Air Force hit with security breach

Air Force officials are busy notifying more than 33,000 airmen that a security breach has occurred with the Air Force's online assignment and career management system. Officials with the Air Force Personnel Center noticed "unusually high activity on a single user's Assignment Management System account in June," according to an Air Force announcement released on Friday. The attacker accessed and downloaded such personal information as birthdates and social security numbers via a user's legitimate log-in information.

The incident occurred at the Randolph Air Force Base in Texas. Officials at the base have contacted the Air Force and federal investigators and an investigation is ongoing, according to a military spokeswoman.

[educateme]

3 guesses which OS the Air Force had been using?

If you look back about 3 years ago you will see big headlines <br />that the Gov't. was signing onto a sweet multi-hundred million <br />dollar deal to use Microsoft software on all the armed forces <br />networks and systems. It sounded funny then, knowing the <br />Gov't. had just wasted how much time and money to sue <br />Microsoft in court, and then gave up when the woman judge, <br />with no brains or balls, told the 2 sides to work it out, how <br />brilliant; instead, the Gov't. gave in, letting them off. So after <br />that, to hear they are going to supply software to the military <br />was like a joke, anyone who knew software, knew Microsoft did <br />not build secure systems, so how could the military expect to <br />have anything but a ticking bomb waiting in a security breach <br />like this. Just goes to show you where your tax dollars are <br />wasted on Gov't. spending, both in courts, and now in fixing the <br />breach. Plus how much money businesses and people have to <br />spend daily, to clean up after Microsofts broken software with <br />glitches, patches, updates, rebuilds, breaches, recovery, etc etc <br />etc. Now you know why MSFT is one of the only companies that <br />made over $1 billion per month last year, while the rest of the <br />US industry and economy is ogoing to hell in a hand basket. <br />Something looks lopsided about all the money they make, it <br />seems more like theft.

[Llib Setag]

Bears repeating...Don't Let Microsith OS cause a Cyber911

I know, I know...been there done that.<br /><br />But this is serious business when the US Military is hacked for <br />SS#'s, identity theft due to lame MS-OS.<br />YES I get it that C/NOT did not (will not) reveal the USAF OS, but <br />we already know that the Gov't &#38; MS are in bed together &#38; that <br />MS-OS IS currently on US Navy battleships &#38; aircraft carrier <br />command computers....<br /><br />WAKE UP PEOPLE! (it bears repeating this previous comment)<br /><br />Microsith OS: A cyber terrorist Window of opportunity.<br />Posted by: Llib Setag <br />Posted on: August 19, 2005, 11:12 AM PDT<br />Story: Week in review: Worm wallops Windows<br />Have you ever noticed that when CNN shows the troops <br />capturing &#38; dragging suspected terrorists from the caves, they <br />frequently find their MS Windows PC laptops &#38; search for <br />terrorist activity on the hard drives? Coincidence? Hugh amounts <br />of money &#38; they use MS PC Windows laptops?<br /><br />US DOJ had their chance &#38; they agreed that Microsith is an illegal <br />monopoly, but refused to break the monopoly apart or control <br />their illegal activities worldwide. MS Monopoly money goes very <br />deep into the pockets of the U.S. Government in Washington <br />D.C.<br /><br />U.S. Gov't. has suggested that MS should be considered for a <br />national ID card for all citizens &#38; immigrants of the USA, as part <br />of their homeland security defense. Citizen Gates with the Dept. <br />of Homeland Security would "manage" all important data of all <br />citizens.<br /><br />U.S. Gov't. has recently suggested that MS Internet Explorer be <br />the ONLY Internet Browser of the Government. <br /><br />MS-OS control battleship &#38; aircraft carrier computers.<br /><br />But noooooooooo, the terriorist wouldn't think of taking <br />advantage of the structural weaknesses of the US-MS software <br />that is on the governments computers, the US military <br />computers, the US airports computers, the banking + <br />investment computers &#38; the majority of the US citizens <br />computers. Why would they want to do that...?<br /><br />WAKE UP PEOPLE! <br />These worldwide cyber attacks are not just some smart punk <br />kids having a laugh. These attacks are effecting millions of <br />businesses &#38; costing them BILLIONS of dollars. These "phishing" <br />scams through IE Outlook are ripping off money from innocent <br />people &#38; growing identity theft is a major problem. <br /><br />Don't make it easy for criminals / terrorists by using faulty <br />software full of security holes that Citizen Gates can't plug fast <br />enough.<br /><br />Don't allow a Cyber-911 to happen.

