Become a fan of Slashdot on Facebook


Forgot your password?

Register your own .mil Domain 334

JWSmythe writes " As reported in This Story at ,and on, it seems the US Department of Defense has dropped the ball. Not only can you register a .mil domain, but you can find "secret" domains that aren't publically known (the gov't uses security through obscurity?). I'm looking forward to,, and"
This discussion has been archived. No new comments can be posted.

Register your own .mil Domain

Comments Filter:
  • sp (Score:5, Funny)

    by Anonymous Coward on Sunday January 26, 2003 @11:41AM (#5161768)
  • Hmm.... (Score:3, Funny)

    by LinuxCumShot ( 582742 ) <lcs@rabie[ ]om ['n.c' in gap]> on Sunday January 26, 2003 @11:42AM (#5161780) Homepage Journal
    I wonder if Osama has
  • by DarklordSatin ( 592675 ) on Sunday January 26, 2003 @11:42AM (#5161782) Homepage
  • Peace? (Score:5, Funny)

    by Vigilante42 ( 613796 ) on Sunday January 26, 2003 @11:42AM (#5161783)
  • 2600 contest? (Score:5, Interesting)

    by capnjack41 ( 560306 ) <> on Sunday January 26, 2003 @11:44AM (#5161794)
    Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?
    • Re:2600 contest? (Score:3, Informative)

      by neurostar ( 578917 )

      Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?

      Their contest says that if you resgister (or any 2600.something) and point it to their website, you get a free lifetime subscription. (I think it's any TLD)

    • Re:2600 contest? (Score:5, Informative)

      by weave ( 48069 ) on Sunday January 26, 2003 @12:21PM (#5161989) Journal
      2600 would be all into finding out how to do it and telling the world about it, but not going ahead and actually doing it. I've never seen them advocate breaking into systems, just how in can be done. If you read the letters to the editor in the mag and their responses to people who want to do malicious cracking, you'll see they stomp em pretty hard for being stupid.

      Besides that, the military might have an incompetent admin that exposes something stupid like that, but I for one wouldn't want to try my luck at exploiting it. I think you'd face better odds for survival as a black man spitting on an LAPD officer in a remote area away from public view.

      • 2600 would be all into finding out how to do it and telling the world about it, but not going ahead and actually doing it True, I should have been more careful in not implying that 2600 will actually reward people for doing this (and if you mess with the military's dns you're on your own, fool!).
    • In order to receive that free subscription, you'd need to provide a mailing address or PO Box.

      Once the military tracks you down, I'm not sure they'd let you read 2600 in prison...

  • by Motherfucking Shit ( 636021 ) on Sunday January 26, 2003 @11:46AM (#5161803) Journal []. No, I didn't go poking around. If you've got bigger balls than I, perhaps you can link to the supposed admin area...
  • From The Register: We are, of course, straining against every natural, journalistic impulse in our beings by neglecting to mention any useful search strings with which to find it.

    How long will it be before some A/C posts them here?
  • by isorox ( 205688 ) on Sunday January 26, 2003 @11:46AM (#5161811) Homepage Journal
    This is a story
    • Lose your +2? (Score:5, Interesting)

      by schlach ( 228441 ) on Sunday January 26, 2003 @04:14PM (#5163255) Journal
      I'm responding to your sig.

      Ok, so the new way of doing things is that instead of adding a point to your comment's overall score when you post with your karma bonus, your comment is posted at 1 with a separate "karma_bonus=yes|no" variable. Thereafter, users can specify how much weight to assign to the karma bonus on their preferences page. This was 0 when the editors quietly rolled in the changes without telling anyone (why so sneaky?), but has since been changed to '+1' by default, to by default be the same as the old way.

      So, your comment that got 3 good moderations is scored at 4/1. Users who have a '+1' modifier to karma bonus will see this comment at 5, whereas users with a '0' karma modifier will see it at 4, and users with (for whatever reason) a '-6' modifier will see it at -2. If such a thing were possible.

      Unfortunately, I see this as making it unlikely that comments posted with a karma bonus will ever be modded up to 5, since most moderators will be viewing with a karma bonus and see that the comment is already scored at 5, and that it therefore cannot be modded up further.

