Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Google Hacking’ Category

TSA & DHS, Trust US With YOUR Data!

with 2 comments

Washington (CNN) — Five Transportation Security Administration employees have been placed on administrative leave after a sensitive airport security manual was posted on the Internet, the agency announced Wednesday.

The TSA said the version of the manual that ended up online was several editions old and did not expose the agency’s current airport screening protocols. And Homeland Security Secretary Janet Napolitano told a Senate committee Wednesday that, “The security of the traveling public has never been put at risk.”

The manual outlined screening procedures for law enforcement officers, diplomats, prisoners, federal air marshals and others.

Full Story:

Well, I have been saying this kind of thing for some time.. Meh, they made a boo boo… Or, shall we see more? Check the link below for an answer to that one…

I was inspired last night and did some Googling with key words including SSI (Sensitive Security Information) Sure enough, within the DHS/TSA domains you can still get hold of more SSI documents.

TSA & DHS FAIL

These are the people in charge of our safety… Makes you feel all warm and safe huh?

CoB

Written by Krypt3ia

2009/12/10 at 01:43

Googling OPSEC FAIL

leave a comment »

 

While Googling the .gov today I came across an interesting little document that contained the following pages.

NEP 1

NEP 2

NEP 3

NEP 4

What are they? They are the code names and proposed dates for 2009/2012 DoD and government terrorism drills. One might ask, “umm how come this is available online and why is it marked as UNCLASSIFIED?” I certainly did…

Of course it could be that this is all harmless and not something to worry about, but, usually when code word operational (even drills) plans are out there to be Googled, one has to wonder just how much a Jihadist might like to have the data.

Well, I guess the next step is to start Googling all those code words and see what comes up… I should think that this stuff at least should be FOUO.

CoB

Written by Krypt3ia

2009/11/04 at 01:28

Posted in .gov, Google Hacking, OPSEC

Nuclear OPSEC FAIL

leave a comment »

While surfing the intertubes today I came across this little piece of OPSEC FAIL on the DOE.gov site. I believe it is a planned site per the document, but, this is rather detailed even for a plan to just be out there for any Jihadist to download.

This brings up the whole OPSEC issue. Too many places just fail to understand the precepts of OPESEC even within the rarefied air of the DOE where super mental genius’s work on the next generation transwarp drive. It seems especially these folks fail to understand the needs for secrecy.

Of course looking toward the private sector, I see way too many places that fail to comprehend OPSEC never mind try to implement and enforce the rules surrounding it to protect their data.

Even defense contractors… Now there’s a scary thought huh?

Oh well.. Lets just hope the next wave of homegrown jihadi’s can’t read or use Google.

… Now where is that zombie apocalypse we were promised?

Written by Krypt3ia

2009/10/30 at 01:21

OIG_09-101: Vulnerabilities Highlight the Need for More Effective Web Security Management

leave a comment »

Vulnerabilities Highlight the Need for More
Effective Web Security Management

So it seems that the OIG finally caught up wth DHS about their poor internet security. The OIG hired some consultants and poked the DHS.gov site and others. What came out was, well, they were rather weak on the security thing. This is nothing new, I have been googling around their stuff for some time now and in fact, they and often the LEO’s that they pass data too leak said data like a sieve much of the time. I cannot tell you how many documents end up on wikileaks because of their problems… Never mind how much they may have been hacked by foreign powers or the kiddies.

What makes me laugh the most is that they have redacted the report with yellow highlight but failed to remove the listing of all the sites that they audited! Hey kids! C’mon over to these here sites! They’re vulnerable!

PDF

Written by Krypt3ia

2009/10/14 at 02:00

Googling

leave a comment »

It’s hard to trust your government and military when they make rookie mistakes like this I mean, what were they thinking? I really wonder though what exactly “DEEP RED” is.. Maybe I should call the number? I suggest that the military work with Google to remove such things from their cache and perhaps use some robot.txt functions huh?

Written by Krypt3ia

2009/02/18 at 23:43