stupidity.gov

This is stupid. A while back, it was discovered that the U.S. government's registration site for .mil domain names was wide open, making it possible for anyone to register a name that appeared to be controlled by the U.S. military.

Now they've found a .gov site that appears to be bogus, and people are scratching their heads about how a guy who makes amateur hip hop records is also a super-secret contractor for the Pentagon.

Hint to reporters looking into this story: He's not. There clearly must have been an easily-exploitable way to get a bogus .gov domain name, and if I had to guess, I'd bet it's through some fairly simple social engineering. Though the story's kind of amusing, it really has me concerned because one of the keys to accountability and identity on the web is domain names. For all the faults of registrars like Network Solutions, the worst thing that happens with identity confusion on a .com domain name is that someone pretends to be from a company that they don't work for.

Being careless about the registration of .mil and .gov domain names means that people can credibly appear to be members of the U.S. government or military, and I can't understand how nobody in the U.S. government or the various branches of the military is tech-savvy enough to understand how critical it is that the credibility of a .gov or .mil not be compromised.

What if this glorified script kiddie starts sending out requests for information under the auspices of the Patriot Act and people see his @aonn.gov email address and assume that the law requires that he comply? Frankly, it's this sort of incompetence that scares me much more than the bigotry of some congressmen. At least theirs is an evil we know about.

Tags: