I am purposely going to be vague in this post due to the nature of the subject, and my feelings on it. Recently a blogger had a post where he discussed a news article written about a military agency and an FTP site they have. This agency is actively using the anonymous FTP site but the site was not specifically mentioned in the news article. This blogger proceeded to post the url, a listing of files in one of the directories and a hyperlink to one of the documents.
What has my blood boiling is that the document the blogger linked to is the complete architectural diagrams for a military barracks in a hostile area. He then says that “such information isn’t as helpful as people think to terrorists”. I am paraphrasing there. I fail to see how the schematics to a military barracks is NOT “helpful” to the enemy. Am I missing something here?
There is discussion about security through obscurity and how search engines like Google do not index FTP sites. True, but Google will index the filenames, descriptions and FTP url that you saw fit to publish on your blog. Good going.
I see absolutely no reason to post the specifics of what the news article discussed, unless you want some sensationalism. You can call it overreacting if you want to, but I think it is down right reckless behavior to post a link to those barracks schematics. My guess is that this blogger never spent a single day in uniform. If he had I think he would realize the seriousness of linking to these documents. What if your son / daughter were in those barracks?
–Chris
July 20th, 2007 at 5:52 am
Chris – I agree with your frustration but think the military is partially to blame here as well. Why would they put this stuff up on an anon FTP site. It just doesn't make sense. At some level you are blaming the whistle blower for pointing out the mistakes of the military here.
Like or Dislike:
0 
0
July 20th, 2007 at 6:11 am
Alan,
The military is completely to blame here for putting the data up in this fashion. This was a story in the news that he elaborated on so I do not treat the blogger as a whistleblower. I doubt that the existence of this FTP site is any secret. I am blaming the blogger for pointing out the specifics of the military's mistakes. Specifics that are now in the Google index and could put people in greater danger. We are not talking about some DB admin pointing out a blank SQL password on a database containing social security numbers.
Thanks for the comment!
–Chris
Like or Dislike:
0 
0