Slashdot Mirror
The World's Most Dangerous Password
NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"
What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it?
Stupid David played with the WOPR again!
Username: cisco
password: cisco
'nuff said.
This is why we trust politicians, ridiculous as they are, with our lives, and make the warriors answer to them. Because incompetent politics generally inhibits war, while incompetent warriors encourage it. And they're all incompetent - nobody knows the right way to do it.
--
make install -not war
And here I thought that password would be something like, "password" or "login"... Instead, they chose the kind of code an idiot would put on his luggage.
Funniest thing I've read all day. Makes lots of seemingly 'implausible' films about unauthorised nuke launches and hacking, a lot less implausible.
'Hmm.. it's asking for a password ? Try zero zero zero'
As long as everyone outside the department thought it had a good password on it, no one would bother trying to steal one.
;)
So, the passwords were surprisingly effective. FUD at its finest
12345 Though now we know the President's suitcase combination. :)
By reading this you acknowledge that you have read it.
In the event of a preemptive attack by the USSR or China on the U.S., the knowledge by everyone of the passwords would have allowed the U.S. to destroy them as well.
Seems like good policy to me.
-- You see, there would be these conclusions that you could jump to
Airman 1: Hey, Jeff, what do you think the secret password is?
Airman 2: Dunno. Try P-A-S-S-W-O-R-D or something.
Airman 1: Nah, it's just numerals. And it's not like the secret code could be 0000000. Nobody would be _that_ stupid.
*ATTENTION - PREPARE FOR GLOBAL THERMONUCLEAR WAR*
Airman 1: What you say!
for great justice
If a hacker tried to brute force that, I think it would have been the fastest hack on record.
Dear aunt, let's set so double the killer delete select all
If it gets cracked. I cant imagine anyone who had ACCCESS to ust this password having used it, the fact that were all still here shows it was perfectly secure, dont forget its not like some script kiddie could hop on the "Net" and use this password. There were some SERIOUS layers of physical security.
The site seems to be slashdotted already but here's the Moscow Times' take on this (the also broke the story almost three days ago, if I am not mistaken).
ROLAND: No, wait, wait. I'll tell. I'll tell.
HELMET: I knew it would work. All right, give to me.
ROLAND: The combination is one.
HELMET: One.
SANDURZ: One.
ROLAND: Two.
HELMET: Two.
SANDURZ: Two.
ROLAND: Three.
HELMET: Three.
SANDURZ: Three
ROLAND: Four.
HELMET: Four.
SANDURZ: Four.
ROLAND: Five.
HELMET: Five.
SANDURZ: Five.
HELMET: So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.
HELMET: We have the combination.
SKROOB: Great. Now we can take every last breath fresh air from planet Druidia. What's the combination?
SANDURZ: One, two, three, four, five.
SKROOB: One, two, three, four, five? That's amazing. I've got the same combination on my luggage.
of some of Microsoft's choices for authentication passwords. For example: 1111111111111111 (dont remember how many, but a good guess) for activating a MS Visual studio package. Nice protection for a $1500 license.
Things have changed on the global level more than just a little bit, and I'd imagine a good deal of the security surrounding the prevention of launches centered around the PHYSICAL security. If the bad guy can't reach the keyboard to enter the codes - well, then, does it matter what the passwords set to?
For better or worse, the system seemed to have worked - there weren't any unauthorized missiles launched that I'm aware of.
Get your fresh cached copy here.
Great, now I need to change the combination on my luggage!!
iRepairIT - iPhone, Mac, & PC Repair
As with any mission critical systems, there is redundancy in every aspect of the ICBM system from the authentication to the verification of the target being neutralized. So what if there was a password set to 0000000? There still has to be a number of other things set by others in numerous locations in order to do this. One reason was so that the president could not launch a missile on a bad hair day or a mad general (or group, in fact) could not launch in order to lead a coup.
in addition, the passwords for the different sub-systems would vary as well as require a number of actual physical keys in order to get the nuclear war machine into motion.
If you really think it only takes one password to launch an american military nuke (even if we were in the 60s), you're totally mislead.
This may just be me here but I personally never would of thoughtof 000000~ was a password. It's like having 123 456 on a briefcase. It's just too stupid to be used right?
Well sometimes being an idiot can be so dumbthat people don't expect you to be that dumb hence it's smart. Difficult to explain but it works in a twisted sorta way.
So in short - some times the simplest password is the hardest to crack.
--- [Insert intresting Sig here]
Just enter the recall code. Mandrake has told us it's a variation of the letters POE, which probably stands for 'Purity Of Essence' or 'Peace On Earth'. Just try all the variations, and the launch will be aborted. Hooray!
Now stop fighting in the War Room!
I hear there's rumors on the Slashdots
I stumbled over THIS manual about passwords one day, and I found it absolutely amusing!
NUKEEMUP!!!! They should've had me pick.
Jesus saves....And takes 1/2 damage.
Drugs, sex, and god are the most dangerous passwords.
