[Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack]

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fox News has just published the most lame article I have seen to date on
"Pentagon Cyber Attacks":
http://www.foxnews.com/politics/2008/11/20/pentagon-cyber-siege-unprecedented-attack/

Here is some feedback I sent to them regarding the article. (Yeah, its a
little over the top, but I had a point to make!). Also, about my "#1"
item below... the site, at the time I am writing this, had a broken link
on its "Add Comment" item on the article.

When will the media EVER get it right?

Jon K.

- -------- Original Message --------
Subject: RE: Pentagon Hit by Unprecedented Cyber Attack
Date: Thu, 20 Nov 2008 21:11:44 -0500
From: Jon Kibler <Jon.Kibler () aset com>
Reply-To: Jon.Kibler () aset com
Organization: Advanced Systems Engineering Technology, Inc.
To: yourcomments () foxnews com, foxnewsonline () foxnews com,
politics () foxnews com

Two Comments:

1) Your article shows "0 Comments" because you cannot add comments to
the article. If you click on "Add Comment" you are taken to the page
"http://www.foxnews.com/politics/index.html";. I guess that you don't
really want comments.

2) About the article: No organization that has ANY interest in security
should allow ANY type of removable media on ANY system. No hard drives,
no CD/DVD players or burners, no thumb drives, no MP3 players, etc. To
allow removable media and/or devices introduces two serious risks: a)
data exfiltration, and b) malware infections. The DoD has never allowed
removable media on any classified network, and I was under the
impression that the same policy applied to unclassified networks as
well. Please check your sources. Either the DoD has relaxed common
security policies or your sources are flat out wrong in their
allegations regarding infection source. If the DoD policy about using
removable media on unclassified networks has changed, you REALLY need to
find out whose really really really stupid idea it was to implement such
a policy! Has 'convenience' replaced 'security' in our defense department?

Bottom line: The article is both lame and pure hype in my professional
opinion. There is absolutely ZERO that is extraordinary about banning
removable media. It is simply good security policy and practice. ANY
organization that allows removable media is, by definition, insecure.

If Fox thinks such actions are "extraordinary", then you are telling the
entire world "Hey y'all Fox News is insecure. Please come hack us!".
- From your story, it is clear that if I wanted to take over the entire
Fox News data network, I could leave a few DVDs and thumb drives laying
around some of your offices, your employees would pick them up and plug
them in (if for no other reason, just to see what is on them), infecting
your computers and giving me 100% complete control of your network.

Whoever wrote this article, clearly has zero knowledge of I.T. Security
and clearly has no idea that they are openly inviting attacks against
Fox News. "Hack Me, PLEASE!"

I always knew you guys were lame, and that you really did not have even
a half a clue about real national security issues... and now you have
gone and proven it. Congratulations!

Sincerely,

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkmGsgACgkQUVxQRc85QlNM3ACfW1uUsgrhICcbGbqzE4c8h4yp
wHQAnRmc+bKatj1K4gjm3iVxdwkVrp4/
=2UXP
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.