Slashdot Mirror

This is very useful. Damn Useful.

here is part of the info from the RFN story:

Here is Bruce Schneier's five step process, in brief.

This five-step process works for any security measure, past, present, or future:

1. What problem does it solve?
2. How well does it solve the problem?
3. What new problems does it add?
4. What are the economic and social costs?
5. Given the above, is it worth the costs?

Take step one above, for example. Here is part of Schneier's comment on it:

Step one: What problem does the security measure solve? You'd think this would be an easy one, but so many security initiatives are presented without any clear statement of the problem. National ID cards are a purported solution without any clear problem. Increased net surveillance has been presented as a vital security requirement, but without any explanation as to why.

This is very useful. Damn Useful.

here is part of the info from the RFN story:

Here is Bruce Schneier's five step process, in brief.

This five-step process works for any security measure, past, present, or future:

1. What problem does it solve?
2. How well does it solve the problem?
3. What new problems does it add?
4. What are the economic and social costs?
5. Given the above, is it worth the costs?

Take step one above, for example. Here is part of Schneier's comment on it:

Step one: What problem does the security measure solve? You'd think this would be an easy one, but so many security initiatives are presented without any clear statement of the problem. National ID cards are a purported solution without any clear problem. Increased net surveillance has been presented as a vital security requirement, but without any explanation as to why.

This is very useful. Damn Useful.

here is part of the info from the RFN story:

Here is Bruce Schneier's five step process, in brief.

This five-step process works for any security measure, past, present, or future:

1. What problem does it solve?
2. How well does it solve the problem?
3. What new problems does it add?
4. What are the economic and social costs?
5. Given the above, is it worth the costs?

Take step one above, for example. Here is part of Schneier's comment on it:

Step one: What problem does the security measure solve? You'd think this would be an easy one, but so many security initiatives are presented without any clear statement of the problem. National ID cards are a purported solution without any clear problem. Increased net surveillance has been presented as a vital security requirement, but without any explanation as to why.

Uh huh, no known security holes. Anyone can claim "no known" security holes, especially with their head buried in sand. Let us travel back down memory lane and see how W2K stood going gold...

Microsoft has a history of making grandiose claims with regard to the supposed security and functionality of their products; Bruce Schneier has covered such in the Crypto-Gram newsletter on several occasions.

is that it gives the MEDIUM far too much responsibility.
If one password is transmitted insecurely, they're all compromised. Even worse, if Skriptkiddie01 has access to, say, one email account belonging to you (perhaps through no fault of your own... say a hotmail bug... and there has been no shortage of those) then most of the time he can get one of your passwords (through those damn "I forgot my password - email it to me") and then extrapolate.
The only way to make this method any good is to "nickname"... instead of actual host names, nickname them something that looks random - say x512, y513 or whatever; then use that to attach. Of course this doesn't really pertain to the original question, which i think was authentication, but anyway. Go for Counterpane's Password Safe: endorsed by Bruce Schneier and soon-to-be opensourced! It uses Blowfish for encryption, and Yarrow for PNG. :)

is that it gives the MEDIUM far too much responsibility.
If one password is transmitted insecurely, they're all compromised. Even worse, if Skriptkiddie01 has access to, say, one email account belonging to you (perhaps through no fault of your own... say a hotmail bug... and there has been no shortage of those) then most of the time he can get one of your passwords (through those damn "I forgot my password - email it to me") and then extrapolate.
The only way to make this method any good is to "nickname"... instead of actual host names, nickname them something that looks random - say x512, y513 or whatever; then use that to attach. Of course this doesn't really pertain to the original question, which i think was authentication, but anyway. Go for Counterpane's Password Safe: endorsed by Bruce Schneier and soon-to-be opensourced! It uses Blowfish for encryption, and Yarrow for PNG. :)

is that it gives the MEDIUM far too much responsibility.
If one password is transmitted insecurely, they're all compromised. Even worse, if Skriptkiddie01 has access to, say, one email account belonging to you (perhaps through no fault of your own... say a hotmail bug... and there has been no shortage of those) then most of the time he can get one of your passwords (through those damn "I forgot my password - email it to me") and then extrapolate.
The only way to make this method any good is to "nickname"... instead of actual host names, nickname them something that looks random - say x512, y513 or whatever; then use that to attach. Of course this doesn't really pertain to the original question, which i think was authentication, but anyway. Go for Counterpane's Password Safe: endorsed by Bruce Schneier and soon-to-be opensourced! It uses Blowfish for encryption, and Yarrow for PNG. :)

Reading the article I was struck that I'd seen Bruce Schneier denigrating the 'passive defence' fortress security model in the past, and a quick search found the article - What Military History can Teach Network Security.