Any password can be guessed given enough time. Far better to have had only the SAC commander and XO even know what measures were required to unlock the missiles for launch. Is it a password? Voice recording? Electronic Signal? 2 keys (turn simultaneously or with a time diferrence) and any combination of these and other measures in a set order. I thought military folk were supposed to be paranoid during the Cold War. Obviously not paranoid enough.
Now I realize that the movie wasn't nearly as stupid as reality.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
Why use the French standard for such an important function as defense when we have a perfectly good American-as-apple-pie NTSC?
The real problem is some guy who got past the shrink, his girlfriend/wife runs off with the neighbor and he's suicidal . It only affects a few people when the guy shoots his wife and kids and then kills himself (this never happens of course) , think of the quality of the day if he decides that sending off a missle will get rid of every body who caused him grief. He's already probably not to happy about sitting in the ground in North Dakota.
damn it, clicked submit by mistake.. ignore that comment... completely.
00000000 was the name of Secretary of Defense McNamara's dog.
wouldn't 'rm -Rf *' be just as bad a choice of password? Enter it by force of habbit after having your login script changed - and ouch.
don't worry, entering in "root" and "root" will have the same effect.
Not exactly a great example for getting people to choose difficult passwords
Considering it never went wrong, this shows other issues apply.
On a pedantic point, I assume the article meant 0000000 and not OOOOOOOO as the article implies
The real world isn't like War Games pple. Can't just launch your modem into NORAD and play a game.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
Last time these were mentioned, I bookmarked this link, some interesting speculation:
http://www.research.att.com/~smb/nsam-160/pal.htmI work for an outsourcing group for telco (V something). We are non union, so they abuse us over the hourly union people.
t up
This isn't a joke, after all the hacking, the passwords are still the same! Even after Palifornia passed the law about reporting security break ins, they still are not reported!
Here is a sample list of actual of passwords I've kept track.
lucent:lucent
nortel:nortel
nortel:etas
admin:setup
admin:admin
admin:config
setup:se
root:toor
FOA WCDMA hardware that all you need to do is telnet too (no ssh) and run a simple password guessing program, and gain access.
IT's worse than you think.
I think this shows how parinoid they were. By having everyone in the chain of command know the password(s) for launch they enabled the ability for a launch to happen even if the right people weren't around.
So that if there was a launch against the US and no one was able to react fast enough in the chain of command and order the launch, then Joe Anybody could still affect the launch.
I know it's flawed logic but I'm just trying to present a different side of the issue.
Maybe this is a fake password. Only a few people know the real password, but "everyone" knows this one. Anyone foolish enough to try to use it would immediately find themselves in a world of trouble.
Am I part of the core demographic for Swedish Fish?
Comment removed based on user account deletion
Since it's so easy, noone would bother to mess with it, right?
I'd be more worried about the password for this:
Biological Warfare and Bioterrorism in the Modern Era
Yes, because that redundancy is necessary. By setting such a ridiculous password, you have effectively removed one layer of redundancy.
So what if there was a password set to 0000000?
So what? So you are operating one layer of redundancy lower than you expected to be operating at, that's what.
Cheers,
Ian
A hacker is not a cracker.
...in the first place, we wouldn't have to worry about setting them off all accidental like. * 'we' being the collective passengers on this twirling ball of dirt & water.
So assuming the article's correct: a) there wasn't even one password in the launch process at the time, only physical keys, b) four people in the right place could launch nuclear missiles, and no countermeasures would have been able to stop them, and c) given the lack of stringent security in allowing visitors access to those sites, it's not inconceivable that outsiders could have seized the opportunity to take control of two launch centers.
now i have to change the codes on all my nuclear weapons :<
The fact that everyone in SAC knew them means that if a terrorist had gotten to a low level in position in SAC he would have known the codes. At this point your detterent is useless. If the code was distributed on a proper need to know basis then this wouldn't be possible.
This isn't fud, mcnamara himself was outraged, those locks were there for a damn good reason. That password should NOT be available to everyone in SAC regardless their security clearance. It is should be strictly need to know.
Photos.
Here is a mirror link, for it seems to be getting slashdotted to hell. Mirror Link
"it is the stated position of the United States Air Force that their safeguards would prevent the occurrence of such events as are depicted in this film. Furthermore, it should be noted that none of the characters portrayed in this film are meant to represent any real persons living or dead."
Throws that one out the window then?
Mein Fuehrer! sorry.. Mr President.
This comment does not represent the views or opinions of the user.
Of course it matters!
The PAL system was to prevent a launch by the military without appropriate approval, not to prevent a stolen system from being used by terrorists. There were other systems in place to prevent theft.
The article doesn't say they are zeros, but the letter O repeated eight times.
Distinguishing Zero from O
About 15 years ago, when our new computer labs were first opened, five key combination locks were put on the doors, with the access code set to the default.
15 years later and 5000 miles away on a continent on the other side of the planet, I'm on the walking trails beside our hotel and come across a gate on the boundary fence which has the exact same combination lock. And yes, it had the exact same access code.
If I would have known this earlier I would have been able to complete Metal Gear Solid in under an hour!!!
