Mr Budi Rahardjo, Agaknya saya lebih tertarik mendaftarkan http://sumanto.or.id biar low profile, bukan .mil bukan .go.id tapi cukup seremmm.
Heri S ----- Original Message ----- From: Budi Rahardjo <[EMAIL PROTECTED]> Date: Mon, 27 Jan 2003 06:59:56 +0700 To: [EMAIL PROTECTED] Subject: [Idnic] .MIL dibuka? wah seraaaammm > Anda mau daftar .MIL? Ini dia ... > Wah mereka diketawain. Mau daftar apasaja.mil bisa katanya > -- budi > > > > http://www.theregister.co.uk/content/55/29026.html > > > DoD offering admin privileges on .mil Web sites > By Thomas C Greene in Washington > Posted: 24/01/2003 at 21:22 GMT > > Care to register a .mil Web site of your own for free? The DoD has gone out of its >way to make it a snap. An unbelievably badly-protected admin interface welcomes you >to register whatever domain you please (http://Rotten.mil anyone?), or edit anything >they've already got. The interface is so ludicrously unprotected that it's been >cached by Google and fails to mention that you must be authorized to muck about with >it. Incredibly, default passwords are cheerfully provided on the page. > > Following an anonymous tip from an observant Reg reader, we've encountered the page >in question in the Google cache, and after a bit of our own poking about have also >discovered an equally unprotected (and Google-cached) admin interface encouraging us >to add a new user, like ourselves, say, which requires no authentication. > > All you have to do is find that page and you can set yourself up with a user >account, manage your new .mil Web site, fiddle about with other people's .mil Web >sites, and generally make an incredible nuisance of yourself. We are, of course, >straining against every natural, journalistic impulse in our beings by neglecting to >mention any useful search strings with which to find it. > > Another unprotected and cached page, this one discovered by our tipster, lists >traffic to a major DoD Web site by URL/IP address. This worries us because it may >list .mil sites and networked DoD machines that are not public, not hotlinked >anywhere, and which might contain (or be networked with other machines that contain) >sensitive data. Merely knowing that all those URLs and IP addys are valid and owned >by DoD would give a significant advantage to attackers by narrowing their target area >dramatically. > > We have e-mailed the person who manages these sites - twice in fact - but so far >have not been graced with a reply. We were hoping that they might be inclined to fix >this mess quickly so that we could safely include the details in our report. >Unfortunately we have to withhold them until we're confident that these security >snafus are under control. > > Ironically, US Defense Secretary Donald Rumsfeld recently ordered DoD to purge >military Web sites of information that might benefit evildoers. That's all well and >good, but it might behoove the DoD to stop offering them admin privileges first. ® > _______________________________________________ > Idnic mailing list > [EMAIL PROTECTED] > http://www.idnic.net.id/cgi-bin/mailman/listinfo/idnic -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Meet Singles http://corp.mail.com/lavalife _______________________________________________ Idnic mailing list [EMAIL PROTECTED] http://www.idnic.net.id/cgi-bin/mailman/listinfo/idnic