      I'm going to say that the way this was changed was disgraceful. There is no reason not to maintain a place on slashdot indicating how the code is being changed. I have relied on CmdrTaco's journal [] to inform me of changes, but in this case it was silent, and after thinking about it further, it's still a crappy way of running things.

      It all goes back to the difference between slashdot as community and slashdot as business. As a business, sure, slashdot can do whatever the hell it wants, who am I to lecture, blah blah blah. But as a community, changing things in profound ways without approval, comment, or even notification is bastardly. And slashdot as a business would do well to perceive its dimensions as a community.
  • by More Karma Than God ( 643953 ) on Sunday January 26, 2003 @11:47AM (#5161814)
    Why is this just hitting Slashdot now?

    As far as I know The Register broke the story, and nobody else has cited information that wasn't in The Register's article.

    Does anyone have a screenshot of this site?
  • Impressive? (Score:3, Funny)

    by hafree ( 307412 ) on Sunday January 26, 2003 @11:49AM (#5161819) Homepage
    Pretty cool... First person to get a .va (Vatican City State) domain gets my vote though.
  • by red-beard's ( 639520 ) on Sunday January 26, 2003 @11:49AM (#5161824)
    Whoever is stupid enough to screw with the DOD is on their own . I remeber the letter of the cyber terrorism bill all too clearly . They'll be bustin down your front door and haulin you away like you are illian(sp?) gonzales on crack . Oh an mind you once they have you your rights are revoked as you are a terrorist . Boy after this incident I'll be watching as i drive through washington dc for a line of the idiots heads who tried out this vulnerability on pikes per Rumsfields orders .This is a bad time to be poking at americas security . Kinda like throwing rocks at a rabid junkyard dog while sittin in his dog house .
  • by NOT-2-QUICK ( 114909 ) on Sunday January 26, 2003 @11:50AM (#5161826) Homepage
    The secret government TLD .bush was recently discover by a small group of drunken frat boys while searching for new free prOn sites...

    Early reports indicated that Jenna was involved, but this has to be corroborated! :-)

  • Unless your good at covering your tracks, and use lotsa proxy servers in the process, is it really worth the risk of going to jail for 5+ years for unauthorized use of a military computer system to register a domain name??

    BTW, this story is old, i read it yesterday. :P, and yes i do know the URL for registering these domains, even though it doesnt say in the article.
  • IIRC a few years ago the Chinese were caught buying up surplus military equipment including replacement parts for Apache helicopters and hard drives containing sensitive nuclear data. Admittedly with such a huge organization carelessness is to be expected, especially since these guys are overworked and underpaid, but I do wish that the government would stop encouraging average americans to be paranoid when they constantly drop the ball themselves.
  • by Sentry21 ( 8183 ) on Sunday January 26, 2003 @11:54AM (#5161852) Journal
    Perhaps this story would be best posted at the

    Come on, that was funny!

    Oh well..

  • by jdreed1024 ( 443938 ) on Sunday January 26, 2003 @11:54AM (#5161855)
    For those who didn't RTFA, one of the points of the article is not only are there unprotected admin interfaces that let you register your own domain (that's what they're talking about - you still can't register .mil through or anything), add a user, and view traffic stats on DoD sites (even "hidden" ones), but that all these pages (including default passwords) are cached by Google.

    This implies that even if the DoD fixes the problem, the Google caches will still be available (until they expire or are replaced). Now, in the past, we've heard reports of people being upset that Google cached information. However, this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache? Will Google be told that cacheing links is now illegal because it could aid terrorists? Will they be prevented from cacheing .gov and .mil? Will Google be sued out of existence?

    We've all found Google caches to be useful, when, say the documentation for an open source project is hosted via 56K modem line in the Czech Republic, for example, or even when a site is Slashdotted, but it'll be interesting to see what happens about this, and how the goverment may over-react.

    (Note, if you're too stupid to understand this, I'm not talking about blame here - don't bother saying "Google rulez, the militery is dum asses for leeving these sitez open, u r an idiot...". I'm talking about reprocussions. Certainly Google doesn't "know" what information a link contains when they cache it. Certainly it's the government's fault for leaving open admin pages with default passwords listed on the page. But just because someone isn't at fault, doesn't mean they can't get screwed over.)