Creative Demolition
According to the article, someone in the chain of command decided that they didn't want this safeguard, and ordered that the password be set to 00000000 and the dials used to enter the password left in that position; in effect, the equivalent of having a blank password so that you don't have to bother entering it.
The story here, then, is not that a bad password was chosen, but that somebody decided to disobey orders by disabling the password, and that the higherups were completely in the dark about it.
And let's be blunt here. A single Minuteman launched at a major world city could kill millions of people. Doesn't it make you even slightly nervous that the military was prepared to discard one of the layers of security in the interests of making it easier to launch them, and lie to their bosses about it?
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Have you ever leaned on the keyboard or left a book on it?
I would hate for the 0 key to get stuck.
http://www.kubuntu.org/
That seems to be the concensus at this point. People have repeatedly pointed out that the *physical* security was VERY VERY STRICT. Just because the password, a deterrant that top-level people thought was VERY VERY necessary was completely missing ...oh, that's fine. They still have keys and ummm other stuff, right?
RTFA. Blair and Brewer point out that, at the time, the military wanted to improve their public relations and would give TOURS of LCC's! B&B repeatedly point out that virtually anyone who asked could get access! The physical security was crap and the codes weren't in place. IE, any moderately funded and motivated terrorist group could have had a field day if they'd know about this severe weakness.
"Four individuals (two persons in each of two separate LCCs in the same squadron) acting in concert could succeed in mechanically launching one or more missiles." In seconds. Not minutes or hours.
"[...] annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs."
"Located in each LCC are two launch keys, one for each member of the crew, and the codes needed to authenticate presidential launch directives. Only the launch keys, not the codes, are physical prerequisites for generating valid launch commands, the purpose of the codes being exclusively that of authenticating an execution directive."
B&B make it sound as if you happened to be on a tour and decided to overpower the minimal security force (two crew members + a couple of guards at best (isolated locations, remember?) then it's good to go - you already know the launch codes because it's always all zero's. Or, even worse:
"Technically, crew members can launch a nuclear attack with or without approval from higher authority. Unless PAL or its equivalent forecloses this option, as many as 50 missiles could be illicitly fired. Moreover, unless adequate precautions were instituted, an even more drastic option would be available. Crew members could conspire in the formatting and transmittal of strategic strike directives, deceiving the full contingent of Strategic Air Command (SAC) LCCs, as well as higher authorities, into reacting to a spurious launch directive as if it were valid and authentic. Or they could render the U.S. strategic force virtually impotent by formatting and transmitting messages invalidating the active inventory of presidential execution codes. Finally, crew members could aid accomplices in stealing thermonuclear warheads from missiles on active alert."
Keep in mind that Blair was working in an LCC as a crew member in the mid-70's. He was obviously in a unique position (which virtually none of us were or are) to write this paper. His direct observation on how to subvert the access/security controls on the ICBM's trump anyone else's estimate on what might or might not happen. His letters and paper in 1977 are basically what got those locks activated in... 1977.
It is especially hypocritical that the majority of the Slashdot comments were fine with this poor use of a password mechanism. In your own place of business you most likely would NEVER allow this to happen and you just run some servers - as opposed to ICBM's capable turning your city into a big kitty litter box. Don't defend the actions of those in charge in the 60's and 70's. They were flat out wrong and frankly should have been thrown in military prison for such a massive security breach.
Exocet Industries - Taking over the world, one computer at a
They were called permissive, right? Lived up to the name.
Some of them thought this war was a bad idea from the get go. Indeed, it seems many of those who wanted this war the most never served at all. I'd trust a general who's been blooded - had his boys (and girls) die in droves - to think a little harder about sending more to die.
I didn't think the house band in Hell would play this badly.
Just imagine they lost it. Then the only hope would have been the other side also used perfectly good passwords, so they lost theirs too. Of course, then they could ask each others intelligence services.
Bad passwords seem to be the least of their security problems.
-- Slashdot: When Public Access TV Says "No"
Or was that the 80's?
If you're going to crack a password, what do you start with? Birthdays, anniversaries, dates of importance. You'd never think to try all 0's. It's too obvious. Nobody would guess it unless it was a brute force attack. It's actually remarkably clever.
HEY ... if you are going to make the first post, at least include a picture of a weapons of mass destruction ;-)
Hulk SMASH Celiac Disease
It's C-R-O-W-B-A-R :)
I trust the competent warriors not to go to war. Too bad those at the top, like Rumsfeld, Wolfowitz and Rice, ignore them, in favor of the incompetent ones who rush to war.
--
make install -not war
while this story may be true, the reality is that rogue crew could not launch a missile. When a missile is enabled, all other launch control centers (lcc) see this activity and can stop it by disabling the missile. additionally, it takes two crews in two different lccs to launch and even then, another crew can stop the launch.
No technology could replace an individual responsibility.
Locks, passwords and fences are just helpers, providing a percievable obstacles, or barriers to unitiated, making territorial fragmentation of influence spheres. A willing, knowledgable individual could bypass anything. So, it is about morality much more than about technology or psychology.
There you are, staring at me again.
