[Fsfe-se] Säkerhet och KBM
Jeremiah Foster
jeremiah.foster at gmail.com
Wed Mar 9 10:59:04 CET 2005
Hej,
After reading an article in GP today I went to KBM's web site to find
further information on their advice to myndigheterna i sverige. I found
this there:
"Det finns även ett stort behov av kvalificerade utbildningar inom
informationssäkerhetsområdet och det krävs breda satsningar för att höja
såväl kunskapen som medvetenheten om dessa frågor hos slutanvändarna,
eftersom det oftast är deras datorer som utgör mål eller delmål för
många IT-attacker."
Yet astonishingly I see that KBM are running Microsoft's operating system:
# curl -I http://www.krisberedskapsmyndigheten.se
Date: Wed, 09 Mar 2005 09:13:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
# curl -I http://mail.krisberedskapsmyndigheten.se
HTTP/1.1 302 Object Moved
Location: https://mail.krisberedskapsmyndigheten.se/exchange/
Server: Microsoft-IIS/5.0
This is not unusual in Sweden as this link shows -
http://www.netcraft.com/surveys/analysis/https/2004/Jan/CMatch/Cosdv_se.html
Sweden is virtually a mono-culture of IIS servers exposing a significant
threat to national information and security. Industrial espionage, as
witnessed at Ericsson -
http://www.computerworld.com/printthis/2005/0,4814,100258,00.html
is a serious threat to Swedish companies because they rely on insecure
Operating Systems with an flawed security model. In the above Ericsson
case Swedish national security information was stolen and provided for
sale on the internet.
FSFE would be well served by formally informing KBM about the security
benefits of Open Source and Free software, including the Apache web
server. The Swedish Emergency Management Agency (SEMA) or KBM in
Swedish, ought to have secure servers to handle information and
communication in case of national emergency, or a broad attack by
foreign governments like Russia or the US.
KBM should follow their own advice.
Jeremiah
More information about the Fsfe-se
mailing list