, SecurityFocus 2004-12-16
The U.S. Department of Homeland Security is having some homeland cyber security issues on its systems providing remote access to telecommuters, according to a newly-released report by the DHS Inspector General's office.
Expand all |
Post comment
Report: DHS cyber security lagging
2004-12-17
Anonymous (3 replies)
Anonymous (3 replies)
Report: DHS cyber security lagging
2004-12-20
Anonymous (1 replies)
Anonymous (1 replies)
Steve Cooper...time to wake up and learn a couple of things about security...
I quote:
"The systems suffering known vulnerabilities were waiting for patches to come out of testing, and any genuine effort at password hacking would be hobbled by the Department's policy of limiting failed login attempts"
>>A DoS attack that locks everybody out would be easy to deploy then. Just have a huge amounts of bots that tries to log in with dictionary attacks...they lock all accounts they don't crack, easily giving the employees a day off. And higher up, it was confirmed that passwords where weak, so the bots would probably crack some passwords.
""Due to these remote access exposures, there is an increased risk that
unauthorized people could gain access to DHS networks and compromise the
confidentiality, integrity, and availability of sensitive information systems and
resources," the report concludes."
>>What about "already have" instead of "could"? The problem didn't surface just because it was found in the pentest...it was there all along...
"known buffer overflows and other exploits"
>>I bet some of these would give you access even without a username and password
Steve Cooper should get his own feet back on the ground, before he claims that other people overstate stuff.
Cooper, thanks for the update on how you view things. ;-)
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/10148/29589#29589