Whew, well it's a good thing that the PAL key had to be inserted at room temperature, at freezing temperature, and then finally at almost boiling to be able to enter the code. There's no way any terrorist would've been able to figure that out once they realized the code was just zeroes.
Blair's assertion is very serious if it's true. But as Sagan used to say, extraordinary claims require extraordinary proof. In my book, this one ranks as an extraordinary claim.
LoL the internal security of the US goverment is laughable. For example after working with a public servent, they had close to no 'real' security on computers other than the network being slower than molases. Anyone can get into the office during rush hour they ignore paid workers. They use windows NT (no shiting) no audity or working passwords or anything.
Terrorist 1: "We have done it! We have infiltrated the missile silos! Death to the [insert appropriate derrogatory term for American]s! Victory is ours!"
Terrorist 2: "Mua-ha-ha-ha-ha! Let us hurry and launch the missiles! Wh... what is this?"
Terrorist 1: "It... it appears to be some sort of security mechanism... What do we do?!?"
Terrorist 2: "We have no choice. We must try every combination and hope to find the correct sequence before we are captured. We will start from '00000000' and count upwards."
Terrorist 1: "Are you insane? Even if we could test one sequence per second, it would take us tens of thousands of hours to find the code! Our fingers would be worn into nubs so short that we wouldn't be able to depress the launch button! We could even die of starvation first!"
Terrorist 2: "You're right. We've failed."
When I was in the Cub Scouts we visited an
underground missle site/silo. I think they had
Atlas missles then.
But don't tell anybody, okay?
cpghost at Cordula's Web.
It's factually inaccurate and overly simplistic.
The weapons inspectors were in Iraq, and were getting cooperation from the government there, until the eve of the war. They had to leave because the Bush administration began it's push to war. Yes, there had been difficulty with compliance in the past, but things were going differently this time.
Apart from a single, probably Iran-Iraq war vintage chemical shell, no WMD have been found in the country. Further, all the scientists that have been interogated, as well as all the documentation found, indicate that they had no WMD, at the very latest, past 1998. 6 years ago.
Finally, most of the intelligence about Iraq's WMDs now appear to have been put forward by the Ahmed Chalabi and the INC. Much of it was uncorroborated, and contradictory evidence was discarded in the lead up to the war by the Office Of Special Plans. This group, in the DOD, stovepiped supporting evidence to ensure that the president would have the justification required to wage war; any evidence that did not support the cause or that directly worked against war in Iraq was discarded.
Sorry, kid. The president of the US started this. He made the order. He chose this. We didn't have to go to war, and there was no pressing national interest for the US in going to war there. There were NO links to Al Qaida or other terrorist groups, and his army was in a vastly degraded state. He posed a danger at most to his own people. And yes, that's an awful thing, but it's not our job to go policing the world.
Finally, regarding the inspectors and their fights with Saddam in the past - it's very likely that he didn't cooperate because he didn't want to appear weak. It's a common reaction, hiding one's weaknesses from others so as to seem strong and keep oneself safe from attack.
Wow, that could have led to the End of the World.
>There were some SERIOUS layers of physical security.
Layers which were run by the military, to keep non-military people out of military property. The PAL code was a different animal altogether.
The PAL code was supposed to be owned by the civilian leadership as a way to keep control over missiles in the hands of the military. Instead of being another layer of security, it was an orthogonal measure to all the others.
Civilian control is a Very Good Idea. If you want to know why, read some quotes from General Curtis LeMay sometime.
Security auditors need to look for conflicts of interest like this one, where the people who control a password are at odds with the people who benefit from it.
For ground-based missiles to be an effective deterrent, the attacker has to know a "decapitation" strike will not prevent payback. If you centralize a secret interlock all your adversary has to do is destroy the source of the code or your communications structure before the code is transmitted.
Remember, there's no way you can launch before the first bombs arive. Assuming the first bomb isn't simply snuck into Washington and detonated immediately before the main attack, SLBMs can arrive in about 90 seconds.
On the other hand, I agree physical security has to be maintained at any cost. Tours are dumb.
I once worked with a guy who wrote the O/S for a MilSpec computer (Rolm 64) that was used in ICBM's.
He commented that the worst place to be in the event of a nuclear exchange was at Lat 0, Long 0 because if something went wrong the memory overlays (kludge for keeping code within a 64k addressable space) the missles would try to find their way here and activities such as this would not be recommended.
B&B make it sound as if you happened to be on a tour and decided to overpower the minimal security force (two crew members + a couple of guards at best (isolated locations, remember?) then it's good to go - you already know the launch codes because it's always all zero's.
You assume the terrorists know that the password is 00000000. If they know that, they would also know if it were 46477571. If they didn't know, they wouldn't try this sort of thing. So in a way, it doesn't really matter what the password is. So it is as bad as you say that it never changed, and that too many people knew it, but I think it would have been as bad if it were any other number.
I believe posters are recognized by their sig. So I made one.
yes yes yes we learned all about this in "MetalGear Solid" You need the PAL codes or the little shape changing alloy cards to launch, I got it alright?
is that everytime there was an error and it looked like a nuclear was about to happen, or it looked like the other side had attacked, or whatever the people at the switch NEVER ACTUALLY LAUNCHED THEIR MISSLES. Despite everything they were trained and ordered to do, they never started a nuclear war.