I'm not going to completely denigrate Roger Sessions here. At some point in a system components have to trust each other. However that point is not actually the firewall, which was Schneiers point - you need application level security. And Roger explicitly mentions firewalls as a fortress implementation technology (yes they may well be the walls but I wouldnt want them implementing the door as well).

A second problem with his model is the fact that he lets anyone at all through the door, after the guard ok's them. This is the kind of thing that led to problems in the early days of the web. Perl's taint model is better, and in Roger's world represents every messenger from the outside being followed round the fortress by a guard, or better still, sending someone out on a horse to parley instead of letting the messenger in in the first place.

To sum up, anyone implementing the security model as described in that article would actually be repeating an old set of mistakes (which curiously went by the same name, and Roger hasn't noticed). It does not describe an 'improved' level of security, rather it describes pretty much what is on the ground in most places. That may well have been his intent, though, time will tell.

-Baz

"Digital files can be copied. Nothing anyone can say or do can change that. If you have a bucket of bits, you can easily create an identical bucket of bits and give it to me. You still have the bits, and now I have the bits too."

If you can get your senator to understand the above (i.e. that the bill is futile, anyway), and to understand that mandating features in software stifles innovation and violates the rights of the programmer, you have a chance of getting them to vote in a sane manner.

How hard is it to look up Bruce Schneier (the old "e" before and after "i" rule) and point people to his newsletter

To anyone who thinks that this is somehow a good system I have two links for you:

http://www.counterpane.com/crypto-gram-9902.html#s nakeoil
http://www.interhack.net/people/cmcurtin/snake-oil -faq.html

Read them and weep at the BS.

...Fodder for the next issue of Bruce Schneier's Crypto-Gram...

With this program, it is easy to keep track of a separate password for each web site, and there is a unlimited?) notes field for keeping track of extra account details or any extra challenge+response (You don't give every site your real mother's real maiden name, do you? Insanity!)

PSafe will generate random 'strong' passwords. For the really important systems, I use the 'strong' 8-character random password generated, but when I go to log in, paste the 8-characters from PSafe, and append a four-to-six letter string I keep in my head.

Voila --- Poor man's two-factor authentication!

A friend of mine has recently begun doing computer forensics investigations (for companies who suspect employees of theft or using company computers for inappropriate activities). The class he took to learn to use his new forensics software was quite enlightening. Most of the other students were law enforcment types. There were people from the FBI, a guy from the CIA, plenty of cops from sheriff's departments and municipal police departments, and even a few cops from overseas.

The cops know all about steganography, PGP and lots of other ways to keep them from finding data. They've encountered PCs that were equipped with disconnected hard drives that contained all the bad stuff. When they've found someone with a PC so heavily encrypted they couldn't break the encryption, they used other methods to obtain the passwords necessary (keylogging, social engineering, etc.).

As Bruce Schneier pointed out in Secrets and Lies, encryption can be great--people are fallible. The best way to avoid having the police find incriminating evidence on your PC is to simply not create the incriminating evidence in the first place. Barring that, staying under their radar is your next best hope. If you draw the attention of law enforcement and you're doing bad things with your computer, the odds are quite high that they'll get you if it's important enough to them.

Right now, they're overwhelmed with kiddie-porn investigations. If you're a connoisseur of child pornography and law enforcement gets a tip or a lead that points them to you, they'll get you.

I'm a huge advocate for first amendment and privacy rights, but I don't think I have a problem with cops nailing kiddie porn collectors.

Microsoft's sense of security is not only different from mine, it is different from reality. Like a PhD thesis, these types of things are only proven in practice, and practice shows, time and time again, that their approach to software construction is insecure.

And still some admire them for releasing timely patches. Well if were Microsoft I'd thank the white hats for warning them of a security flaw weeks before the public.