    • Google has in place functionality to not cache a page, and has had this for a long time. The fault here is with the DoD. They need to learn some security.
    • The DMCA partially protects Google in their caching. I say "partially" because a close reading of the bill shows that it is debatable whether or not they qualify for the caching provisions, but after a while they should have a certain amount of de facto protection, I would hope.

      In addition to their compliance with the DMCA notification, they also provide a help page and automated removal system [] for the desparate. (See the last section of the page for the DMCA notification instructions, which involve physical letters and legal affirmation of ownership.)

      Note that this is the "good" provision of the DMCA, preventing people from being liable for content they merely cache, not actively provide.

      Since in this country the military isn't above the law, they'd still have a hard time finding something illegal that Google did. They don't have the luxury of simply not liking someone, like in some countries. If they don't want to be cached, the law says it is their obligation to opt-out, not Google's.
    • "National security" is not a new buzzword. "Homeland defense" is a new buzzword, but "national security" has origins much older than 9/1/01 -- at least as far back as the beginning of the cold war.

      Good point in general, though. Seems like the maintainer of a website should have the ability to remove content from said website, in the event that it turns out to not be true, to be libelous, dangerous, or any number of other things. I've always thought a Google feature to purge specific pages from the cache would be a good idea, but the implementation of that would be tricky.

      One of the biggest problems with this is how to ensure that the requestor is authorized to speak for the website? A good first thought is to coordinate with the e-mail addresses in the whois record for the domain, but of course any domain can have any number of separate websites managed by different people.

      Let me think aloud for a moment... we know that Google looks for a robots.txt file before indexing a site. Let's say that a field were added to the robots.txt file that identifies a specific PGP key that is authorized to perform such actions. Not specific to Google, of course... this would be the e-mail address that speaks for the site in any number of ways. Something as simple as:

      MaintainerKey: 9AB3250D

      I don't know a whole LOT about PGP, but I think I know that each public key has a hex identifier (mine is above) that uniquely identifies it and allows others to request it from a keyserver.

      When an e-mail formatted in a specific format (at the discretion of Google and other individual publishers of course) comes in, the public key can be retrieved and the signature of the e-mail validated, and they at least know that the sender is authorized by the site to speak for it. Action from this point forward would be at the discretion of Google, but this is at least a potential TECHNICAL solution to the problem of access.

      Then there's the matter of public key revocation and expiration. Perhaps it's a better idea to have an e-mail address is the robots.txt file and to accept e-mail from that address provided that the current PGP public key is used to sign the message.

      Again, just thinking out loud...
    • Hey,

      this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache?

      I'm guessing they'll follow the clear, easy-to-use instructions here, and hide/edit/erase the page on thier servers, then use this tool [] to get the googlebot to spider the page again, overwriting the current cached copy.

      That would seem the sensible option to me, anyway.

  • Aaahh (Score:5, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @11:55AM (#5161859)
    I found this [] without having to click on this []
    • Re:Aaahh (Score:5, Informative)

      by Anonymous Coward on Sunday January 26, 2003 @12:05PM (#5161901)
      And this [] is the domain registration link.

      Won't work without a .mil email address, though.

      • It works just fine without a .mil address. At the end of the registration process it has a check box you can check if you don't have a working .mil address. 6-B: If you do not have a working e-mail address (due to various network problems, or because its creation depends on this registration), you may indicate so by toggling the checkbox below.
        • Re:Aaahh (Score:2, Interesting)

          by Anonymous Coward
          And then from there, it does...
          It gives you a text template which you are intended to then mail in.

          This is not a story.
    • Re:Aaahh (Score:5, Informative)

      by Anonymous Coward on Sunday January 26, 2003 @12:08PM (#5161924)
      This [] too, for reserving your very own netblock.
    • Re:Aaahh (Score:5, Informative)

      by Big Mark ( 575945 ) on Sunday January 26, 2003 @12:10PM (#5161928)
      From the ftp link they gave. You need this info to register:
      H2B. Sponsoring Agency..........:

      Indicate the Service, Unified or Specified Command, DoD operating
      Agency, or non-DoD Agency of the US government that you are affiliated
      with. (for a valid list of agencies, please refer to the
      service-agencies.txt located in the netinfo directory).

      Example: AF
      Ah. So you can't get one if you're not a serviceman. No story, methinks.

    • Re:Aaahh (Score:5, Informative)

      by xintegerx ( 557455 ) on Sunday January 26, 2003 @12:20PM (#5161984) Homepage
      Wow, I didn't believe it was there!