Oh I don't know. I've heard the theory that some of the disease outbreaks we've been having could have been caused by meteorite born bacteria.
Zero-zero-zero was good enough to blow up the Enterprise, so zero-zero-zero-zero-zero-zero-zero-zero should be fine for causing a nuclear holocaust.
the usa is building their own schwartzgerat!
As opposed to, say, 1970's vintage soviet tanks in poor repair, and an army without equipment like boots and uniforms. The condition of the army and its material was, very likely, well known to the Iranians.
Yes, I'd say WMD, or the threat thereof, would be the only significant weapons you could bring to bear.
The question is, do you stop to consider facts before you make your arguments? A little less blindly jingoistic support for our president, a little more thought is in order.
He has a rather obvious agenda, as you can tell from his introduction.
Its his word against common sense for some of his statements, and i personally dont belive him.
---- Booth was a patriot ----
so you're telling em all I needed to do was put in a couple of zeros instead of spending hours trying to geet a special card to change temprature so i could put it in some new-shaped authetication hole ?
thats bs, man.
At least on the NES. The vault door to Fred's lab is locked by a keypad, and the combination is whatever the high score on Meteor Madness (second floor arcade room) happens to be. All you have to do is get the key to the outer door, get captured by Nurse Edna or Weird Ed, and get tossed in the basement before Fred plays Meteor Madness. Do this and the combination for the door is all zeros! :D
Found this out the hard way when I was a kid- I was stuck and didn't know where to look for the code, so I figured I'd brute force it (yes, I was BORED), and.... surprise, it worked on the first go. Found out it was tied to the arcade machine when I inadvertently closed the door and tried to open it again later.
Man, that game kicked all of the ass.
Has anyone seen crimson tide? It is a worst case senerio where a nuke sub gets a 1 hour launch command. The sub is hit and com goes down in the middle of a message. The Captian wants to launch and CO does not. There is an option for just the Captain and not the CO to launch. The navy acctually changed protocall after the movie came out to prevent this senerio.
Kind of puts all those Windows buffer-overflow holes into a whole different perspective, doesn't it?
The real litigious bastards...
And maybe they put a special lever in the room for convenience.
have you even seen pictures of these rooms? check google for information on the minuteman silos and try reading before posting drivel like this. what you are suggesting is ridiculous.
and you're a pleb, not a prole.
Gee, you KNOW alot.
Having worked in this field I'll tell you:
1. A civilian is never allowed in a live LCC.
2. The crew is sealed in the live LCC's.
3. To get access to a live LCC is much more then cutting the chain link.
4. Even if you got into one, you need to get into two to do anything.
5. Nevermind the hoards of SP's and armed Helicopters descending around you.
6. While crew members can send messages between LCCs (and I believe between bases, I can't recall) these messages are not and can not be EAM's which are only sendable from the NCA via special terminals.
7. Even if you could send the EAM, who would believe an order coming from the wrong originator.
8. The comm systems in question are not as stupid as e-mail, they are part of a dedicated MLS (b3) system.
9. Nuclear command and control has always relied on personal responsibility, do you think nuclear submarine commanders or the alert bomber force can/could not just decide to launch, or are you deluded enough to think they have some crm114 gizmo that overrides them?
In my place of business I'd have no problem with a null password if all access to the server required two trusted administrators with keys that are kept stored in seperate combination locked safes. In fact, a password beyond the assertion of two trusted people would be stupid, and if you don't trust the people allowing them access to the keys would also be stupid.
Your scenario would be something like this:
1. Something needs done to the server, so you call the CIO
2. He gives you and your other Sys Admin a one-time password for the server.
3. You two go open your safes with your combos (each of you only know one of these combos)
4. You remove your keys and open the server locks.
5. You enter the password you got from the CIO
6. You do your business, and relock the server
7. You put your keys away
Damn, I'd hate to work in your shop. Most of us only have trusted sys admins and single passwords.
Dan
Maybe if he'd actually started this war that would make sense
Then who gave the order to invade Iraq? The president of Brazil? Typical american-centric self-rightousness brainwashing flagwaving crap we hear over and over and over. Just like America didn't invade Cuba, wasn't involved in the Vietnam War, wasn't in Korea, didn't partake in the overthrow of governments in Cental Amerca, etc, etc, etc.
I recently was chatting on IRC to some american who thought WWII was not a world war until the US got involved, and that John Glenn was the first Astronaut-not in the US, but in the world. If that is what is being taught in american schools then the original posting doesn't really suprise me.
unbroken string of broken UN resolutions dating back to Saddam's invasion of Kuwait
And this justifies the invading Iraq? Everyone knows the UN is just a puppet group controlled by americans. Hey bub, read the news once in a while. There's atrocities being committed over the world that made Saddam look like he was running a daycare center. Where is the US in these conflicts? No where! Why? Because there is no oil. Iraq is about oil! It was in Desert Storm, it is now. Not about getting rid of "Evil-dooers". Military spending and weapons sales make up a huge part of US GNP-do you really think the US wants a world of peace? Holding hands and getting along means no arms sales-they need a destabalized world to keep up arms sales, and the Iraq occupation certainly has done that.
