Can anyone please tell me what's going on with the Army Housing Onestop website? I cannot access it and was able to previously. We'll be pcs'ing this summer and that site is a must!

Thanks in advance!

This message has been edited. Last edited by: prdwyfof13f,

I am also looking for the Onestop website since we are PCS'ing also. After doing some research I found the aritcle below...

A Romanian grey hat hacker has disclosed an SQL inject (SQLi) vulnerability on a website belonging to the United States Army, which leads to full database compromise. The website, called Army Housing OneStop, is used to provide information about military housing facilities to soldiers. he Army Housing OneStop (AHOS) is "the official Army website for soldiers who need information about Military Family Housing (MFH), Unaccompanied Personnel Housing (UPH) and/or Community (Off-Post) Housing. It includes both comprehensive and quick-reference information for Army installations worldwide."

A self-confessed security enthusiast, who goes by the online handle of TinKode, documented a proof-of-concept attack against the onestop.army.mil on his personal blog. The published screenshots reveal that the Web server runs on Microsoft Windows 2003 with Service Pack 2 and the database engine used to power the ASP website is Microsoft SQL Server 2000.

The AHOS website seems to have been developed by DynaTouch Corporation, a third-party government contractor that provides software and hardware solutions to create "self-service kiosk systems." The company's client portfolio includes a long list of local and federal government organizations.

There are a number of 76 databases on the server, but TinKode focused his attention on the one called "AHOS." There are various tables in this database containing general website configuration information, but two in particular stand out as they are called "mgr_login" and "mgr_login_passwords."

Upon investigating the latter, the hacker stumbled upon passwords stored in plain text, a major security oversight. Storing cryptographic hashes instead of the actual password strings has been a common practice in Web application programming for years now. Furthermore, if for convenience the hashes are generated with a weak algorithm, a technique known as "salting" can be employed to make them nearly impossible to crack.

In a time when even the most amateur programmers follow such security practices, the fact that many business or government websites do not boggles one's mind. Additionally, the administrative account is called "Dynatouch" – who would have guessed that? – and its password is "AHOS" – yes, really.

Note: Softpedia has contacted both Dynatouch and the Army.mil Webmasters about this vulnerability. Only the Army.mil Web Team responded and directed us to the U.S. Army Public Affairs Media Relations Division for questions. The website has since been taken offline.

9 January 2010
07:14 GMT

Well that certainly explains why I haven't been able to access the dang site either Proud! lol...hope they get it fixed soon--it's been down for 4+ days now.
I'm not viewing it for any particular reason, I just like to see what's out there and junk....it's my 'hobby'...looking at housing and real estate sites.
Proud, are you looking for on-post housing specifically?

Ahhhh, well at least I know it's not just me or my computer acting stupid. Hope it get's back up soon.

BAW-I just really like to keep looking at it, we'll be pcs'ing in the early fall as of now, BUT, it is being worked on for my DH to renegotiate his contract so it could very well be sooner than we think for a pcs. I, like you, research everything because I like to be on top of things, be ready and want to know everything I can before things happen. Once we do know where we're going I'll be on here asking whatever I can't get answered on my own!

7272886-Thanks for finding that article, I tried to search to see if there was a problem and came up with nothing.

It's a great website and needed for anyone getting ready to pcs so hope it's up and running a.s.a.p.

I hope they get it fixed soon. I was able to accessed it about a month ago and then wasn't able to a few days ago. I knew it wasn't my computer so I started to do some research online.

I've learnt the hard way to do research after living in Korea for three years! And yes I like to look to see what's out there including the "junk"

It's very frustrating not being able to use the website. We will be going to Germany in June and was looking at the floor plans. I have no idea what to take with me. I haven't seen my furniture since April 2006 I have stuff store in Georgia and California.

Any information you have will be very helpful

Thanks....

We would like to live on post if we can