[Fsfe-se] Säkerhet och KBM

Jeremiah Foster jeremiah.foster at gmail.com
Wed Mar 9 10:59:04 CET 2005


After reading an article in GP today I went to KBM's web site to find 
further information on their advice to myndigheterna i sverige. I found 
this there:

"Det finns även ett stort behov av kvalificerade utbildningar inom 
informationssäkerhetsområdet och det krävs breda satsningar för att höja 
såväl kunskapen som medvetenheten om dessa frågor hos slutanvändarna, 
eftersom det oftast är deras datorer som utgör mål eller delmål för 
många IT-attacker."

Yet astonishingly I see that KBM are running Microsoft's operating system:

# curl -I http://www.krisberedskapsmyndigheten.se
Date: Wed, 09 Mar 2005 09:13:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322

# curl -I http://mail.krisberedskapsmyndigheten.se
HTTP/1.1 302 Object Moved
Location: https://mail.krisberedskapsmyndigheten.se/exchange/
Server: Microsoft-IIS/5.0

This is not unusual in Sweden as this link shows - 

Sweden is virtually a mono-culture of IIS servers exposing a significant 
threat to national information and security. Industrial espionage, as 
witnessed at Ericsson - 
is a serious threat to Swedish companies because they rely on insecure 
Operating Systems with an flawed security model. In the above Ericsson 
case Swedish national security information was stolen and provided for 
sale on the internet.

FSFE would be well served by formally informing KBM about the security 
benefits of Open Source and Free software, including the Apache web 
server. The Swedish Emergency Management Agency (SEMA) or KBM in 
Swedish, ought to have secure servers to handle information and 
communication in case of national emergency, or a broad attack by 
foreign governments like Russia or the US.

KBM should follow their own advice.


More information about the Fsfe-se mailing list