RSS

Reckless Blogging

Fri, Jul 20, 2007

Security

I am purposely going to be vague in this post due to the nature of the subject, and my feelings on it. Recently a blogger had a post where he discussed a news article written about a military agency and an FTP site they have. This agency is actively using the anonymous FTP site but the site was not specifically mentioned in the news article.  This blogger proceeded to post the url, a listing of files in one of the directories and a hyperlink to one of the documents.

What has my blood boiling is that the document the blogger linked to is the complete architectural diagrams for a military barracks in a hostile area. He then says that “such information isn’t as helpful as people think to terrorists”. I am paraphrasing there. I fail to see how the schematics to a military barracks is NOT “helpful” to the enemy. Am I missing something here?

There is discussion about security through obscurity and how search engines like Google do not index FTP sites. True, but Google will index the filenames, descriptions and FTP url that you saw fit to publish on your blog. Good going.

I see absolutely no reason to post the specifics of what the news article discussed, unless you want some sensationalism. You can call it overreacting if you want to, but I think it is down right reckless behavior to post a link to those barracks schematics. My guess is that this blogger never spent a single day in uniform. If he had I think he would realize the seriousness of linking to these documents.  What if your son / daughter were in those barracks?

–Chris

This post was written by:

Chris Harrington - who has written 153 posts on InfoSecPodcast.com.


Contact the author

2 Comments For This Post

  1. alan shimel Says:
    July 20th, 2007 at 10:52 am

    Chris - I agree with your frustration but think the military is partially to blame here as well. Why would they put this stuff up on an anon FTP site. It just doesn’t make sense. At some level you are blaming the whistle blower for pointing out the mistakes of the military here.

  2. Chris Harrington Says:
    July 20th, 2007 at 11:11 am

    Alan,

    The military is completely to blame here for putting the data up in this fashion. This was a story in the news that he elaborated on so I do not treat the blogger as a whistleblower. I doubt that the existence of this FTP site is any secret. I am blaming the blogger for pointing out the specifics of the military’s mistakes. Specifics that are now in the Google index and could put people in greater danger. We are not talking about some DB admin pointing out a blank SQL password on a database containing social security numbers.

    Thanks for the comment!

    –Chris

1 Trackbacks For This Post

  1. Highbrid Nation » Blog Archive » The Jena 6 Forgotten: A Product of Over-Zealous Blog/ Internet Tastemakers Wetdream Says:
    October 11th, 2007 at 2:50 am

    [...] With the advent of the blog and personal websites and email before it, the internet granted everyone with a computer a public forum.  Some like the Laura at Persuing Holiness and the Evangelical Outpost have done a magnificent job of presenting the facts and holding folks accountable for their biased opinions but perhaps opinion has no place in news.  And that’s where the blog does a disservice.  We have the platform to provide the world with valuable information, informed opinions about everything from politics to stamp collections.  However we need to be RESPONSIBLE and ACCOUNTABLE. [...]

Leave a Reply

Related Posts from the Past:



Bad Behavior has blocked 1264 access attempts in the last 7 days.

Rodney's 404 Handler Plugin plugged in.