I agree with you. Their view of security is a marketed approach to security. Just read what Bruce Schneier has to say about Microsoft's "sense".

Still on the practical side of things, not going into OS wars, just subscribe to bugtraq and do a little statistics on daily microsoft bugs and holes discovered. I find it amazing that anyone out there on mission critical environments, specifically official government and defense agencies, are still using this stuff.

I apologize if I am offending some Microsoft fans out there but to me Microsoft security, reliability and credibility have ceased to exist long ago.

Try working out just how much storage this would take, and you'll see why this isn't remotely feasible. There are more possible 128-bit keys than atoms in the planet. Much more, IIRC.

I don't think you could use biometric signatures as key pairs, which require special mathemagical properties. In any case, biometrics aren't a cure-all. See this by Bruce Schneier for details.

I'd like to recommend some complementary books; each of these approach security from a different angle

• Secrets & Lies by Bruce Schneier. Deals with the "soft" issues. What are the threads to networked systems? Who are the attackers? One of the messages: Risks can't be avoided -- manage them.
• Building Secure Software by John Viega and Gary McGraw This one's closer to technological issues related to security. Risks of various base technologies (languages, middleware). Introductory details on buffer overflow attacks, random numbers, cryptography. Some organizational/dev process stuff.
• Secure Programming for Linux and Unix HOWTO
• by David A. Wheeler. Technical security down to the C-level. Programming techniques.

Michael

I put down my copy of Applied Cryptography long enough to check slashdot, and I read this:

Why doesn't Blizzard provide facilities that enable these emulators to authenticate CD keys through Battle.net?

In order for us to keep our proprietary CD-key algorithms secure, we cannot allow outside servers to query for the validity of CD keys.

In the name of Bruce Schneier, I smite thee with the Great Sword, ClueBringer !

To add a bit more fuel to the fire, anybody who actually bothered to read the essay in Crypto-Gram would have noticed that not only did Bruce link to the original on Security Focus, he also linked to a couple of comments in the Slashdot thread. Should I even bother mentioning that the Trustworthy Computing essay was originally published on News.com on January 18?

It's funny that this story immediately follows the one where Bruce Schneier says it best:

"Publication does not ensure security, but it's an unavoidable step in the process."

I'm not so sure. Read these comments from the Cryptogram by Nathan Myers. He argues convincingly that their new security program could be a sham, that we should be able to detect it as such fairly soon, and that if it is a sham, end users will be less able to maintain their systems' security.

Involvement is good, but it needs to be real.

If your product requires some crucial part of it to remain secure, then that will be its biggest weakness. As soon as that one thing comes out into the open, a huge swathe of the security it offered is gone. Think CSS here.

However, if your product is secure despite everyone knowning about it (because you published it), then it will be more secure than one relying on people not knowing how it works. Think DES and friends here.

There is quite a short article on Security by Obscurity with microsoft as the case study here. Alternatly, pick up your nearest book by Bruce Schneier

This, of course highlights the stupidity of current FAA regs on what can be carried aboard aircraft these days. Leaving aside the possiblity that I'll have an easier time hijacking a plane by beating people with my shoes than threatening them with a nail clipper...

Lighters (and likely these methanol cartridges) are banned on board. Yet I can carry my Lithium-Ion powered Magnesium laptop on board. Have you ever seen a Magnesium fire? Right, but it's hard to light. Now, have you ever seen a Lithium fire? Do you know what happens when you short a Li-Ion battery? (Heck some Apple, and I think IBM Li-Ions didn't even need to be shorted)

So we're all allowed to something that approximates a thermite grenade, but they're worried about nail files. [sigh]

Bruce Schneier was right. It's not about security, it's about the appearance of security to convince the sheeple to fly.

They are attacking MS because they collect personal information that could be exposed through security flaws?

How many dozens of e-commerce sites could be shut down on that account? Think about it.

Or are the Attorney Generals being asked to hold Microsoft accountable for their weak security? Bruce Schneier's been trying to go there for years.

Unfortunately, he could tell EPIC exactly how far this is going to go.

Everyone who's praising the German government on being all tech-savvy and forward-thinking and blah-blah-blah should first read Bruce Schneier's thoughts on the subject: Why Digital Signatures Are Not Signatures.

