Misconfigured Pentagon servers could have been exploited for cyberattack

By Jonathan Keane February 3, 2017

vulnerable pentagon servers the united states department of defense — Image used with permission by copyright holder

A cybersecurity researcher has discovered a number of misconfigured servers belonging to the Department of Defense that could have left internal networks vulnerable to outsider access and attack.

According to Dan Tentler of Phobos Group, these vulnerable servers could have been used, in theory, to carry out cyberattacks to make them look like they were perpetrated by United States actors. No classified information could be accessed through these vulnerabilities however.

“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the U.S. as culprits in hacking attacks if they so desire,” Tentler told ZDNet.

Last year the Department of Defense launched its first bug bounty program. It allows accredited white hat hackers to test various (but not all) of the Pentagon’s public facing networks for bugs. Hackers are limited to the department’s services on the defense.gov and .mil domains. The servers that Tentler discovered were within these domains.

Tentler said it was “very likely” that these servers have been exploited already. The Pentagon was allegedly made aware of the misconfigured servers eight months ago but has yet to patch the flaws. Tentler reported the bugs to HackerOne, which operates bug bounty programs, but given the rules of the program, he is limited in what he can disclose publicly.

Tentler himself is critical of the cybersecurity preparedness of the Pentagon, and the government in general. “The Pentagon has created a circumstance where the good guys can’t find the problems because we’re not allowed to scan, or go out of scope, or find things on our own,” he said, while bad actors can tinker away at these systems with little or no regard.

Much has been made about how the Trump administration will handle cybersecurity. Tentler added that leaked plans to carry cyber reviews on federal systems every 60 days “demonstrates a complete lack of understanding what the existing problems are.”

Topics

Former Digital Trends Contributor

Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…

Computing

Quest Pro 2: What we know about Meta’s next premium VR headset

From a side view, you can see how glasses can be worn along with a Quest Pro.

While Meta’s Quest Pro is one of the best VR headsets available, it never reached its full potential as a laptop replacement for spatial computing. Meta hasn’t given up on making a work-centric solution, and rumors suggest a Meta Quest Pro 2 is still in development. Here’s what we know so far about Meta's answer to Apple's Vision Pro.
Meta Quest Pro 2 release date speculation
It’s difficult to make a solid prediction on when Meta will launch the Quest Pro 2. Meta CTO Andrew “Boz” Bosworth made it clear in an Instagram AMA that Meta is continually prototyping new VR headsets to find out what’s possible with current technology. That gives Meta more flexibility than manufacturers that research for years before doing hardware testing.

If Meta is satisfied with the performance of the Snapdragon XR2+ Gen 2 and LG can deliver enough micro-OLED displays, the Quest Pro 2 could arrive as early as this October at Meta Connect 2024.

Computing

Does RAM speed matter for PC performance?

Installing RAM sticks in a motherboard.

RAM is one of the primary components in a PC, and it's important that you have at least a certain amount of RAM depending on what you want to do with your PC. However, there are more things to RAM than just capacity: Frequency and latency are important considerations, too.

The question of whether RAM speed matters is especially important now that we have two generations of RAM available, both DDR4 and DDR5 -- and they have vastly different speeds. The official maximum clock speed for DDR4 was 3200MHz, while DDR5 starts at 4800MHz, an increase of 50%; however, you'll easily find RAM kits reaching above 7000MHz. Although latency significantly went up, from CL14 on most 3200MHz DDR4 kits to CL40 on most 4800MHz DDR5 kits, DDR5 is still found to be faster.

Computing

The 6 best 2-in-1 laptops for drawing in 2024

Portal RTX running on the Surface Laptop Studio 2.

Whether you're a seasoned professional or enjoy drawing as a hobby, investing in a 2-in-1 laptop is a great idea for all sorts of artists. Drawing on a laptop makes it easy to quickly share your creation with others, which is especially useful if you're doing it as a professional–negating the need to upload your pen-and-paper sketch to the computer before sending it to a client. Moreover, working on a laptop lets you undo mistakes, zoom in to better handle small details, and quickly change utensils.

There are a lot of perks to drawing on a 2-in-1 laptop, but not all of them are great for creators. Some have unresponsive displays that can't register all your movements, while others might have a lackluster resolution or color spectrum that turns most images into a muddled mess. Because of that, it can be hard figuring out which laptop is best for your needs. And if you'll be spending a good chunk of change on the laptop, you'll want to make sure you get it right.