Silenced by men in black helicopters!
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
Was this just after you had finished watching Dr. Strangelove, or right before? //I call lies.
The tours were not "dumb".
After Hollywood did Failsafe (the original) and other stories about accidental launches it was a very appropriate response. Citizens should be able to view defense facilities in controlled manners.
The apparent issue is the false assertion that the people on the tour are in a live lcc/lcf. In a tour scenario you either did your tour of a facility that was down for periodic maintenance, toured the training lcc/lcf or you simply switched it off the network and if a launch needed to happen it could/would be done by the other lcc/lcf's.
Even today you can tour many secure government facilities, although less then pre 9-11, and with a bit more security required up front.
Dan
00000000? I'll have to change the combination on my luggage!
It's "O" (as in oooooh!) no 0 as in zed. Check the text of the article.
Enterprise go boom! :-)
--- Ban humanity.
I know what I read in the article, which was written in 1977. When did you say you worked in an LCC? I'm guessing it wasn't in the mid 70's and that's when these issues were prevalent. I never said in 2004 LCC's were unsecure places.
...and read the article at least once. It's a long one so I know it's extra hard for the slashdot crowd. :P
I suggest that you re-read my comment
Exocet Industries - Taking over the world, one computer at a
My girlfriend is Jewish, you insensitive clod!
+++ATH0
It's good enough for my luggage.
I have it on good authority that Strategic Air Command received an email from one Richard M Stallman telling them that the most ethical and easiest way to deal with their passwords was to hit enter at the 'change password' prompt...
You read the article in the Atlantic, didn't you?
Including the Kremlin.
Computers are useless. They can only give you answers.
-- Pablo Picasso
Reminds me of Starcraft, successful CD-Key 0000-00000-0003.
Comment removed based on user account deletion
Then I bet most of you don't keep strategic nuclear weapons in the server room.
And let's be blunt here. A single Minuteman launched at a major world city could kill millions of people.
A single missile strike would lead to far more than the devistation of one major city. The other country would assume a first strike and procede to nuke the daylights out of the first country. Seeing the incoming swarm of missiles, the first country would send more to the other country. Within 45 minutes, dozens or even hundreds of major cities would be turned to dust.
so...you're claiming that this absurdly stupid password is irrelevant because there are additional layers of security. ok...and you have confidence that those were implemented well - by the very same people who choose 00000000 as their password? nah, this fails a simple sanity-check - odds are that all of those layers were implemented about as poorly as this one. In the end, we had a bunch of bozos in charge of nuclear weapons. Not much different than Dr Strangelove after all.
I worked with the Minuteman Missile System for eight years. I was a member of a three man Combat Targeting Team. Our task was aiming the missile and selecting the targets by programming the onboard computer.
A lot of really strange things can happen in the military involving authentication, encrypting and decrypting information and in the whole target selection process itself.
Perhaps one of the weirdest occurences that I was personally aware of was when a missile dropped off of "Strategic Alert" (Green Status). There was a two man team of airmen checking out a communications problem in an adjoining building.
Another team arrived on site and entered into the launch facility and saw that the Nuclear Warhead was missing. Needless to say this scurried people from all over with all kinds of alerts being issued... Losing a nuclear weapon was pretty much frowned upon, needless to say.
It turned out that the warhead had fallen off of the missile to the bottom of the launch tube 100 feet below.
The problem was traced to a fuse being changed on the communication box in the soft support building with a screwdriver rather than a fuse puller.
There was a undetected defect in the onboard computer which combined with the shorting of the communications fuse caused the computer to send the "Fire Retro rockets" signal to the RV (nuclear reentry vehicle)
Another time I was programming the computer with its needed information when some "never seen before" status lights lit. D-1 and D-3 which if I remember correctly was "Launch Commanded" and "Launch in Progress".
Normally an individual has to look up these codes in a reference manual. Being the nerd I was back then, I had memorized all of the codes. So I had only a few seconds to react and I proceeded to pop some circuit breakers that would shutdown parts of the operation in case the status was real.
Our job was not to troubleshoot any further at that point so I never found out whether the computer was intending on really launching or if there were two defective lamp drivers.
Of course there is a policy that two trained people always had to be present (two man concept) to ensure that nothing illegal was attempted.
The members of the targeting team were always armed while couriering and programming the launch codes and other vital information into the missile.
And in the end, the love you take is equal to the love you make
Keep in mind that this is an unverified allegation from a Russian news organization. Skepticism is advised.
If what you're saying is true, this whole thing is a non-issue. What people don't seem to realize is too much security can keep you from being able to do your job...
Ok, look, there were inspections taking place in 2003.
It's all well and good that you can quote the UN resolutions, but you seem to miss the acutal fact of the matter - that the inspectors were in Iraq until the beginning of the war, and had been since late 2002.
