Domain: defensesystems.com
Stories and comments across the archive that link to defensesystems.com.
Comments · 8
-
Re:At some point...
1st, do they post about their conquests? If so, they are probably Americans, but sometimes they are russians and some linquistic oddities can give them away.
2nd, Russian Troll and intrusion detection and countersecurity operations are ongoing, if not very successfully, given the ease of attack and difficulty of defense. -
Re:Thank God for North Korea
Prompt global strike! Rods from God! Boost phase intercept! Laser weapons!
In a situation where North Korea is brandishing a nuclear tipped ICBM and threatening to launch it at the US a bit like a crazy person with a gun doing a suicide by cop, all of those start to seem like they'd be very nice to have.
-
Re:No idea what SAP is...
An overly complicated Enterprise Resource Planning suite of applications - SAP ERP. Installations tend to involve lots of consultants and large amounts of money spent on extremely overly optimistic returns on investment.
Of course when you involve lots of consultants, there are often significant cost overruns.
Posting anonymously because I have seen several hundred million dollars spent on failed SAP implementations first hand.
-
no crisis that hasn't happened
What exactly is a cybercrisis? A ddos on a major dns server? Or is it a hack of the DOD? Or is it a hack of the DoJ and DHS?
At this point, nothing short of poisoning a water supply would be called a 'crisis.' It would be called, "been there, done that." -
Re: This brings us one step closer to many things
Here's a fun fact: Anyone who knows anything about datacenters knew what they would be collecting when they built the Utah datacenter. its building wasn't a secret. You want to know who else has datacenters that size? Facebook and Google. What the fuck did you think the NSA was going to do with a datacenter in Utah that rivaled a Facebook datacenter? https://defensesystems.com/Art... This shit was common knowledge. Here's an article about it a full 2.5 years before Mr. Idiot leaked information.
like a decade ago, i heard a radio program discussing how cell phone providers were providing metadata to the government, and how for some it was a substantial profit maker. And that was on NPR, ironically for all the rightwingers in the group.
-
Be careful, this may have unintended consequences
With the current situation concerning Privacy Law, being that it is becoming quite complex, what we need is a "Data Extradition Treaty"
If your Courts want some Data which is related to an ongoing investigation, you trundle over the Country that is holding it, and ask for permission to get it.
As long as the local Court has some sort of leverage over a company, they can make that company do their dirty work. The second they lose that leverage, they will have to do it themselves. The thing that the US Gov has to remember is how this could backfire. ITAR guidlines were designed to prevent the spread of military technology, then it was used to give US firms an advantage in foreign sales. Well, that has backfired now, as ITAR un-encumbered weapon systems are growing in popularity. Recently, Canada, a notable ally of the US encouraged the use of non-US systems in order to reduce risk and delays. This DATA situation seems likely to cause similar issues.
In the end, Countries won't really care about complying with US law, especially if the DATA concerned is personal data belonging to that Country's citizens. I see lots of stove-pipe systems cropping up in order to remove the likelihood of having a data-leak to the US justice system.
My 2 cents
-
Re:The actual article
From the article, the read-only registers may be configured to be written:
agreed 100%; as this bit of your quote says.
"At this point we went back to those JTAG registers which were non-updatable as well as FROW to check whether we could change their values. Once the backdoor feature was unlocked, many of these registers became volatile and the FROW was reprogrammable as a normal Flash memory.
However the following bit is saying that the data can also be read. That doesn't have to be. Write only registers are a standard hardware feature. It's also standard procedure that if you have write only registers which become readable when a debug configuration is entered, then you clear the contents before entering debugging mode. That isn't what happens however, as the second part of your quote clearly states
Actel has a strong claim that 'configuration files cannot be read back via JTAG or any other method' in the PA3 and in their other latest generation Flash FPGAs [18]. Hence, they claim, they are extremely secure because the readback access is not implemented. We discovered that in fact Actel did implement such an access, with a special key used for activation."
Whilst incompetence is very normal, this is an extremely high level of incompetence in an area which is explicitly listed for checking in all military security standards (see even ancient things like the Orange book). I would say that, combined with the fact that the paper claims that the feature was quite well protected it pretty much rules out an accidentally left over debugging feature. At best it's a debugging feature they knew they shouldn't be putting in but decided to do anyway for reasons of convenience. Almost certainly someone put it in especially in order to get one over some chip user(s) with very little expectation of it being found.
Given DARPA's interest, some time ago, in chip security it seems to me that they knew about this or similar backdoors and are either worried that they will be copied by competitors or that they are worried by the fact nobody has spotted any of them.
-
USAF Cyber-Command Demoted Relation
http://defensesystems.com/Articles/2008/10/Air-Force-demotes-Cyberspace-Command.aspx The Air Force announced last week that it has backed off even further from its grand plan to establish a cyberspace command as the military entity primarily responsible for securing and conducting offensive operations in cyberspace. The Air Force launched a provisional Cyberspace Command more than a year ago and scheduled a formal command launch for Oct. 1. However, officials delayed that effort after the departures of Air Force Chief of Staff T. Michael "Buzz" Moseley and Air Force Secretary Michael Wynne, who were fired for incidents involving the mishandling of nuclear detonators and weapons.