Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Not even the NSA can get it right

from [Barrie Dempster] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Not even the NSA can get it right
Date: Fri, 27 May 2005 14:49:30 +0100 
Absolutely spot-on Dan,

My original posting was merely a link to an area of a page where someone
made a mistake, it's not a threat to US National Security in any big
way, the NSA don't give a damn about it. It's just a mistake made by a
developer on their public website, there are worse mistakes on that site
too, for anyone bored enough to go look.

The only people that care enough are defacers looking for a bit of fame.
No one with a life spends time trawling the NSA's website for trivial
errors, if you want to hack the NSA and you think their webserver is a
good place to start, you just might be out of your depth a little.

It wasn't supposed to spark a debate about what the NSA know, don't
know, would like to know, invented, stole or dreamed about. Although
that was probably my error, bringing it up in the first place, I should
have known there would be a tinfoil responses

I was in Nelson from the Simpsons mode and felt like I had to say
"HA-HA!" in public.

Anyone that thinks it's a honeypot is a nutter, if it was a honeypot as
Dan says its a very badly thought out one.

Just relax and feel safe in the knowledge that governments employ people
that make mistakes (there's a startling revelation!! :-P), point it out
to your next client so that it helps you get a contract or something.
Just don't come on FD and scream conspiracy though, because I've heard
them all and I'm the ringleader of most of them :-P.

BTW, I sell enhanced tinfoil very cheap, we all know that with simple
XSS regular tin foil is rendered useless!

Buy your enhanced tin foil now, it has built-in XSS protection!

On Thu, 2005-05-26 at 16:31 -0400, Dan Margolis wrote:

{Lot's of snipped out but extremely well said and utterly correct opinion}


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

blog: http://zeedo.blogspot.com
site: http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Not even the NSA can get it right, Dan Margolis
Next by Date:  [Full-disclosure] DNS Smurf revisited, Ian Gulliver
Previous by Thread:  Re: [Full-disclosure] Not even the NSA can get it right, Dan Margolis
Next by Thread:  Re: [Full-disclosure] Not even the NSA can get it right, James Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]