[Kitetoa, les pizzaïolos du Ouèb

The american government has some problems while securing confidential data on one of it's servers says Wired...
Really?

nav bar recap admins
Récapitulatif des papiers
sur le monde étrange
des administrateurs réseau
et systèmes
Récapitulatif de nos
copies d'écran
sur ce même monde étrange
Cette page n'est plus mise à jour
depuis août 2001
Taijiquan style Haking (dot com)
Sasak style Haking (dot com)
Le Match Kitetoa versus
Ugly Discoursmarketing
It's a funky job.
But Kitetoa's digital clone
does it...
Do you know info-hack
Kung-Fu?
La hotte du Kitetopapanoël
Ze Mega Kite-Teuf!
La fête de l'été de Kitetoa...
Les sites les plus nazes
de l'été 2000
La Loi de 78 impose
aux entreprises de protéger
les bases de données qu'elles
constituent
...

Oh Woah... I was quietly sitting on my capitalist's settee, looking at my laptop, when I found Wired paper (written by venerated Declan comrade). The article was about some problems that affected an american government's web site. Some personal data "escaped" from it. Did you ever hear the personal data's cry, when retained against its will in the dark, somewhere in a misconfigured Web site... Who could then be astonished when the personal data runs away ?

The server was the one on which the American government stored information relating to the companies having signed the treaty of Safe Harbor. I.e. the document aiming at protecting the European nationals against the escape of personal data from Europe towards the United States, via the subsidiary of American companies.

kind of problems are not a surprise for Kitetoa's readers. Looks like people at Wired are getting more and more interested in the result misconfigured servers can generate. Good idea.

If he new the type of servers blamed in this story (Lotus-Domino), Declan doesn't seem to have looked at what the government does (in general) with this type of servers. We won't even talk about what the army does whith those servers...

Thus, enter with Kitetoa in the gov's Web, running Domino. Oh, by the way, we spent a small hour on this. If someone spends a few days there in a systematic and rigorous way, I'm quite sure he would discover some good things. As you suspect it, it was an under-site of the Commerce department which released the data Wired talks about. One would then imagine that all the servers were screened and that there is no more risk to see some Lotus bases (lower parts of these servers where information is stored, would it be personal or not...) being spread out again from an American governmental server. Well...

We toured on the Commerce department's web site. It is not totally ok... Same for the the department of the Interior. Another site says that the bases are not accessible. Except that, in fact, they are... Thank you my bro...wser (yes, with a browser, one browses)... You'll then very quickly get to the list of the bases. And to the detail... On one of the many sites hosted by the Commerce department one finds other Lotus bases... Same on the Construction and urban development's site. Do you want the list of the users of idunowhatstuffontheserver? Easy. The access to this list is not protected. Access to individuals' details is not either.

Some will have noticed on the screenshot that the access to the users is provided directly in edition mode. It is thus very simple to modify the data...

looks like it is a database of people having been blacklisted by the Health department. Here again, the data can be modified. It would be easy for a blacklisted guy to change his own data. On the e-paper at least...

Finally (because we won't enumerate all the things we found, it would be boring), there also is this site: usatrade.gov which seems to experience some problems... The administration pages (modification of the headings) are accessible, the bases also, and it is possible to list some personal data which oddly did not know how to escape trough the holes of this Gruyere...

Cyber war my ass!

When you look at the gov's web part with these eyes (we see what your mental representation of the web can't show you) you wonder why the guys in the army and the itelligence community (NSA, FBI ands CIA mostly) screw our brains with their stupid idea of cyber war. They sould start installing their stuff correctly, with more suitable tools. The so called cyber war often starts in front of the door of your small suburbian flat.

Installing a dirty Lotus-Domino correctly should not be much more expensive than installing it the way they do... Why would they ask then for some millions dollars to fight against a very hypothetical conflict.

What's more... They have not even engaged themself in this conflict which they think they forsee and they have already lost it.

No, no, not becauses of our small findings.

Kitetoa

 

Liens de navigation

Naviguer, lire....

Page d'accueil

Nouveautés

Le Sommaire
de
Kitetoa

(orientation...)

Communiquer...

Le Forum
Kitetoa-blah-blah

Nous écrire

Les mailing-lists

Les stats du serveur

Qui sommes-nous?

Les rubriques!

Les livres publiés par Kitetoa

Les interviews

Kit'Investisseurs

Fonds d'écran et autres trucs

Les rubriques!
(suite)

KitEcout'

KessTaVu?-KiteToile

Voyages

la malle de Kitetoa
(vieilleries du site)

Les dossiers

Le monde fou des Admins

Tati versus Kitetoa

Tegam versus Guillermito

Malade mental...

Qui est Jean-Paul Ney,
condamné pour
menaces de mort
réitérées contre Kitetoa?

Le texte de la condamnation
de Jean-Paul Ney
(résumé html)
(complet pdf)

Malade mental, bis repetita

Jean-Paul Ney condamné
pour diffamation
à l'encontre du webmaster
de Kitetoa.com

Condamnation de Jean-Paul Ney
pour diffamation (pdf)

D'autres choses...

Aporismes.com

Statisticator

L'association Kite-Aide

Rechercher...

Rechercher
sur le site

et sur le Net...

Jean-Paul Ney

Jean-Paul Ney