According to
this article on the register, the DoD has a gaping security hole allowing anyone to confiure .mil domains. Add their own, or edit an existing one.
Apparently there is a cached step-by-step guide for how to admin .mil domains, complete with the default usernames and passwords stored in the google cache system, although the reg refuses to give an indication of any useful search terms needed to locate it.
This brings many interesting questions. If I were to make use of this unprotected system, can I face punishment for hacking military web sites, or am I not doing anything illegal considering the web page is accessible to the public and gives no indication that the advice should not be used without being an employee of [wherever].
Are the DoD responsible for their mistake? If I register a domain on the .mil namespace, do I have any rights to it? Or do they have the right to delete it because I was mistakenly given access to their systems?
Hybrid Mode
