Return-Path: <sentto-279987-4889-1024977098-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 24 Jun 2002 20:54:16 -0700 (PDT) Received: (qmail 11195 invoked by uid 510); 25 Jun 2002 03:51:31 -0000 Received: from n1.grp.scd.yahoo.com (66.218.66.64) by all.net with SMTP; 25 Jun 2002 03:51:31 -0000 X-eGroups-Return: sentto-279987-4889-1024977098-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.196] by n1.grp.scd.yahoo.com with NNFMP; 25 Jun 2002 03:51:38 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 25 Jun 2002 03:51:38 -0000 Received: (qmail 95198 invoked from network); 25 Jun 2002 03:51:37 -0000 Received: from unknown (66.218.66.218) by m3.grp.scd.yahoo.com with QMQP; 25 Jun 2002 03:51:37 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 25 Jun 2002 03:51:37 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g5P3qgq20229 for iwar@onelist.com; Mon, 24 Jun 2002 20:52:42 -0700 Message-Id: <200206250352.g5P3qgq20229@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 24 Jun 2002 20:52:42 -0700 (PDT) Subject: [iwar] [fc:Army.websites.expose.security.data] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: *** Army websites expose security data Tuesday, 18 June, 2002, Posted by Mirko Zorz Army websites expose security data <a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_2049000/2049780.stm">http://news.bbc.co.uk/hi/english/sci/tech/newsid_2049000/2049780.stm> Some personal details available online US Army websites have been criticised for publishing potentially sensitive information that could be of use to terrorists. An audit by the Department of Defense found that official sites contained information such as operational plans and soldiers' personal details. "As a result, potentially sensitive matters and information were not adequately protected," said the report. It was published at the beginning of the month, but only came to light after the Federation of American Scientists drew attention to it. The report urged the US Army to set up annual security reviews of its sites and train its staff to make sure they were aware of the potential dangers. Security review After the attacks of 11 September, sensitive documents and reports were pulled from official US websites due to fears the information could be useful to terrorists. The armed forces undertook similar action, reviewing the content of their websites to remove any unsuitable security information. But the report by the Office of the Inspector General suggests that many documents slipped through the net. For the audit, officials reviewed records and documents dated from November 1998 through December 2001. They checked to see whether the websites contained details such as the names and locations of Army families, officers' travel details, weapon schematics or information about a unit's weaknesses or vulnerabilities. Sensitive data The audit revealed that much of this information remained publicly available. "Organisations that we reviewed had websites that identified birth dates, family information, personal e-mail addresses, new equipment fielded and exercise data," said the report. "The Army must prevent the disclosure of sensitive movements of military assets or personnel, locations of units, installations, or personnel," it went on to say. The US Army has responded by taking on board the recommendations of the report. In February, it set up a body called a Web Risk Assessment Cell to routinely carry out reviews of its sites to make sure they do not publish sensitive information. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:33 PDT