Hacker News new | past | comments | ask | show | jobs | submit login
Cyber Security Awareness Challenge (disa.mil)
41 points by smnscu 8 months ago | hide | past | web | favorite | 20 comments

It... requires Flash? Is this the challenge?

Isn't flash inherently a security risk hence why none of us have it installed these days?

Today Chrome is at version 68. I understand that government departments love to have explicit version support but why does this site use Flash, require IE 11 (not Edge!), old browser versions and just all this stuff that is _basic_ infosec stuff.

Perhaps this has some good information in it but if they're going to build it in this way then it's probably worth keeping internally and not releasing to the world. I think at this point it's probably harder to build something in Flash and find someone to build it in Flash than in more modern web technology.

Reverse Psychology, these are phishing attacks where they want to hack you and study your behaviour. Is it any wonder the head of the UK's MI5 Andrew Parker did Behavioural Science at Cambridge Uni?

Knowledge is power and you can not undermine the military in anyway, the military is all about control of the warzone and today you are the enemy combatant, so every asset is deployed against you to control you from the day you were born. If you think this stuff is limited to just hacking computers, consider the fact social engineering is a valid hacking attack vector. Are End User Licence Agreements just massive obvious warrant canaries when considering the legal prose?

I passed! (Did not install flash)

Requires javascript. Requires flash.

Is our^H^H^H my military really so backward?

Is it from bureaucracy? Or, are there really people who think this is legit?

How can I get this garbage improved?

Based on the comments, I thought it was an old training...then I saw the banner on top said 2018.

This is our tax dollars at work. I wish we had politicians that would spend our money wisely, rather than just keep increasing military budget and build crap.

I had to take i earlier this year.

Step 1: Install Flash

Step 2: Fail Test

Step 3: Uninstall Flash

Step 4: Pass test?!

Step 1: Don't install Flash

Step 2: Can't take test

Step 3: Fail test

I ended up taking this training at my first summer internship at a private contractor for the Navy a couple years back. Interesting seeing it here on HN, but I never really thought the training was really that standout to begin with.

Definitely felt way more like a way to train non-technical employees to not get phished and to keep security principles in mind in the workplace. The game-ification aspect actually seems beneficial compared to other similar training I've done in the past though!

Ahh yes, this is an annual thing in the military where, at the end of the fiscal year, commanders start putting pressure on subordinates who haven’t completed this course for the year. Everyone is threatened with not being allowed to go home for the weekend until they prove for the 100th time that they know not to accept downloaded songs from co-workers, not to let Tina into the SCIF without her badge, and not to let the shady guy at the cafe use your smartphone.

Also lock down your Facespace account.

I maintain two browsers - a secure one, and an insecure one. The insecure setup runs in a VM, and the profile is on a disk shared from the host - where the host side symlinks the associated directory to /dev/null.

Seeing that anyone still uses Flash just makes me sad.

> Get Adobe Flash Player

This one's tough.

is this for real?

DoD IT professionals are required to pass this annually.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact