Hej,
After reading an article in GP today I went to KBM's web site to find further information on their advice to myndigheterna i sverige. I found this there:
"Det finns även ett stort behov av kvalificerade utbildningar inom informationssäkerhetsområdet och det krävs breda satsningar för att höja såväl kunskapen som medvetenheten om dessa frågor hos slutanvändarna, eftersom det oftast är deras datorer som utgör mål eller delmål för många IT-attacker."
Yet astonishingly I see that KBM are running Microsoft's operating system:
# curl -I http://www.krisberedskapsmyndigheten.se Date: Wed, 09 Mar 2005 09:13:08 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322
# curl -I http://mail.krisberedskapsmyndigheten.se HTTP/1.1 302 Object Moved Location: https://mail.krisberedskapsmyndigheten.se/exchange/ Server: Microsoft-IIS/5.0
This is not unusual in Sweden as this link shows - http://www.netcraft.com/surveys/analysis/https/2004/Jan/CMatch/Cosdv_se.html
Sweden is virtually a mono-culture of IIS servers exposing a significant threat to national information and security. Industrial espionage, as witnessed at Ericsson - http://www.computerworld.com/printthis/2005/0,4814,100258,00.html is a serious threat to Swedish companies because they rely on insecure Operating Systems with an flawed security model. In the above Ericsson case Swedish national security information was stolen and provided for sale on the internet.
FSFE would be well served by formally informing KBM about the security benefits of Open Source and Free software, including the Apache web server. The Swedish Emergency Management Agency (SEMA) or KBM in Swedish, ought to have secure servers to handle information and communication in case of national emergency, or a broad attack by foreign governments like Russia or the US.
KBM should follow their own advice.
Jeremiah