In a nutshell, he says this: Cryptography can do quite a bit to guarantee that a given signature came from a given computer. It can do absolutely nothing to guarantee that that signature represents the person it purports to represent. To quote Schneier: "The mathematics of cryptography, no matter how strong, cannot bridge the gap between me and my computer."

It's all good and well for governments to embrace new technology, but only if they don't cause major fuckups in the process.

Read more in the Feb.15.99 CryptoGram or the whole story at CovertActionQuarterly

You can implement Bruce Schneier's Solitaire using nothing but a deck of cards. High-grade encryption, no electronics required.

And if it comes to that, I can implement a totally unbreakable one-time pad using nothing but a coin, pencil and paper, and the ability to count.

Ok, here's an ontopic (ie, to the /. article) post that just happens to be attached to the infamous OT post. If this comment get's mod'd offtopic by editors and not users then we can postulate that assuming a responce to something deemed OT does not imply it (the responce) is also OT and there is a flaw in the script that is hitting all comments here.

Anyway, I found this article late, and that's why I'm posting here. I was thinking about the implications of the recent US ruling about liability of software makers for security vulerabilities. I am to a degree in favor of this type of thing as I think we need a little better accountability, however I fear what it may mean, and this Oracle issue is sort of in the spot light now with it. One can use pre/post conditions to their functions and one can then create a formal proof by dragging their post conditions across the code and see how this relates to the pre conditions. Similarly, methods exist to prove that a loop will end given certain conditions (ie the pre conditions). But, there is a fundamental concept of computer science, the halting problem, that says you can not use a computer to see if a program will run forever. Similarly I fear issues exist in proving that one piece of source both runs properly and is secure. Plus, a major issue of computer security is how computer software is used. This anticipation is discussed in this paper which I read recently and seems to have more interest given the recent changes in attitude towards security.

This guy is right on the money. Making security a priority can only be accomplished through making good design and good code a priority. And those won't be a priority unless there's some sort of pressure for it. Lowering insurance costs is one pressure. Positive PR is another. But more powerful than both of those is the pressure to keep customers from switching to a viable competitor.

And this, I think is exactly the thing we need: a viable competitor to Microsoft. Microsoft, of course, doesn't want this. Interestingly enough, this will also help deal with Rep. Rick Boucher's recent thoughts on the prevention of cyberterrorism. With all due respect to the many good ideas that Rep. Boucher has made, when he suggested enforcing product liability requirements on software producers, he assumed that was the only way to get better software. But it's not. Competition will be much more effective. "When Microsoft starts creating good software, we've won." - Linus Torvalds. Unfortunately, not only is Boucher's suggestion not as effective as competition, it's got a really nasty side effect: it would effectively kill the only potential competitor to Microsoft on the horizon: open source & free software.

Competition will breed better software. If a competitive market place still produces unsafe products (as was the case with the automobile manufacturers of the '60s) then perhaps new laws make sense.

The point is that the solution to both problems ("cyber-terrorism" and software security) is competition. If the government is going to do anything, let's encourage them to do something that opens up competition to the MS juggernaut. There currently is none, so make laws that produce competition. If, and only if, that doesn't work, then think about other ways to enforce accountability - like product liability for software producers. But don't put the cart before the horse.

$.02

If real, it's good news, since MS products are a security nightmare.

If fake, it's brilliant, since Gates will be faced with either admitting the breach and the unimportance of security or keeping quiet and being held to his new "highest priority".

In any case it looks like this will get very interesting!

For an interesting view on liability, see this month's issue of Bruce Schneier's newsletter CryptoGram here. Apart from his own thoughts on Microsoft, the first letter from a reader is the one on liability. Must read!

Actually, your feeling of safety is damn important, in many cases more important than the actual level of security. For a (long) explanation, see for example Bruce Schneier's Crypto-Gram Newsletter September 30, 2001, and the links therein, especially the ones about airline security.

Here is a discussion of smart card security by cryptographer & computer security expert Bruce Schneier. It's pretty hard reading, but the main point is that, by depending on an external keypad and display, the smart cards allow a lot of new security breaks. For example, a hacked ATM terminal may steal your PIN and also divert the money -- the screen says your deposit is going to your account, but actually it's going to the somewhere in Belize, from which it will be untraceably transferred before you find out you've been robbed.

