation
> and/or NSA-approved crypto. Still vulnerable to an inside job, of
> course - but it would require someone with a security clearance.
>
> The Cuckoo's Egg incident was about 15 years ago, IIRC. Are we still
> on parole? :-)
All of this sounds pretty rock solid, but if you'd asked Mitre back then
(and people did), they'd have told you that their security was state of
the art and that no one could penetrate it (and they did). So why should
we believe you now? :)
Ah, yes, I'm afraid Mitre will be scarred for life...
Note that none of what you said says much about how the systems are
connected, and what kinds of security measures are taken to secure the
trusted hosts from eachother... from what you said, we could assume that
once you had access to one via your PIN, card, rectal scan, what have
you, that you had free reign across the network. I doubt that's the case,
but you've left it to our imagination.
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
