| Delivered-To: | dds@aueb.gr |
| Return-Path: | <risks-bounces+dds=aueb.gr@csl.sri.com> |
| Received: | from mailgate-internal2.sri.com ([::ffff:128.18.84.104]) |
| by blue.servers.aueb.gr with esmtp; Wed, 12 Apr 2006 23:07:43 +0300 | |
| id 000D5148.443D5E10.00004F18 | |
| Received: | from localhost (HELO mailgate-internal2.SRI.COM) (127.0.0.1) |
| by mailgate-internal2.sri.com with SMTP; 12 Apr 2006 20:07:41 -0000 | |
| Received: | from mx1.csl.sri.com ([130.107.1.29]) |
| by mailgate-internal2.SRI.COM (SMSSMTP 4.1.11.41) with SMTP id M2006041213074101238 | |
| for <dds@aueb.gr>; Wed, 12 Apr 2006 13:07:41 -0700 | |
| Received: | from postal.csl.sri.com (postal.csl.sri.com [130.107.1.19]) |
| by mx1.csl.sri.com (8.13.4/8.12.11) with ESMTP id k3CK7fnT060214 | |
| (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) | |
| for <dds@aueb.gr>; Wed, 12 Apr 2006 13:07:41 -0700 (PDT) | |
| (envelope-from risks-bounces+dds=aueb.gr@csl.sri.com) | |
| Received: | from postal.csl.sri.com (localhost [127.0.0.1]) |
| by postal.csl.sri.com (8.13.4/8.13.4) with ESMTP id k3CK7eqe010437 | |
| for <dds@aueb.gr>; Wed, 12 Apr 2006 13:07:41 -0700 (PDT) | |
| (envelope-from risks-bounces+dds=aueb.gr@csl.sri.com) | |
| From: | RISKS List Owner <risko@csl.sri.com> |
| Date: | Wed, 12 Apr 2006 12:46:42 PDT |
| Content-Type: | text/plain; charset="iso-8859-1" |
| Content-Transfer-Encoding: | 8bit |
| precedence: | bulk |
| To: | risks-resend@csl.sri.com |
| Message-ID: | <CMM.0.90.4.1144871202.risko@chiron.csl.sri.com> |
| Cc: | |
| Subject: | [RISKS] Risks Digest 24.24 |
| List-Id: | RISKS <risks.csl.sri.com> |
| List-Unsubscribe: | <http://lists.csl.sri.com/mailman/listinfo/risks>, |
| <mailto:risks-request@csl.sri.com?subject=unsubscribe> | |
| List-Post: | <mailto:risks@csl.sri.com> |
| List-Help: | <mailto:risks-request@csl.sri.com?subject=help> |
| List-Subscribe: | <http://lists.csl.sri.com/mailman/listinfo/risks>, |
| <mailto:risks-request@csl.sri.com?subject=subscribe> | |
| Sender: | risks-bounces+dds=aueb.gr@csl.sri.com |
| Errors-To: | risks-bounces+dds=aueb.gr@csl.sri.com |
| blue.servers.aueb.gr | |
| autolearn=ham version=3.0.3 |
RISKS-LIST: Risks-Forum Digest Wednesday 12 April 2006 Volume 24 : Issue 24 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/24.24.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> [...] ------------------------------ Date: Wed, 05 Apr 2006 19:23:59 +0300 From: Diomidis Spinellis <dds@aueb.gr> Subject: Classified military documents exposed through file sharing The Greek newspaper *Eleftherotypia* in an article on April 5th 2006 [1], describes an interesting incident where classified Greek military documents became available on the Internet. According to the article, an unnamed individual found on the Internet a number of military documents containing names of military units, details of mobilization procedures, and names and phone numbers of military officers. He notified the special forces chief of staff, and apparently thereafter all units that had active Internet connections were instructed to disconnect their machines from the network. Yet the individual could still access the files for hours, until he shut down his Internet connection. Military sources explained that the incident occurred when an armed forces technician, while fixing a military unit's computer, copied the files to his laptop in order to burn them to a CD for backup purposes. He then forgot to remove them from his laptop's hard disk, and the files became exposed when he connected his laptop to the Internet through a private non-firewalled connection. The article's terminology doesn't clarify whether the files were shared on the Internet through Windows file shares or through a peer-to-peer file sharing program. I would classify this story as a plain inept security management (what was a private laptop doing in an IT installation with classified documents?) were there not for the fact that the technician could conceivably be trying to do his job battling against other security measures. I can well imagine hat the damaged computer was lacking a CD-ROM burner and a network connection as a (half-baked) security precaution. [1] http://www.enet.gr/online/online_text/c=110,id=20584664 (in Greek) Diomidis Spinellis - http://www.spinellis.gr/ ------------------------------ [...] End of RISKS-FORUM Digest 24.24 ************************
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.