Register your own .mil Domain 334
JWSmythe writes " As reported in This Story at theregister.co.uk ,and on dailyrotten.com, it seems the US Department of Defense has dropped the ball. Not only can you register a .mil domain, but you can find "secret" domains that aren't publically known (the gov't uses security through obscurity?). I'm looking forward to hacker.mil, warez.mil, and porn.mil."
sp (Score:5, Funny)
Re:sp (Score:5, Funny)
Re:sp (Score:3, Funny)
Hmm.... (Score:3, Funny)
Re:Hmm.... (Score:5, Interesting)
nic.mil/cgi-bin/domain [nic.mil]
Re:Hmm.... (Score:2)
Someone should file an incident report form [cert.mil]!
what about... (Score:5, Funny)
General.mil (Score:5, Funny)
Cara.mil (Score:2, Funny)
Perfect... (Score:5, Funny)
Re:what about... (Score:2, Funny)
Re:what about... (Score:3, Interesting)
That's the funniest shit so far today.
The peace.mil was also pretty good.
I'm wondering how with all the billions of dollars we spend on military shit, how the military can constanly screw things up... BTW, was .mil supposed to only be US mil or could any military anywhere get a .mil domain? And what kind of proof did you have to show to prove you were a military organization?
Re:what about... (Score:4, Interesting)
Anyway...
I'm wondering how with all the billions of dollars we spend on military shit, how the military can constanly screw things up...
Because it is run by humans, contrary to some theories on the Left.
BTW, was
US Military only.
And what kind of proof did you have to show to prove you were a military organization?
The command that handles the domain verifies the request. I am sure that there are ways to insert a fake request and have it approved (in addition to this new finding), the same way we inserted false reports about bad Chinese ammunition into the NVA system, etc.
Re:what about... (Score:3, Interesting)
Because we spend $$billions on toys, and virtually nothing on people.
Toys make defense companies rich. Servicemembers are paid less than fast-food workers.
Re:what about... (Score:4, Funny)
I think if you show up at the registrar's door with guns, then he'll accept that you deserve a .mil domain.
Peace? (Score:5, Funny)
Re:Peace? (Score:2)
2600 contest? (Score:5, Interesting)
Re:2600 contest? (Score:3, Informative)
Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?
Their contest says that if you resgister 2600.mil (or any 2600.something) and point it to their website, you get a free lifetime subscription. (I think it's any TLD)
neurostarRe:2600 contest? (Score:5, Informative)
Besides that, the military might have an incompetent admin that exposes something stupid like that, but I for one wouldn't want to try my luck at exploiting it. I think you'd face better odds for survival as a black man spitting on an LAPD officer in a remote area away from public view.
Re:2600 contest? (Score:2)
Re:2600 contest? (Score:2)
Once the military tracks you down, I'm not sure they'd let you read 2600 in prison...
Link to .mil Registry (Score:5, Informative)
Smart move (Score:4, Insightful)
Smart move.
Can you say "honeypot"? I KNEW you could.
Place your bets...... (Score:2)
How long will it be before some A/C posts them here?
Re:41 minutes... (Score:2, Insightful)
None whatsoever of course!
Re:41 minutes... (Score:3, Funny)
Anyone want to bet whether the military can find the offender? Oh, they can probably find which country it was done from. Does anybody want to call the responsible person a terrorist and start a war against the country?
Re:41 minutes... (Score:5, Funny)
Probably none at all. This seems like one of those special "extra-constitutional" areas where someone just disappears and winds up in Git-Mo (Guantanamo Bay). Perhaps "volunteering" their time being chased through the jungle with sensors attached so that 'American Army II' will be even more realistic.
You think that NataliePortman.mil is funny, wait till you see 270 pounds of 5'8" nerd huffing and puffing his way through the jungles of Cuba with the Marines in hot pursuit.
Matthew
Nothing to see here (Score:5, Funny)
Lose your +2? (Score:5, Interesting)
Ok, so the new way of doing things is that instead of adding a point to your comment's overall score when you post with your karma bonus, your comment is posted at 1 with a separate "karma_bonus=yes|no" variable. Thereafter, users can specify how much weight to assign to the karma bonus on their preferences page. This was 0 when the editors quietly rolled in the changes without telling anyone (why so sneaky?), but has since been changed to '+1' by default, to by default be the same as the old way.
So, your comment that got 3 good moderations is scored at 4/1. Users who have a '+1' modifier to karma bonus will see this comment at 5, whereas users with a '0' karma modifier will see it at 4, and users with (for whatever reason) a '-6' modifier will see it at -2. If such a thing were possible.
