Forgot your password?
typodupeerror
The Military

Top Secret America 502

Posted by CmdrTaco
from the i-have-a-secret dept.
mahiskali writes "The Washington Post published an immense interactive website today, detailing the companies and government agencies currently doing top secret work in the United States. Everything from counter-IED operations to human intelligence is touched upon. Citing various interviews with 'super users' and through exhaustive analysis of public records for over two years, this interactive site allows users to peer into the guarded world of top secret intelligence. With more than 854,000 people currently holding a TS clearance, has the defense and intelligence world grown too big, too fast? Or has this large growth served us well, exemplified by no successful terrorist acts on US soil since 9/11? How can we judge the success of these programs, when much of it will never be known by the general public?"

Comment: Is this new? (Score 1) 353

by Matz0r (#30898848) Attached to: Researchers Claim "Effectively Perfect" Spam Blocking Discovery

I did this years ago. By planting bogus email addresses from my mail domain on the web and feeding these addresses directly to a statistical spam filter I would get instantly updated on the changes in spam templates. Because the spammers were feeding the filter themselves I get a very low FP-ratio and extremely tight spam blocking.

Comment: Re:Issues I've had. (Score 2, Informative) 410

by Matz0r (#30343092) Attached to: Multiple-Display Power Tools For Linux?

I'm still using fvwm and have been doing it for 10+ years. Over the years I've tried switching to gnome or KDE several times but found them too be too slow and lacking features and ended up back in fvwm again. I even tried gnome + sawfish for a while but the constant lisp hacking got the best of me. Fvwm has for a long time and still handle multiple monitors perfectly well and I'm still very happy with it.

Comment: Re:Ok, so I got the popcorn ready.... (Score 3, Interesting) 254

by Matz0r (#29404105) Attached to: First Botnet of Linux Web Servers Discovered

Manually compromising servers and installing a tool that causes all those servers to rendezvous with or receive commands from a central control point to execute instructions would make them a botnet.

The key question would be: do the compromised servers also run a program that periodically polls a control station for commands, or does the script kiddie manually command individual compromised servers?

I actually encountered this a few years ago, a Red Hat box had been carelessly placed on the internet with a poor dba username password combo. The attacker had not gained root access. But he did manage to install zombie software on the computer in /var/tmp, which consisted of a small web-server serving malicious code and a custom ssl-irc client configured to connect to the botnet owners irc server.

Curious, I took a copy of the software he had installed before I wiped the server. I then proceeded to connect to his irc server using the credentials found in the zombie software. I ended up in an irc channel with the actual owner of the botnet sitting there. Because I kept my servers original irc-name he started prodding me with dcc-commands to find out the status of his returning zombie. After a while I responded and told him he had been discovered, we had a brief chat before he banned me from the irc-server. Seemed like a script kiddie, he used "LOL" in every sentence and lots of numbers, the net seemed to be run manually with some 30 "clients" in it. I gave his client IP to his ISP in Romania together with the logs, doubt anything came out of it though.

If at first you don't succeed, you must be a programmer.

Working...