Yes, the text of the resolution can be read to support military action against Iraq for not reaching a deadline. However, that doesn't mean that we should have gone to war. And the fact that Hussein was cooperating with weapons inspectors is an indication that diplomacy was working, at least to some degree. War is an expensive and dangerous proposition (as we've seen in the last year) and should only be entered into as a last resort.
This was not a war of last resort; it was a war of choice for the Bush administration. I never cease to be amazed at how people can quote stuff and miss the larger point. As a matter of foriegn policy for the US, the war was a terrible idea, both in the lead up to it, which did a large amount of diplomatic damage to the US, and in it's aftermath. It's been a pretty much unmitigated disaster.
Try looking at the larger picture of US national interest.
Someone set up us the bomb!
bash: rtfm: command not found
Somebody set up us the bomb!
Too bad they screwed it up. The Titan missiles (you can visit one in Green Valley AZ) had a combination that was evaluated by the launch valve inside the missile. The airman would enter the code with thumbwheel switches on a rack-mount box in the underground control room. That box had cables running through a tunnel to the silo, where they connected to the missile and ultimately the valve assembly.
If the wrong code was entered three times, the valve assembly would mechanically destroy itself so the missile could never be launched. At least, it would need major repairs.
I wonder if the Titan codes were also all 0s.
Last time I had an item cut there, I snooped over the shoulder of the guy doing the cutting as he keyed the code. I though to myself, "I bet it's either 0000 or 1234." Indeed, it was.
In the interests of safety and security, knowing the mischieviousness of SlashDot readers, I shall not here reveal which of the two likely codes it was. I imagine they would have a hard time defending the personal injury lawsuits if word got out.
I haven't snooped on their burglar alarms.
I was a Fire Control Tech on a Navy Nuke System. Normally the the Weapons Officer in CIC and the Fire Control Officer in the missile room would have to turn the keys if not for battle damage override which was jumpering two terminals to ground on a barrier strip. We didn't need no stinking keys and in an emergency the Fire Control Tech at the launch console could effect a launch unaided.
As to the previous post regarding the guys who broke protocol after a launch confirmation... Everybody involved should have been busted to mess hall if not Court Martialed. Yes, disaster may have been averted but you don't second guess confirmed orders with nuclear weapons. You get confirmed launch codes, you launch. Period. If you have to self destruct birds downrange so be it but you launch.
Yes I know in the beforementioned scenario those guys were acting as a relay but it also meant that in a time of crisis it was quite possible no birds would have come out of the silos as a result of their second guessing a confirmed launch order.
Throughout my training and particularly in the later phases of it, we were presented with various hypothetical scenario's from which our reactions were guaged. Any mis-step in response, no matter how slight, resulted in your washout from the program and there were NO second chances. I can guarantee that if the targeting coordinates were Los Angeles, home to my wife and children, came wrapped in a valid launch order, that LA would glow.
Perhaps the only reason we are here today is because people in the rank and file, accutely aware of the fallibility of man, did second guess on both sides but it was nothing to be depended on. Living on the cusp of aremageddon, the name of the game was Mutually Assured Destruction and the unflinching willingness to implement it. The ultimate game of chicken, I was an implementer of that policy. That was my sworn duty and failure was not an option.
Thirty years later I can reflect and second guess. I have that luxury now. In a way it was madness, we were lucky and I was fortunate not to be pressed into the service of finality. In the time since, our weapons have grown faster, more precise, more powerful and more autonomous by orders of magnitude. I question now, as rightfully questioned by others then, our ability to control these creations. That advances in weapons technology has far outstripped the human capabilities of the societys that wield them. And would societys sufficiently advanced not need them? And can we, as a people, ever catch up without tripping on our own fallibility? And is an advanced society predicated on being a support system for the sake of technology, weapons or otherwise, a preferable direction to go in? And do we have a choice in the matter?
I wonder at times, if we are not racing towards our own destruction.
Having been a crewmember in the 90s, I can say for a certainty that every item he identified in his article has been resolved from an LCC standpoint. Permissive Enabling Systems, among others, are all in place and protecting the ICBMs and whatever they may be carrying today.
Reading how everyone is jumping on the bandwagon for demanding that they change things -- it's ALREADY BEEN DONE!
All ya gotta remember: "uh-oh! uh-oh!.."
The article clearly states that the 00000000 password was actually listed in the launch instruction manual, and that access to the manuals wasn't tightly controlled.
I told the project manager, hey look doesn't this need to be changed? Everyone, including the other big player in the market, can walk in and grab the code. Manuals included.
But they just don't care. "It's a low risk".
8 of 13 people found this answer helpful. Did you?
Steve Bellovin has a fascinating page on the subject here
The quote at the beginning has become one of my favourite metaphors for describing a process that should be close to impossible:
"Bypassing a PAL should be, as one weapons designer graphically put it, about as complex as performing a tonsillectomy while entering the patient from the wrong end."
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
that is the combination code to my suitcase.
Coincidence?
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
but as it was we lost 58000 people
Wow. I'm totally speechless. Is that the number that stayed in the American mind?
