Hacking the NSA website is not hacking the NSA. Hacking a website is relatively easy and not that interesting to people who deal with servers day-to-day.
Right, see. When you say "Relatively easy" do you mean: "it is just subtly easier that compromising the NSA itself" or: "I'm surprised it doesn't happen every day"
Well, more to the point, it doesn't imply anything about the business end of the agency's systems being compromised. If you hacked into the actual CIA or NSA as in having similar access to an authenticated agent, that would be quite bad for them. Taking down their website is something they don't really care about.
The point isn't whether its easier or harder to deface a website. The point is that a public facing website is a more or less static advertisement for an organization (like a poster), thus taking it or even the server that hosts it down doesn't impact the operations of the organization in any meaningful way.
The comic, while one of the more notable ones to me, dismissed the issue that the act is subversive, and that's what is important in the case of hackers taking down a website. Furthermore, it downplays the significance somewhat. Graffiti on the white house or pentagon would likely make it to the news.
> Graffiti on the white house or pentagon would likely make it to the news.
Still not in the same league. Tagging the white house or pentagon would mean breaching a secure perimeter, whereas this was probably just a minor inconvenience to a sysadmin somewhere for a couple of hours. Nobody would have to assure the public that the President's life was never in danger because someone took down the white house's website. Sneak close enough to touch the windows and survive and it's a different story.
Funny thing is, outages for GitHub and its ilk hit HN in minutes. Either way, the transparency in the post-mortem is more valuable and telling than the outage. Organizations need to prove themselves with transparency to build and earn trust.
Well for the NSA it could be related to the most recent news (maybe its a DDOS by the Germans?!), thus its 'breaking news' about a hot story a lot of HN readers are interested in.
For the other sites, its very rare they go down and its the best and brightest working to keep them up so if they went down the reason why is probably something that would interest the whole community.
I get your point but perhaps theres a sys admin monitoring a DNS server somewhere and realizes theres a bunch of unusual traffic then on his break he checks HN and realizes the NSA site is down, he then does a little investigation and wolla he connects the dots and has something he can teach the rest of us. It's collective intelligence if you will :-)
For some reason more people than normal have been hitting my redirect in the last couple days. http://stats.itanimulli.com I dont think 20k could bring down the nsa, but its still strange.
Only as a fallback if nsa.gov doesn't resolve. In this case, nsa.gov and www.nsa.gov resolve to different ip addresses. domain.com and www.domain.com are not the same thing. One is usually configured to redirect to the other, and DNS is often the same, but it doesn't have to be.
No. The browser might fall back to www.nsa.gov if it's cached, but if you were to clear out that site from your cache, it'll keep trying to look up nsa.gov.
nsa.gov and www.nsa.gov are two different hosts as far as DNS is concerned. They can and often do point to different places. This is a good example. www.nsa.gov is an alias to Akamai (a large CDN), and nsa.gov points directly to an NSA owned machine (because for technical reasons you can't have an alias or CNAME at the zone apex), people usually configure these machines to redirect to the www hostname.
Browsers should never "fill in" www, because as I pointed out, www might be a completely different host or service.
41 comments
[ 2.7 ms ] story [ 68.9 ms ] threadedit: Wrong direction.
because I think you meant the former.
Still not in the same league. Tagging the white house or pentagon would mean breaching a secure perimeter, whereas this was probably just a minor inconvenience to a sysadmin somewhere for a couple of hours. Nobody would have to assure the public that the President's life was never in danger because someone took down the white house's website. Sneak close enough to touch the windows and survive and it's a different story.
Yet, one of these things is not like the other.
a) it is the NSA and
b) it is a "marketing" website
I'm not sure what utility www.nsa.gov provides beyond a mission statement. Never was curious before, now I am. :)
--
edit: clarity
or it might be a decoy decoy... =)
I've never actually been to nsa.gov and would have never known it was down. I'm sure most of the readers are in the same boat.
Even if I did access the site on a regular basis, I'd realize it was down and come back later when it might be back up.
Sometimes my favorite coffee shop is closed. I don't walk around the neighborhood carrying a poster stating that fact.
I've just never understood the purpose of these postings. "facebook" is down, "netflix" is down, etc. It doesn't actually accomplish anything.
For the other sites, its very rare they go down and its the best and brightest working to keep them up so if they went down the reason why is probably something that would interest the whole community.
That would be newsworthy however no evidence of this was presented. It was simply "this thing is down now".
If a large site goes down, I would like to know what happened. I'd be interested to learn from the mistakes of others.
This isn't the case with this posting or others like it.
Posts of this ilk rarely have any more information than I could have received from a curl command.
www.NSA.gov IS up, at least for me.
Edit: I just talked with my American friend and it apparently really is down for them. It works for me up in Canada, though, at 23.6.100.226.
Invalid URL The requested URL "/", is invalid.
Reference #9.c0b31bb8.1382761672.701091f
$ telnet 23.6.100.226 80
GET / HTTP/1.1
Host: www.nsa.gov
[press Enter twice]
Or you can add www.nsa.gov with that IP to your hosts file, if you reallllly need access to it.
How is that even possible? Shouldn't browser fill in www anyway?
Browsers should never "fill in" www, because as I pointed out, www might be a completely different host or service.
I always think www.domain.com resolves to one of the ips and domain.com should too. Thanks!