OS

It is possible that Cnet does not know the OS that the Airforce was using, although "we know" that more then likely it was Microhole. The register.com also did not report the OS either.

[Andrew J Glina]

Assumptions

It doesn't take much to get these guys cutting and pasting old over-hyped opinions. Even though the story missed two key facts it is no deterrent. The story did not mention the actual OS nor the method of getting into the account. Aside from OS hacking, it could have been an internal job, someone leaving a computer logged on, bad physical security, weak passwords, etc.<br /><br />Wow. I am impressed. Never let facts, or lack of, get in the way of a good rant.

[Llib Setag]

USAF uses MSIE "security version"?

Get the facts before you ASSume that others are wrong AG...<br /><br />23 November 2004<br />US military gets its own secure version of Windows<br />By Ellen Messmer, Network World Fusion<br /><br />The US Air Force has had enough of Microsoft's security <br />problems. <br /><br />But rather than switch to an alternative, it has struck a deal with <br />CEO Steve Ballmer for a specially configured version of Windows <br />to be used by all its 525,000 personnel and civilian support <br />staff.<br /><br />Air Force CIO John Gilligan said the department wants to use a <br />single version of Microsoft products, built with extra security, on <br />its desktops and servers to help it reduce the problems it faces <br />in applying software patches whenever Microsoft announces new <br />vulnerabilities.<br /><br />The new deal sees the consolidation of 38 separate contracts <br />with just two. The new contracts involve Microsoft supplying a <br />version of its desktop and server operating system and <br />applications that include System Management Server 2003, <br />Office 2003, and Exchange. The new arrangement will save the <br />Air Force about $100 million, according to Gilligan.<br /><br />The Air Force will receive automated patch updates under a <br />program in which Microsoft will give the Air Force special <br />attention to identify new vulnerabilities early on.<br /><br />The laborious patch testing and distribution process would be <br />automated through a single center. All Microsoft software <br />purchasing will also be made centrally from now on.<br /><br />The Microsoft products will be configured under guidelines still <br />to be determined but expected to be based on input from the <br />National Security Agency, Defense Information Systems Agency <br />as well as the Center for Internet Security.<br /><br />The Air Force endures about one network-based attack per week <br />that successfully exploits new vulnerabilities, Gilligan said. <br />"There's some disruption and loss of capability," he pointed out, <br />noting that Air Force bases all over the world support the <br />operations of the war in Afghanistan and Iraq. "We're spending <br />more money patching and fixing than buying software," said <br />Gilligan. It's not unusual for patching of vulnerabilities to take <br />months to complete, he said.<br /><br />Gilligan acknowledged that in grappling with the patch-update <br />issue, the Air Force had considered transitioning to open-source <br />software but determined the transition costs would simply be <br />too high. Also, he noted that all software from all vendors, as <br />well as open source, faces the problem of newly-discovered <br />vulnerabilities that have to be patched.<br /><br />The Air Force operates several hospitals, and many medical <br />devices used in operating rooms also use commercial operating <br />systems, including Microsoft's Windows. Gilligan said the Air <br />Force is mindful that these medical devices also face patching <br />issues and that medical devices can also be vulnerable to attack <br />when they are left unpatched

[Andrew J Glina]

I am assuming nothing except your bias

1. It does not say when the OS will be the norm. From my experience it is common for a 1-2 year change-over. Nor does it say that Microsoft is the sole software supplier.<br /><br />But more importantly...<br /><br />2. The issue of infiltration method has not been addressed. You instantly assumed that it was a Microsoft related flaw when the story did not say that at all.<br /><br />But there is no need for name calling.