      I found references to on google. I was debating on trying /admin and etc instead, but didn't :)

      Instead, I searched for


      on Google, to verify the news. I ended up clicking on a web site that shows beginning web masters useful resources.

      From there, I went to the site one level above, and from there clicked a link to view a document about standard run of the mill no big whoop procedures about webmastering (pretty useful if you want to be a contractor or write software and have it comply, I assume.)

      BTW the security notice on this document is a link to's privacy policy, which says:

      Information presented on Army Home Page is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested.

      Anyway, on this document I was just describing, click the second link to the defenselink webmasters area.

      There (which is also public according to their stated policy) you can click on "Domain Registration in the .mil domain" and see this []

      These are just public info resources.'s security policy says if you try to upload or change stuff, that's what they care about.
    • Re:Aaahh (Score:2, Insightful)

      by skermit ( 451840 )
      HO-LY CRAP

      "Delete an existing host"???

      Some 14-year-old is going to get arrested for taking down,,, ad nauseum ad infinitum...

      Geez. Shouldn't Homeland Security be bitchslapping our own agencies around as well as chasing bad guys?

    • Don't do it... (Score:5, Insightful)

      by fmaxwell ( 249001 ) on Sunday January 26, 2003 @12:35PM (#5162080) Homepage Journal
      I went to that link and it requires that you indicate a sponsoring agency. Since none of us have one, registering a domain would require entering false information into a DoD computer in order to gain unauthorized access. That is just a very bad idea.

      While it might be funny to register,, or, you don't want to find yourself occupying Kevin Mitnick's old cell. The Department of Defense is not renowned for their lighthearted sense of humor and fun. They may very well decide to make an example of someone. Or they might just decide to hold someone for months or years prior to even filing charges.

      It's not worth risking your freedom and your future livelihood for a prank.
      • The Department of Defense is not renowned for their lighthearted sense of humor and fun.

        Oh come on! Look at the Osprey(sp?) aircraft or the M-60A2 tank . . .
      • If they are going to punish someone, it should be the .mil nic admins.

        No harm is going to come to the military if someone spoofs their system somehow and registers and sends it or some other juvenile prank.

        If a spoofed site actually got up (no pun intended) the admins can delete the domain in 5 seconds.

        However, if they want to make examples of someone its not going to be some 14-year-old who used linux-on-an-xbox to hack their facile domain registration template, its going to be the gatekeepers who had their trousers around their ankles, and their heads in the gaping anus of the goatsecx guy.

        • Re:Don't do it... (Score:3, Insightful)

          by fmaxwell ( 249001 )
          If they are going to punish someone, it should be the .mil nic admins.

          An interesting theory, but not one that is likely to prevail in court. While there is no clear law against making an insecure web site, there are laws against "computer fraud and abuse."
  • clever (Score:3, Funny)

    by Anonymous Coward on Sunday January 26, 2003 @11:57AM (#5161868)

  • This depends on whether they follow the .mil registration RFC (1956) [] - if not, then that's what you get for violating RFCs! Just having access to an admin interface does not imply it's automatic. All registrations should still have to be accepted by the hostmaster first. As the RFC says, security implications are not discussed :)
  • here it is... (Score:5, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @12:01PM (#5161883)
    link []
    • Re:here it is... (Score:2, Interesting)

      by Anonymous Coward
      From the site, before it gets taken down...
      Please complete the information below then click the SUBMIT button to send this request to the proper office. If you are not a DOD Employee you must complete the Non-DOD Employee section. If you are requesting access other than QUERY ONLY you must notify your Contracting Officer or Government Sponsor so they can obtain and send verification of access level authorized by the appropriate Functional Data Administrator or Component Data Administrator to the Help Desk. Once received by the DDDS Help Desk your request will be processed and you will be sent via Email, Telephone or mail a USERID which you will use to logon to the DDDS. The first time you logon you will be required to enter a password.

      If you do not receive your userid within a few days please contact the DDDS Help Desk. We have been experiencing problems that we do not always get the online submissions. You may be requested to please print this request form and fax it to the Help Desk for processing.