Bruce didn't consider putting a fingerprint sensor in the card itself. That will rule out some breaks -- neither stealing the PIN by "wiretapping" (and European PIN keypads have some protection against that), nor stealing the card and beating the PIN out of you will get someone into your accounts. But other vulnerabilities still remain. If you build the keys and display into the card itself, you may be quite a lot more secure -- especially if the card does good enough encryption internally and talks directly to the server, which is the only thing outside of the card which knows the key.

But then you've got the case of the Saudi terrorist (say) with a German ID (say), at a traffic stop in Maryland. Will the police car be carrying equipment that can query a database in Germany? Will results come back in a reasonable time? And even if they do, why would a German database show that the FBI wants this guy?

There is also the big issue of how identity is confirmed when someone is first entered into the system. Anyone with my birth certificate and social security number could get an ID in my name, and the SSN is in all sorts of records while you don't have to prove identity to get the birth certificate. If I'm alive and in the system, it should notice the duplication, but there are plenty of dead people to choose from. Internationally, there are many nations where records got blown up or never were complete, so you've pretty much got to take people's word about their identity.

Here is a discussion of smart card security by cryptographer & computer security expert Bruce Schneier. It's pretty hard reading, but the main point is that, by depending on an external keypad and display, the smart cards allow a lot of new security breaks. For example, a hacked ATM terminal may steal your PIN and also divert the money -- the screen says your deposit is going to your account, but actually it's going to the somewhere in Belize, from which it will be untraceably transferred before you find out you've been robbed.

Bruce didn't consider putting a fingerprint sensor in the card itself. That will rule out some breaks -- neither stealing the PIN by "wiretapping" (and European PIN keypads have some protection against that), nor stealing the card and beating the PIN out of you will get someone into your accounts. But other vulnerabilities still remain. If you build the keys and display into the card itself, you may be quite a lot more secure -- especially if the card does good enough encryption internally and talks directly to the server, which is the only thing outside of the card which knows the key.

But then you've got the case of the Saudi terrorist (say) with a German ID (say), at a traffic stop in Maryland. Will the police car be carrying equipment that can query a database in Germany? Will results come back in a reasonable time? And even if they do, why would a German database show that the FBI wants this guy?

There is also the big issue of how identity is confirmed when someone is first entered into the system. Anyone with my birth certificate and social security number could get an ID in my name, and the SSN is in all sorts of records while you don't have to prove identity to get the birth certificate. If I'm alive and in the system, it should notice the duplication, but there are plenty of dead people to choose from. Internationally, there are many nations where records got blown up or never were complete, so you've pretty much got to take people's word about their identity.

Here are the thoughts of security guru Bruce Schneier (of "Applied Cryptography" and "Secrets and Lies" fame) about national ID cards.

Definitely worth a read.

His conclusion:

"I am not saying that national IDs are completely ineffective, or that they are useless. That's not the question. But given the effectiveness and the costs, are IDs worth it? Hell, no."

Raymond

Here are the thoughts of security guru Bruce Schneier (of "Applied Cryptography" and "Secrets and Lies" fame) about national ID cards.

Definitely worth a read.

His conclusion:

"I am not saying that national IDs are completely ineffective, or that they are useless. That's not the question. But given the effectiveness and the costs, are IDs worth it? Hell, no."

Raymond

I can vouch for the CISSP certification from (isc)2 as reinforcing this view of security. The CISSP is a significant valuator for businesses, who can be confident that candidates with this certification are literate in both technology and business considerations. This certification is exactly that: a CERTIFICATION. It is not a vendor technology program. It can be likened to a CPA designation for auditors and accountants.

The GIAC certifications from SANS are an excellent instruction in the working mechanisms of security technology. The curricula and basis for certification by SANS are under continous revision and are the most current in the industry.

The fact is that the CISSP is currently highly valued by employers as a valid assesment of domain awareness, best-practice assesment and professionalism. To combine this with specific GIAC tracks is a good way to identify formidable security personnel.

