[Full-disclosure] Not even the NSA can get it right

[Lachniet, Mark]

Puhleeze, do you really think that tax funded organizations have nothing
better to do?  Government faces a continual battle for resources and
time.  Setting up a "honeypot" as putzy as this would take time and
effort that could be much better spent.  Are you sure it's the NSA that
is paranoid?

Mark Lachniet

> -----Original Message-----
> > lol are you guys joking?  They wouldn't allow an xss bug on their 
> > website on purpose come on now.
> 
> You're not devious enough.  Remember that the *best* place to 
> put a honeypot is right out there in plain sight where it's 
> likely to attract
> attention.   So now they've grepped their Apache logs, and they've
> added several dozen people to their "suspected script kiddie" list.
> 
> (Remember - the NSA probably knows more about proper 
> airgapping than anybody.
> All *those* webservers have on them is non-sensitive content, 
> so you can't actually *get* anything really interesting to 
> happen - in the NSA view of the world, "public website gets 
> defaced" isn't particularly interesting or noteworthy).
> 
>