      Also, please be sure that if you fill and print this page that the printout is legible. Many applications that are faxed can not be read thus slowing the process of getting an id.
      Karma Whoring is gay, that's why this is A/C. Plus I'm outside the US, they can't touch me. Oh waitasec...
    • The site [] certainly allows anyone to fill out the form. But it gives the distinct impression that all submitted requests are processed by a human. So until I see something like "" registered, I'm not convinced that this is as wide open as the original article suggests.

      And, no. I'm not going to be the one to try it.

  • by Big Mark ( 575945 ) on Sunday January 26, 2003 @12:02PM (#5161890)
    ... the U.S. Government's DNS servers:

    1) Register
    2)Point /. to there

  • by DoctorFrog ( 556179 ) on Sunday January 26, 2003 @12:07PM (#5161915)
    The Department of Homeland Security will now be starting a file on anyone who uses Google.

    DARPA will be settting up a special project to coordinate the information. In keeping with its hiring policies the Bush administartion will give the post to a senior military official from a prior administration.

    Oh wait...

  • by Anonymous Coward on Sunday January 26, 2003 @12:13PM (#5161943) and
    • by Mish ( 50810 )
      Out of all the 'links' that have been posted in the comments of this article this one is the scariest.

      Open access to a list of IP addresses of .mil workstations or at least proxies...
      • by joshuac ( 53492 ) on Sunday January 26, 2003 @02:48PM (#5162810) Journal
        and what is _really_ scary is looking at the this list, it looks like plenty of admins have been accessing this system from home; the log dates back to 1-jan-2002. If you are a lazy cracker, grep for all the lines with "DSL" in them, and probably 80-90% of those hosts are home workstations of military sysadmins of one type or another. If they are dumb enough to leave logfiles of users accessing a server used for military network administration open to the public, imagine what their home computers are like...

        What's even more depressing is that it looks like some of these guys use AOL...
  • Total Information Awareness, now doesn't it?


  • At least the DOD has been kind enough to post best practices for registering your new .mil domain name through the use of a standard format...

    For more info, help yourself to RFC 1956 []

  • hmm (Score:2, Interesting)

    by rask22 ( 144831 )
    I also found this []
  • Oh great (Score:5, Funny)

    by LordDartan ( 8373 ) on Sunday January 26, 2003 @12:18PM (#5161968)
    Now with all the linking on slashdot to .mil sites, I can see the military thinking it's a huge DDOS terrorist attack!

    Now repeat after me...I will not slashdot military websites...:)
  • i waana get!

    (Yes, I'm a Stargate fan.)
  • Then have their agents visit you at your house tomorrow, and haul you away under the patriot act..

    Not my idea of a fun weekend, trying to explain to a guy with an M16 why he shouldn't shoot me.

    Technically anyone that even reports the mistake to the *public* is potentially violating it. And irresponsible in this case, we aren't talking about some cutesy harmless web defacing, this is the US government defense department.. Morons.

  • Patriotic Honeypots (Score:2, Interesting)

    by Unfallen ( 114859 )
    How long til the .mil and the .gov and the rest realise that spoofed sites like these could be a fantastic tool in capturing possible IPs of those stupid enough to actually try to use them. Even if you chained through a string of proxies to register the domain, it'd still be useless without somewhere to point it at.

    Editing *.mil* domains through a *logged* cgi form on a *.mil* server. Hello, no, I don't think so, thankyouverymuch. Might as well just a T-Shirt saying "got root?" or something... ;)
    • How long til the .mil and the .gov and the rest realise that spoofed sites like these could be a fantastic tool in capturing possible IPs of those stupid enough to actually try to use them.

      If the posts, here on /., are anything to go by, then they will probably end up having range of IP addresses covering the globe, which would probably be a waste of resources trying to see who these people are. A would guess the larger percentage of crackers are akin to the person who tries to get two papers instead of one, from those vending machines, because they are curious to see if it is that easy.
  • Address (Score:5, Informative)

    by AirLace ( 86148 ) on Sunday January 26, 2003 @12:38PM (#5162092)
    The URL is

    It hasn't been possible to add new domains or run queries since Friday, so don't even bother.
  • by Q Who ( 588741 ) on Sunday January 26, 2003 @12:41PM (#5162112)

    I did the process at the .mil NIC site [].

    After you fill all the forms, there's:


    This online program makes no changes to the WHOIS database.

    The scope of this online program is to send the template to the e-mail address entered in the field below.

