Go to previous post:
Kevin Drum

Go to Electrolite's front page.

Go to next post:
Some observations

Our Admirable Sponsors

January 27, 2003

Department of I feel safer already: According to the Register, you too can have a dot-mil domain! And view and edit other ones, too:
The DoD has gone out of its way to make it a snap. An unbelievably badly-protected admin interface welcomes you to register whatever domain you please (http://Rotten.mil anyone?), or edit anything they’ve already got. The interface is so ludicrously unprotected that it’s been cached by Google and fails to mention that you must be authorized to muck about with it. Incredibly, default passwords are cheerfully provided on the page.

Following an anonymous tip from an observant Reg reader, we’ve encountered the page in question in the Google cache, and after a bit of our own poking about have also discovered an equally unprotected (and Google-cached) admin interface encouraging us to add a new user, like ourselves, say, which requires no authentication.

All you have to do is find that page and you can set yourself up with a user account, manage your new .mil Web site, fiddle about with other people’s .mil Web sites, and generally make an incredible nuisance of yourself. We are, of course, straining against every natural, journalistic impulse in our beings by neglecting to mention any useful search strings with which to find it. […]

The Register notes that before running this story, they emailed the DoD employee who manages these sites—twice, in fact—but received no reply. They conclude:
Ironically, US Defense Secretary Donald Rumsfeld recently ordered DoD to purge military Web sites of information that might benefit evildoers. That’s all well and good, but it might behoove the DoD to stop offering them admin privileges first.
(Via Noah Shachtman’s fascinating weblog DefenseTech.) [08:48 AM]
Welcome to Electrolite's comments section.
Hard-Hitting Moderator: Teresa Nielsen Hayden.

Comments on Department of I feel safer already::

Scott ::: (view all by) ::: January 27, 2003, 10:55 PM:

Oh, man, that's priceless.

Xopher ::: (view all by) ::: January 28, 2003, 12:03 AM:

Leaving the whole DOD web presence available for--wait for it--Access of Evil.

Thanks, here all week, tip your waitress.

Jon Meltzer ::: (view all by) ::: January 28, 2003, 07:54 AM:

Coming soon: alqaida.mil

Kathryn Cramer ::: (view all by) ::: January 28, 2003, 11:47 AM:

nyrsf.mil has a nice ring to it. Hmm...

And they don't charge for this? Quick! Let me move all my domains.

Adam Rice ::: (view all by) ::: January 28, 2003, 09:58 PM:

Well, they seem to have fixed it, but it is instructive to search google using "site:nic.mil" as part of your key. nic.gov could also be fun.