Unfortunately, I see this as making it unlikely that comments posted with a karma bonus will ever be modded up to 5, since most moderators will be viewing with a karma bonus and see that the comment is already scored at 5, and that it therefore cannot be modded up further.
I'm going to say that the way this was changed was disgraceful. There is no reason not to maintain a place on slashdot indicating how the code is being changed. I have relied on CmdrTaco's journal [slashdot.org] to inform me of changes, but in this case it was silent, and after thinking about it further, it's still a crappy way of running things.
It all goes back to the difference between slashdot as community and slashdot as business. As a business, sure, slashdot can do whatever the hell it wants, who am I to lecture, blah blah blah. But as a community, changing things in profound ways without approval, comment, or even notification is bastardly. And slashdot as a business would do well to perceive its dimensions as a community.
The Register story is two days old. (Score:5, Insightful)
As far as I know The Register broke the story, and nobody else has cited information that wasn't in The Register's article.
Does anyone have a screenshot of this site?
Re:The Register story is two days old. (Score:2)
And yeah, I'm a bit peeved I didn't get the credit...
Re:The Register story is two days old. (Score:2, Interesting)
Re:The Register story is two days old. (Score:2)
Impressive? (Score:3, Funny)
Re:Impressive? (Score:4, Funny)
I pitty the poor idiot who actually uses that ! (Score:3, Insightful)
Re:I pitty the poor idiot who actually uses that ! (Score:2)
In a related story... (Score:5, Funny)
Early reports indicated that Jenna was involved, but this has to be corroborated!
n2q
Re:In a related story... (Score:3, Funny)
Re:In a related story... (Score:5, Funny)
Clinton?
ya, but is it worth the risk? (Score:2, Insightful)
BTW, this story is old, i read it yesterday.
Your Government At Work (Score:2, Interesting)
I'd like to see... (Score:5, Funny)
Come on, that was funny!
Oh well..
--Dan
How long before Google is sued? (Score:5, Interesting)
This implies that even if the DoD fixes the problem, the Google caches will still be available (until they expire or are replaced). Now, in the past, we've heard reports of people being upset that Google cached information. However, this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache? Will Google be told that cacheing links is now illegal because it could aid terrorists? Will they be prevented from cacheing .gov and .mil? Will Google be sued out of existence?
We've all found Google caches to be useful, when, say the documentation for an open source project is hosted via 56K modem line in the Czech Republic, for example, or even when a site is Slashdotted, but it'll be interesting to see what happens about this, and how the goverment may over-react.
(Note, if you're too stupid to understand this, I'm not talking about blame here - don't bother saying "Google rulez, the militery is dum asses for leeving these sitez open, u r an idiot...". I'm talking about reprocussions. Certainly Google doesn't "know" what information a link contains when they cache it. Certainly it's the government's fault for leaving open admin pages with default passwords listed on the page. But just because someone isn't at fault, doesn't mean they can't get screwed over.)
Re:How long before Google is sued? (Score:2, Informative)
The good part of the DMCA will save them (Score:2)
In addition to their compliance with the DMCA notification, they also provide a help page and automated removal system [google.com] for the desparate. (See the last section of the page for the DMCA notification instructions, which involve physical letters and legal affirmation of ownership.)
Note that this is the "good" provision of the DMCA, preventing people from being liable for content they merely cache, not actively provide.
Since in this country the military isn't above the law, they'd still have a hard time finding something illegal that Google did. They don't have the luxury of simply not liking someone, like in some countries. If they don't want to be cached, the law says it is their obligation to opt-out, not Google's.
Re:How long before Google is sued? (Score:5, Interesting)
Good point in general, though. Seems like the maintainer of a website should have the ability to remove content from said website, in the event that it turns out to not be true, to be libelous, dangerous, or any number of other things. I've always thought a Google feature to purge specific pages from the cache would be a good idea, but the implementation of that would be tricky.
One of the biggest problems with this is how to ensure that the requestor is authorized to speak for the website? A good first thought is to coordinate with the e-mail addresses in the whois record for the domain, but of course any domain can have any number of separate websites managed by different people.
Let me think aloud for a moment... we know that Google looks for a robots.txt file before indexing a site. Let's say that a field were added to the robots.txt file that identifies a specific PGP key that is authorized to perform such actions. Not specific to Google, of course... this would be the e-mail address that speaks for the site in any number of ways. Something as simple as:
MaintainerKey: 9AB3250D
I don't know a whole LOT about PGP, but I think I know that each public key has a hex identifier (mine is above) that uniquely identifies it and allows others to request it from a keyserver.
When an e-mail formatted in a specific format (at the discretion of Google and other individual publishers of course) comes in, the public key can be retrieved and the signature of the e-mail validated, and they at least know that the sender is authorized by the site to speak for it. Action from this point forward would be at the discretion of Google, but this is at least a potential TECHNICAL solution to the problem of access.
