Risk
8/6/2009
05:04 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Marine Corps Bans Social Media On Military Network

Wrestling with the changing nature of online communication and the need for operational security, the Marine Corps wants to formalize procedures for access to social sites on its network.

The U.S. Marine Corps on Monday issued a directive banning access to Internet social networking sites on the Marine Corps Enterprise Network because such sites represent a security risk.

Marine administrative message 458/09 says that social networking sites like Facebook, MySpace, and Twitter "are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries."

Social networking sites create vulnerabilities that can be exploited and may expose unnecessary information to adversaries, putting military personnel at increased risk of compromise, the directive says.

The ban does not cover access to social networking sites though non-military networks. And to correct any misapprehension about that point, the Marine Corps Office of Public Affairs subsequently issued a clarification.

Marine administrative message 458/09, titled "Immediate Ban Of Internet Social Networking Sites (SNS) On Marine Corps Enterprise Network (MCEN) NIPRNET," "does not limit Marines' access to social networking sites," the Marine Corps statement insists. "Even before this message, sites such as YouTube, Facebook, MySpace and Twitter could not be accessed by Marines using the Marine Corps Enterprise Network in accordance with Marine Corps and Department of the Navy policies."

The Marine Corps says that many military organizations currently make use of social media through alternative Internet service providers. The point of the directive is to establish a formal waiver process for those who require access to social networking sites through the MCEN.

The Marine Corps statement goes on to encourage military personnel to tell their stories using social media, but to do so using personal accounts and their own ISPs while keeping operational security requirements and standards of behavior in mind at all times.

The Marine Corps has an official presence on a variety of social media sites, including Facebook, Flickr, Twitter, and YouTube.

There's a big buzz surrounding Government 2.0 -- the revolution that's bringing the principles and value of the Web as a platform to the business of governing. Attend Gov 2.0 Expo Showcase and hear innovators show how this is really happening. At the Washington Convention Center, Sept. 8. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.