Friday, August 30, 2019

Are The Pentagon's Computer Networks Secure?

Reina Staley, co-founder of the Defense Digital Service, and Jack Cable, right, discuss culture at the Wall Street Journal's Future of Everything conference in May. (DDS)

Fifth Domain: How one teenager took out a secure Pentagon file sharing site

By last October, the Pentagon’s Vulnerability Disclosure Program had processed thousands of loopholes in the Department of Defense’s websites.

Then it received a report from Jack Cable.

On Oct. 25, Cable, who worked for the Defense Digital Service and was a freshman at Stanford University, reported a problem to the department through the Pentagon’s HackerOne vulnerability disclosure page.

Typically, vulnerabilities sent to the DoD through a disclosure program operated by HackerOne, an ethical hacking company that manages reporting programs for various organizations, require a simple reconfiguration or software patch. Of the 16 problems reported to the DoD on the average day, 11 tend to require action by the Pentagon, Kris Johnson, director of the Vulnerability Disclosure Program (VDP) at the DoD’s Cyber Crime Center (DC3), told Fifth Domain in an exclusive interview.

Read more ....

WNU Editor: File sharing platforms are always vulnerable, and this Pentagon platform has been around since 2001. A lot has happened since then, and kudos to this teenager for spotting it and pointing it out. On a side note, the Pentagon’s Vulnerability Disclosure Program has definitely been a success.