Then there's the matter of public key revocation and expiration. Perhaps it's a better idea to have an e-mail address is the robots.txt file and to accept e-mail from that address provided that the current PGP public key is used to sign the message.
Again, just thinking out loud...
Re:How long before Google is sued? (Score:2)
this time, the cache contains information pertaining to "national security" (that great new buzzword). I wonder, what will happen? Will these URLs be silently deleted from the cache?
I'm guessing they'll follow the clear, easy-to-use instructions here, and hide/edit/erase the page on thier servers, then use this tool [google.com] to get the googlebot to spider the page again, overwriting the current cached copy.
That would seem the sensible option to me, anyway.
Michael
Aaahh (Score:5, Informative)
Re:Aaahh (Score:5, Informative)
Won't work without a .mil email address, though.
Re:Aaahh (Score:2)
Re:Aaahh (Score:2, Interesting)
NOTHING.
It gives you a text template which you are intended to then mail in.
This is not a story.
Re:Aaahh (Score:2, Informative)
Re:Aaahh (Score:4, Funny)
Anyone with a decent sized pay site only needs to check their web server logs.. The script kiddies that try to crack passwords are great for supplying me with an endless supply of anonymous web proxies.
Re:Aaahh (Score:5, Informative)
Re:Aaahh (Score:5, Informative)
-Mark
Re:Aaahh (Score:5, Informative)
I found references to http://www.nic.mil/cgi-bin/whois on google. I was debating on trying
Instead, I searched for
admin http://www.nic.mil
on Google, to verify the news. I ended up clicking on a web site that shows beginning web masters useful resources.
From there, I went to the site one level above, and from there clicked a link to view a document about standard run of the mill no big whoop procedures about webmastering (pretty useful if you want to be a contractor or write software and have it comply, I assume.)
BTW the security notice on this document is a link to army.mil's privacy policy, which says:
Information presented on Army Home Page is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested.
Anyway, on this document I was just describing, click the second link to the defenselink webmasters area.
There (which is also public according to their stated policy) you can click on "Domain Registration in the
http://www.nic.mil/ftp/mgt/bul-9605.txt [nic.mil]
These are just public info resources. army.mil's security policy says if you try to upload or change stuff, that's what they care about.
Re:Aaahh (Score:2, Insightful)
"Delete an existing host"???
Some 14-year-old is going to get arrested for taking down af.mil, army.mil, navy.mil, ad nauseum ad infinitum...
Geez. Shouldn't Homeland Security be bitchslapping our own agencies around as well as chasing bad guys?
Re:Aaahh (Score:5, Funny)
AF.mil does not count, we are only talking about the real military here.
Comment removed (Score:5, Insightful)
Re:Don't do it... (Score:2)
Oh come on! Look at the Osprey(sp?) aircraft or the M-60A2 tank . . .
Re:Don't do it... (Score:2)
No harm is going to come to the military if someone spoofs their system somehow and registers gaysex.mil and sends it goatse.cx or some other juvenile prank.
If a spoofed site actually got up (no pun intended) the admins can delete the domain in 5 seconds.
However, if they want to make examples of someone its not going to be some 14-year-old who used linux-on-an-xbox to hack their facile domain registration template, its going to be the gatekeepers who had their trousers around their ankles, and their heads in the gaping anus of the goatsecx guy.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Re:Aaahh (Score:3, Informative)
http://nic.mil/cgi-bin
http://nic.mil/cgi-bin/ip-num
http://nic
http://nic.mil/cgi-bin/asn
http
http://nic.mil/cgi-bin/ro
http://nic.mil/cgi-bin/host
other toys
http://frwebgate.access.gpo.gov/cgi-bin/use
http://boulder.noaa.gov/noc/nhcexit.txt
clever (Score:3, Funny)
??
But, but.. the RFC says... (Score:2)
here it is... (Score:5, Informative)
Re:here it is... (Score:2, Interesting)
Re:here it is... (Score:2)
We don't have to. We'll simply send an unmanned drone plane to shoot missiles up your ass.
Re:here it is... (Score:3, Interesting)
And, no. I'm not going to be the one to try it.
How to bring down... (Score:5, Funny)
1) Register slashdot.mil
2)Point
3)BANG!
-Mark
This just in (Score:3, Funny)
DARPA will be settting up a special project to coordinate the information. In keeping with its hiring policies the Bush administartion will give the post to a senior military official from a prior administration.
Oh wait...
Here is the access list (Score:5, Informative)
Re:Here is the access list (Score:3, Interesting)
Open access to a list of IP addresses of
Re:Here is the access list (Score:4, Interesting)
What's even more depressing is that it looks like some of these guys use AOL...
