0wned .gov machines (was Re: Russian cyberwar against Estonia?)

Perry E. Metzger perry at piermont.com
Sat May 19 17:01:03 EDT 2007


"Trei, Peter" <ptrei at rsasecurity.com> writes:
> 1. Do you have any particular evidence that any significant
> number of  US .gov machines are bots? They may well be, just 
> I haven't heard this.

I've heard nothing formal, but my strong understanding is a lot of US
government machines, at least if we're talking workstations on
non-classified nets, are in fact "0wn3d" at this point. This should
not be entirely surprising as I have heard informally that a
considerable fraction of the machines at Microsoft have been suborned
as well, and if Microsoft can't keep the bots off of their Windows
machines, who can?

What is interesting to me is that, even though things have nearly
gotten as bad as they could possibly get, we still have seen very
little real effort made to improve systems security (at least in
comparison with what is necessary to make a big dent).

Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list