CISSP candidacy requires 3-5 years of work experience in one of the 10 domains identified. Additionally, (isc)2 will require a BS in an associated major, beginning in 2003. Studying for this is no piece of cake!
Some resources:

http://www.cissp.com/default.html
CISSP Library of Free Study References
The CISSP Open Study Guide

On the impact of seemingly acceptable success rates on large-scale systems here

Attack Trees are a documentation system to identify security priorities, by Bruce Schneier of Counterpane Security and general computer security lore.

Theoretical attack on your satellites' controls:

1. Get a Mac Titanium book, and learn how to program the altivec DSP so you can use it to analyse the RF communications.
2. Find the command center by using the institutional addresses and scouting for the fabled high-power antennae, or just look for the characteristic antennae.
3. Use some RF equipment to "snoop" the band near the antennae and compare that to the RF band signal levels on the other side of a nearby hill in order to determine the antennae's transmitter band(s).
4. Snoop the most interesting channels on the suspected antennae's band. Correlate the suspected command packet transmissions with likely distant signals that return just after the minimum delay to geosynchronous orbit (about 600ms).
5. More snooping to find all the possible forward/reverse communication frequencies/channels of the command center. Save some RF snoops on your big 40GB hard drive.
6. Figure out the signalling used on the interesting channels. The forward and reverse channels are likely to have the same signalling.
7. Once you have the signalling down, figure out the transmission (packet) format.
8. Write yourself a packet decoder, and make sure you can tweak it when you find out new stuff.
9. Start analysing the packets' payloads for protocol. Since security is light here, you are roundig third base at this point.
10. Construct yourself a bigger antenna array and some transmitter/reciever equipment.
11. Take your equipment out into the field and test it out :)

BAM! In no time, you will have your own secret satellite command center!

Now, with that in mind, think about how you can make each step of this theoretical attack easier/harder. Go read that Attack Tree paper and make a draft-doc for your boss.

Attack Trees are a documentation system to identify security priorities, by Bruce Schneier of Counterpane Security and general computer security lore.

Theoretical attack on your satellites' controls:

1. Get a Mac Titanium book, and learn how to program the altivec DSP so you can use it to analyse the RF communications.
2. Find the command center by using the institutional addresses and scouting for the fabled high-power antennae, or just look for the characteristic antennae.
3. Use some RF equipment to "snoop" the band near the antennae and compare that to the RF band signal levels on the other side of a nearby hill in order to determine the antennae's transmitter band(s).
4. Snoop the most interesting channels on the suspected antennae's band. Correlate the suspected command packet transmissions with likely distant signals that return just after the minimum delay to geosynchronous orbit (about 600ms).
5. More snooping to find all the possible forward/reverse communication frequencies/channels of the command center. Save some RF snoops on your big 40GB hard drive.
6. Figure out the signalling used on the interesting channels. The forward and reverse channels are likely to have the same signalling.
7. Once you have the signalling down, figure out the transmission (packet) format.
8. Write yourself a packet decoder, and make sure you can tweak it when you find out new stuff.
9. Start analysing the packets' payloads for protocol. Since security is light here, you are roundig third base at this point.
10. Construct yourself a bigger antenna array and some transmitter/reciever equipment.
11. Take your equipment out into the field and test it out :)

BAM! In no time, you will have your own secret satellite command center!

Now, with that in mind, think about how you can make each step of this theoretical attack easier/harder. Go read that Attack Tree paper and make a draft-doc for your boss.

Attack Trees are a documentation system to identify security priorities, by Bruce Schneier of Counterpane Security and general computer security lore.

Theoretical attack on your satellites' controls:

1. Get a Mac Titanium book, and learn how to program the altivec DSP so you can use it to analyse the RF communications.
2. Find the command center by using the institutional addresses and scouting for the fabled high-power antennae, or just look for the characteristic antennae.
3. Use some RF equipment to "snoop" the band near the antennae and compare that to the RF band signal levels on the other side of a nearby hill in order to determine the antennae's transmitter band(s).
4. Snoop the most interesting channels on the suspected antennae's band. Correlate the suspected command packet transmissions with likely distant signals that return just after the minimum delay to geosynchronous orbit (about 600ms).
5. More snooping to find all the possible forward/reverse communication frequencies/channels of the command center. Save some RF snoops on your big 40GB hard drive.
6. Figure out the signalling used on the interesting channels. The forward and reverse channels are likely to have the same signalling.
7. Once you have the signalling down, figure out the transmission (packet) format.
8. Write yourself a packet decoder, and make sure you can tweak it when you find out new stuff.
9. Start analysing the packets' payloads for protocol. Since security is light here, you are roundig third base at this point.
10. Construct yourself a bigger antenna array and some transmitter/reciever equipment.
11. Take your equipment out into the field and test it out :)

BAM! In no time, you will have your own secret satellite command center!