    Once you receive the completed template, you must forward it to the appropriate point of contact for action.

    The NIC will not process any templates until it receives this template (by email) from the domain administrator or service PMO.

    So you are essentially filling a template, which you can do by hand as well, following the instructions here [].

    It lets you retrieve POC by a handle though. I don't know the access level of this information in USA, but this is quite odd, since it seems that the handles are assigned by initials, and are of progressively increasing length.

    I also wonder where does this interface gets that data from... There's a DB somewhere, and it can be probably hacked via this interface.

  • I want... (Score:2, Funny)

    by Urchlay ( 518024 )
    I want to register always thought it would be cool to have for an email address.

    What about .edu and .gov?
  • by Animats ( 122034 ) on Sunday January 26, 2003 @01:43PM (#5162426) Homepage
    That's exactly the process used in the early days of the Internet, when, to register a domain, you emailed a similar template to somebody at SRI International, which ran the Network Information Center. Then you waited for a week or so for the domain to show up in the HOSTS.TXT file on the FTP server, and months for enough hosts to download it that anyone could reach you. MILNET ran the same way, but somebody at Defense Communications Agency processed the requests for the ".MIL" domain.

    Once DNS came in (yes, there was an Internet before DNS), delegation started working. Early thinking was that you'd have one second-level domain for each large organization, which would then manage its own third-level namespace. MILNET still works that way. Since the military is very hierarchical, the organizational structure matches the DNS hierarchy.

    Historically, there weren't many top-level .MIL updates. Most changes were further down in the hierarchy. If the NIC for MILNET is still using that template, it's probably still that way.

  • All your .mil Base are belong to . us^H^H kp

    The list below contains the two-letter TLDs
    according to IANAs list, all in alphabetical order.

    .kp is for Democratic People's Republic of Korea (North)
  • by Frank of Earth ( 126705 ) <{moc.snikrepf} {ta} {knarf}> on Sunday January 26, 2003 @01:54PM (#5162482) Homepage Journal
    "Any person that registers .mil domain name must pay the annual 35.00 fee and also commit two years in the service of their choice"

  • If you are having trouble finding the admin URL, you can find it at: http://

    If it's not there, it will be shortly...

  • Summary (Score:5, Informative)

    by JWSmythe ( 446288 ) <> on Sunday January 26, 2003 @05:08PM (#5163459) Homepage Journal

    Here's a summary of the proposed domains. :)

    If you want to know who submitted it, read through the comments again.

    Enjoy! (cereal) (caramel) (which would be hehe) ("as I find well toned and armed women hot")
    IN-SOVIET-RUSSIA-we-practice-better-in ternet-secur
    bushisanidiot. mil
    "" (Thousand nigths)
    "" (Two thousand)
    dar (for
  • by toker95 ( 645026 ) < minus pi> on Sunday January 26, 2003 @10:49PM (#5164863)
    For those who REALLY want a .MIL domain name... Having spent a good deal of time in the US Navy dealing with the fun of keeping seperated, classified and unclassified networks, I can tell you exactly how much of a threat this problem is, to national security.. None. At the very worst, as pointed out in earlier posts... slashdotting a public domain .mil site (like would only serve to seriously tick off servicemembers family's, and the average run of the mill PR guys for the navy. Classified servers, sites, and networks are encrypted before they ever touch the same cables as the internet. In many cases, they never DO touch the same cables, but.. Yes, alot of that -classified- traffic passes over the same lines as your average slashdot post, BUT... its highly encrypted before it ever gets there (encryption level and equipment obviously varied by classification level, some data doesn't even get to TOUCH a networked computer). As well, a LARGE portion of the .mil domain's are setup to ONLY see traffic from another authorized .mil network (usually managed by IP address's). If your .mil network needs access to see my network, as well as getting the usual userids and passwords, my net admins need to talk to yours, and put your address into our firewall. So, the threat here? The threat is really only to the fact that its completely possible to now have a bazillion "" websites running around... And this wouldn't HURT anything persay, because most .mil websites are acronyms like "" (for Submarine Squadron Headquarters Norfolk Virginia). US Military bungle? Yes National Security Threat? Minimal... Do you really want a .mil domain? Gee, only if you want to cause unnecessary trouble for a government trying to prepare for war...

Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser