FBI E-Mail Server Breached 223
voma writes "The FBI said Friday it has shut down an e-mail system that it uses to communicate with the public because of a possible security breach. The bureau is investigating whether someone hacked into the www.fbi.gov e-mail system, which is run by a private company, officials said. 'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem."
They use an email server to surf the web??? (Score:3, Interesting)
I'm sorry, but when I hear a media spokesperson hiccup like that, my bullshit detector sends up an immediate flag. What was this email server really used for???
No Wonder 9/11 Happened! (Score:2, Interesting)
OMFG!!!! The FBI can't tell the difference between the web www.fbi.gov and e-mail user@fbi.gov! Not only that, but they use their e-mail system to "view internet sites"???!!! WTF!!!? That's like a friend of mine asking me about a web address that looks like: http://user@fbi.gov! And the final nail in the coffin is that Special Agent Steve Lazarus sent an e-mail describing the problem to "communicate with you folks". Any guess that they are still using the same web/e-mail system to send out the press release? Wahoo it's so fun to participate in the idiotry of Slashdot!!! ;P
Here come the conspiracy theories... (Score:2, Interesting)
It would also explain how they were able to send the email
Who wants to bet? (Score:2, Interesting)
Originally I started thinking of this post as a joke, THEN I started thinking... what if the FBI really DID have a server with a collection of confiscated mp3's being held as "evidence" for "review" by agents at their convenience? And what if RIAA really did have such as hack-bot programmed and authorized to shutdown P2P systems?
Food for thought.
Re:Request (Score:3, Interesting)
Yes, there seem to be a lot more exploits found for Windows, and yes an unpatched windows box will probably drop dead _faster_ than a similarly out of date linux box, but a lot of this can be attributed to market penetration.
Re:How? (Score:3, Interesting)
Re:Request (Score:3, Interesting)
I call bullshit.
Will it be a cakewalk to crack? No. Will it be "very vulnerable"? Yes. Why, you ask? Because there are vulnerabilities that are still unpatched years after reports. Many "minor" vulnerabilities are actually stepping stones to administrator privileges; Bugtraq has more than a few posts regarding stringing a half dozen "minor" ones together.
Can you make a Windows server secure? I don't think so--not to the degree which would be necessary, and not to the level which a *nix box could achieve with the same amount of effort (time+money). This is especially true WRT services that use IIS.
I'm not being a Linux/Unix/Be zealot--I've been a Unix admin and a Windows admin and the failure is in the design of the system. Windows was never designed (and still is not being designed) with security in mind. It's that simple and reading a few security manuals will evidence that.
Re:zerg (Score:2, Interesting)
It's a way of constraining them. If you ever go to a federal building and see a bunch of people standing around claiming to be the "Federal Police," they're actually titled "special
police officers." The reason for this is that no Fed actually has true general police powers. The way the statute is written, they have the powers of "sheriffs and constables" when in the course of some other duties.
However, they're walked on an amazingly short leash compared to, say, your city's police department. And for good reason: the feds have a large proportion of people too stupid to function as real cops.
I believe that "Special Agents" are the same situation. They have arrest and warrant powers when in the course of investigating certain matters explicitly given them by statute, but they don't get to just roll up and arrest you if you slug your wife while driving drunk or whatever.
For the "Special Police Officers," see 40 USC 318. I don't know how that affects "Special Agents."
Us & Them (Score:3, Interesting)
You folks? Gee, thanks alot, we don't trust you much either.
The "usually armed" part is NOT special. (Score:3, Interesting)
Only the powers of arrest part is "special". A mind-boggling range of government employees have federal permission to carry guns. (And this permission, like post-office driving rules, overrides state laws.)
This was apparently first noticed when an airport security employee leaked the list of agencies whose members could carry thorugh airports. In 1997, according to a GAO study (the source for info in this [64.233.167.104] libertarian party press release) the nubmer of agencies was 45 and the number of gun-toters approaching 60,000 and had grown by over 2,400 in the previous year. I've heard nothing to indicate that the number has not continued to climb since then.
Some non-law-enforcement worker categories:
Poultry inspectors.
Disaster aid workers.
IRS auditors.
Some agencies with "special agents":
Small Business Administration
NASA
Department of Education
U.S. Fish & Wildlife Service
Department of Veterans Affairs
The Energy Department has access to machine guns and other agencies can summon tanks and military helicopters.
According to the Western Journalism Center these agencies have SWAT teams:
The National Park Service
the Department of Health & Human Services