-----Original Message-----
From: Hxxxx, Robyn (Patrick) P (J6C)
Sent: Thursday, June 02, 2005 11:20 AM
To: Burr, Richard (Cxx-x)
Cc: Sxxxxx, Jim (Cxx-x)
Subject: CSO-C Security Concern: YouSendIt.Com
To: Richard Burr
The Dxx CERT Intrusion Detection System (IDS) identified Cxx-x IP address
1xx.xx.xxx.xx as accessing website
www.yousendit.com. The IP address was
traced to your workstation. When I contacted you, you said you had used the
site to transmit music files. You said you would not use it again.
Even though
www.yousendit.com is not currently being blocked, it is
considered an inappropriate website for DLA users to access for the
following reasons:
a. This site is a "file sharing" site designed to help users get
around size limitations for e-mailing large files. If you have a large file
that you need to transmit to another person, you browse
www.yousendit.com
and "upload" your file (up to 1 GB in size) to their server. Then, the file
sharing site sends the other person an e-mail message with a link where they
can download the data file you're trying to send them.
b. This site poses a security risk. The security risk comes from
the possibility that a Dxx employee could "upload" sensitive / classified
data to this remote server at the file sharing company. The data is stored
in unencrypted form on the remote server for 7 days before deletion. And,
presumably, the administrators (and possibly other employees) at the company
have full access to the data stored on their servers.
Please note that all Dxx networks are operating under INFOCON ALPHA, which
means that Internet use should be limited to work related activities. If
you are identified as going to this, or similar sites, your access to the
J6C network may be impacted.
R. Patrick Hxxxd
Information Assurance Officer (J6COO)
Information Operations Columbus (J6C)
Comm: 614-692-cccc, DSN 850-xxxx
E-mail:
Patrick.Hxxxd@dxx.mil