Now, with that in mind, think about how you can make each step of this theoretical attack easier/harder. Go read that Attack Tree paper and make a draft-doc for your boss.

Attack Trees are a documentation system to identify security priorities, by Bruce Schneier of Counterpane Security and general computer security lore.

Theoretical attack on your satellites' controls:

1. Get a Mac Titanium book, and learn how to program the altivec DSP so you can use it to analyse the RF communications.
2. Find the command center by using the institutional addresses and scouting for the fabled high-power antennae, or just look for the characteristic antennae.
3. Use some RF equipment to "snoop" the band near the antennae and compare that to the RF band signal levels on the other side of a nearby hill in order to determine the antennae's transmitter band(s).
4. Snoop the most interesting channels on the suspected antennae's band. Correlate the suspected command packet transmissions with likely distant signals that return just after the minimum delay to geosynchronous orbit (about 600ms).
5. More snooping to find all the possible forward/reverse communication frequencies/channels of the command center. Save some RF snoops on your big 40GB hard drive.
6. Figure out the signalling used on the interesting channels. The forward and reverse channels are likely to have the same signalling.
7. Once you have the signalling down, figure out the transmission (packet) format.
8. Write yourself a packet decoder, and make sure you can tweak it when you find out new stuff.
9. Start analysing the packets' payloads for protocol. Since security is light here, you are roundig third base at this point.
10. Construct yourself a bigger antenna array and some transmitter/reciever equipment.
11. Take your equipment out into the field and test it out :)

BAM! In no time, you will have your own secret satellite command center!

Now, with that in mind, think about how you can make each step of this theoretical attack easier/harder. Go read that Attack Tree paper and make a draft-doc for your boss.

Three words: street performer protocol.

Right now I am on a VPN connecting 3 machines: a NT box, my Linux box, and a Win98 box.

As the anonyous coward said a second ago (and nearly as rudely as I am about to) - which bit of VPN didn't you understand. My guess is the Virtual bit.

What you're talking about, (shall I quote the anonymous coward for a rude word to use here), is a NAT'ed Private Network - see that, PN - no V for Virtual anywhere there.

Thankyou.

this is VPN software, as this also claims to be, though it's not very good.

"Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it. "

thats really messed up that and scary

Bruce Schneier is the author of Secrets and Lies and Applied Cryptography and the inventor of Blowfish and Twofish.

I beg to differ. First of all, finger-pointing at linux/open source incidents is inappropriate: nobody (at least nobody in their right mind) says that open source has no holes, but from my experience, security problems are spotted earlier, discussed openly and fixed immediately. All this in stark contrast to Microsoft's disgusting "security through obscurity" view of disclosure.

Your shifting the blame to "unqualified microsoft admins" (like, every Unix is qualified - right!) is quite telling. May I suggest the problem lies a bit closer to Redmond than you think?

Raymond

Crypto-gram 108 especially has some good stuff.

Links: here for good DMCA analysis.

Bruce has called the entertainment industry the single biggest threat to the computer industry, and I think he's right.

The feds have been accused of this before, though it's unclear to me whether or not the accusations are valid. Still, this would be a great way to deliver the application, and, as another commenter astutely noted, it would get the justice department to look at the convicted monopolists a bit less negatively.

Certainly, it wouldn't the first time that the US government had aligned themselves with nasty people...

The feds have been accused of this before, though it's unclear to me whether or not the accusations are valid. Still, this would be a great way to deliver the application, and, as another commenter astutely noted, it would get the justice department to look at the convicted monopolists a bit less negatively.

Certainly, it wouldn't the first time that the US government had aligned themselves with nasty people...