Gives new meaning to... (Score:2, Insightful)
-madgeorge
Want more info...try RFC 1956... (Score:2)
For more info, help yourself to RFC 1956 [faqs.org]
n2q
hmm (Score:2, Interesting)
Oh great (Score:5, Funny)
Now repeat after me...I will not slashdot military websites...:)
ooo ooo! (Score:2)
(Yes, I'm a Stargate fan.)
Great, piss off the DOD (Score:2)
Not my idea of a fun weekend, trying to explain to a guy with an M16 why he shouldn't shoot me.
Technically anyone that even reports the mistake to the *public* is potentially violating it. And irresponsible in this case, we aren't talking about some cutesy harmless web defacing, this is the US government defense department.. Morons.
Patriotic Honeypots (Score:2, Interesting)
Editing *.mil* domains through a *logged* cgi form on a *.mil* server. Hello, no, I don't think so, thankyouverymuch. Might as well just a T-Shirt saying "got root?" or something...
Re:Patriotic Honeypots (Score:3, Insightful)
If the posts, here on
Address (Score:5, Informative)
It hasn't been possible to add new domains or run queries since Friday, so don't even bother.
Since Slashdot if a Pussy-land... (Score:5, Informative)
I did the process at the .mil NIC site [nic.mil].
After you fill all the forms, there's:
PAY ATTENTION!
This online program makes no changes to the WHOIS database.
The scope of this online program is to send the template to the e-mail address entered in the field below.
Once you receive the completed template, you must forward it to the appropriate point of contact for action.
The NIC will not process any templates until it receives this template (by email) from the domain administrator or service PMO.
So you are essentially filling a template, which you can do by hand as well, following the instructions here [nic.mil].
It lets you retrieve POC by a handle though. I don't know the access level of this information in USA, but this is quite odd, since it seems that the handles are assigned by initials, and are of progressively increasing length.
I also wonder where does this interface gets that data from... There's a DB somewhere, and it can be probably hacked via this interface.
I want... (Score:2, Funny)
What about
That's the way it's been for decades (Score:5, Informative)
Once DNS came in (yes, there was an Internet before DNS), delegation started working. Early thinking was that you'd have one second-level domain for each large organization, which would then manage its own third-level namespace. MILNET still works that way. Since the military is very hierarchical, the organizational structure matches the DNS hierarchy.
Historically, there weren't many top-level .MIL updates. Most changes were further down in the hierarchy. If the NIC for MILNET is still using that template, it's probably still that way.
Has to be said (Score:2)
Read the fine print (Score:5, Funny)
The Address: honeypot.mil (Score:2)
If it's not there, it will be shortly...
Summary (Score:5, Informative)
Here's a summary of the proposed domains.
If you want to know who submitted it, read through the comments again.
Enjoy!
Al-Queda.mil
runofthe.mil
General.mil (cereal)
Cara.mil (caramel)
Rumor.mil (which would be slashdot.org.. hehe)
rastafarian.mil
peace.mil
Piece.mil ("as I find well toned and armed women hot")
starfleet.mil
diploma.mil
peace.in.our.t
gin.mil
pointlessdeath.mil
2600.mil
Na
runofthe.mil
slashdot.mil
ally
IN-SOVIET-RUSSIA-we-practice-better-i
in.soviet.russ
slashdot.mil
kevinmitni
2600.mil
fuckedcompany.mil
bushisanidiot
ashcroftisan ass.mil
sgc.mil
weoverthrewiran.mil
weoverthre
weassinatevietnamese.mil
wekillci
wesupportcoupinchile.mi
wesupp
wetrainedosama.mil
w
wegavesaddammoney.mil
wegave
weoverthrewpanama.mil
webombaspi
"noches.mil" (Thousand nigths)
"dos.mil" (Two thousand)
blackop.mil
pepper.mil
paper.mil
da
deathstar.mil (for dvader@deathstar.mil)
milf.mil
Wind.mil
honeyp
This is a great find.. . (Score:4, Informative)
Re:hard to believe (Score:2, Informative)
Re:hard to believe (Score:2)
My last place of employment had a tech that overrode my plan to use an anonymous FTP server because he heard that was insecure. Instead he setup a username for the account and embedded the username and password in the publically available software
But in general that's the exact sort of thing I expect to find anywhere you have people who know just a little too much but not quite enough to make informed security plans.
Re:A superbly awesome idea (Score:2, Funny)
in.soviet.russia.mil.registers.you.mil
Daniel
Re:Of course... (Score:3, Informative)
Don't get to excited:
Of course, not wanting to be labelled a combatent, that's as far as I went.
Re:NIPR.MIL (Score:2)