-
July 14th, 2005, 07:18 PM
#1
Alleged hacker: U.S. defense sites poorly secured
Alleged hacker: U.S. defense sites poorly secured
A British man facing possible extradition to the United States says poor security was a major factor in his ability to have wandered through the IT systems of some key defense establishments.
Gary McKinnon, who is accused of hacking and causing damage to federal defense systems, also said that his actions, far from intending to cause harm, all started as an innocent attempt to prove that the U.S. Defense Department knows of the existence of extraterrestrials. Later he was driven by suspicions about federal policies and actions in the wake of the Sept. 11, 2001, terror attacks.
In an interview with ZDNet UK, McKinnon, who is out on bail pending an extradition hearing later in July, said that he was "frightened" to find U.S. defense systems were open to "people from all over the world."
He claims that in one system he found that the local administrator's password was blank. Those in charge of the system, McKinnon said, had used "image-based installation techniques where most of the machines have the same BIOS, the same hard drive, the same hardware specification" just applied across different systems.
"So you don't even need to become domain administrator," he said. "That's 5,000 machines all with a blank system-level administrator password."
read the rest at:
http://news.com.com/Alleged+hacker+U...l?tag=nefd.top
-
July 14th, 2005, 08:09 PM
#2
If what he is claiming is true about the admin passwords, then they really need to look at their passord policies. He should still face trial, but it does begger belief that they have no admin passwords!
If everything looks perfect, then there is something you don\'t know
-
July 14th, 2005, 08:11 PM
#3
I doubt you'll ever anything he said being verified (or denied even) by the government. They can never admit they're wrong, but there are probably more than a few guys in their IT department saying "I told you so." I bet the NSA is laughing at them too.
-
July 14th, 2005, 11:21 PM
#4
this is not the first time weak passwords has been a problem for the DOD. When firefox was first starting to become mainstream, many DOD webpages, not the hard core ones but mainly affiliate pages like recruting or specail pages set up for special projects, had issuses with their Username/password authentication. If you went to the pages with firefox 1 of two things was happening. 1) you could type in any information and just click cancel and it would let you in as if you had logged in, or two it would take the username and password of the last person who really did log in using firefox and have their UN/PW saved. I believei t was negative who first pointed out this flaw on other webpages, but with some exploration I had found a handful more pages with the same flaw and of course reported it back to their admins. All were very nice and since have fixed the problems.
EDIT** hey cool, my 1000th post.
-
July 15th, 2005, 07:15 AM
#5
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|