Nearly for million people were killed in Vietnam.
Does anyone hear remember in the late 70's(was anyone here born before the 70's?) the uproar after the remains of several marijuana cigarettes were found in one of the ICBM silos??
It was about the same time there was the rash of army personel in Germany that were caught dealing drugs on post(I believe the tip off was the enormous number of enlisted personel driving expensive European cars on a salary of $300/month).
Skip ------ See the latest from http://www.anArchyFortWorth.com
OP is probably thinking of Edgar Allan Poe's The Purloined Letter.
No shit, Dupin.
There were two personnel in each launch control room with keys which had to be turned simultaneously. They both had pistols. The pistols were to shoot the other one if he went insane.
Nope. Actually, Wargames showed that the pistols were for shooting people that wouldn't cooperate and launch their missile. That wasn't actually the case, though.
Here's the relevant text:
Contrary to the myth peddled by the movie "Wargames," we were not issued sidearms for the purpose of shooting a fellow crew member in the event he refused to turn his launch key. Rather, we were armed so that we might defend the LCC and protect the documents and launch keys from unauthorized individuals. There was no provision for warning shots. We would shoot to kill.
May we never see th
Well, there's a lot of hardware that is supposed to maintain that centralized secret interlock and command authority through a nuclear attack. There's "Looking Glass", the airborne command post, NORAD under Cheyenne Mountain, Air Force 1 and probably a couple of others I can't think of off-hand. These were all designed to ride out a nuclear attack and be able to get orders out to all the nuclear forces.
There's a real difference between looking at a measure and, in the light of day, rejecting it and pretending to put something in place that was mandated by the civilian authorities.
If you RTFA, you'll find the code was all O's (as in orange) rather than 0's (as in zero).
Phew.
Not true. I tried 00000000 and it wouldn't launch.
John "Crazy John" Goodbury Ft Levenworth, KS
When I worked for the telecom centre at the university, I chatted with the voice guys frequently. They ran the Lucent 7R/E (formerly 5ESS) that controls the campus phone lines. I was told that the password to it was actually a pretty simple one, and one that never got changed (they didn't tell me what it was but I probably could ahve figured it out). Of course the only place you could use that password was on a console physically connected to the switch, in the basement, behind two access controlled doors and cameras.
The password itself wasn't really relivant, the security was that you simply couldn't get to a place to use it. Also, if you were in there, you could simply physically destroy the switch.
Weak or null passwords aren't a problem if the barriers for their use are security by themselves. We have unpatched Windows computers at work with no passwords, yet they are no risk. They aren't on (or near) and Internet connection. You ahve to physically get at them to do anything to them, at which point password protection is all worthless anyhow.
Just a thought but if I wanted to protect a password protected asset wouldn't it be useful to leak some false password as common knowledge...possibly setting the system up to alert a squad of soldiers with plenty o guns and bullets to come running if it was ever entered.
Just a thought
I have discovered a truly remarkable sig which this post is too small to contain.
that's exactly the same password like my slashdot account has...
We all know it was a variation on POE, OPE...
The article ended up here through dumb luck.
"somebody" is Strategic Air Command, which is high enough. So they eliminated a security margin without telling anyone.
The second part describes how some other guys were/are also removing constraints following their own judgement. This time it's in using the 'small print' on the role of the president
McNamara was sec. of defense during the Cuba crisis. In 2002 he stated that dumb luck played an important role in avoiding nuclear war.
Or maybe it was God's help . Quick! Name a president!
There's ALWAYS one more side to a case.
Now the real wisdom is to see them all, exposing the drama folding out in the world. There are NO bad guys, at worst, there is tremendous ignorance and blindness. Everyone does what they do according to love, however twisted and distorted. Now let's start identifying with the WHOLE of humanity, instead of just our own families, nations and soccerteams, which only creates conflict.
http://www.debunkingskeptics.com/
I have a theory about why Bush can be so sure Saddam should have WMD's. And that's because the US gave Saddam the WMD's. So when the US says "You got WMD's" and Saddam replies "No". Then they know Saddam is lieing. Point is, maybe Saddam have discarded theese weapons? Who knows.
After an accident with some children playing with air-guns. A newspaper said the police don't recommend that children play with air-guns. Fair enough.
I do not recommend anyone to play with weapons, either children or the american president.
"While I do not know who my enemies are, I do know who my friends are."
"While I do not know who my enemies are, I know who my friends are."
In short, perhaps if someone could gain access to a capsule they could have commanded a lauch, but they'd have had to subvert 2 complete LCC crews to command an immediate launch, and that's just not likely, even if the PALs were not active. One LCC could not command an immediate launch, and would have been overriden by the other capsules in the flight had it attempted to. As discussed above, penetrations of the control center or the actual missile facility could not yield results before an overwhelming response ended the threat. The way we were watched (and the capsule crews were more watched than we were) I doubt four people so profoundly without anyone noticing.
As for the "bad guys" gaining access to a warhead from the missile site... not a chance. First, to do that they'd have to penetrate the missile facility (not less than 12 hours work) without setting off any alarms and without any of the heavy equipment being noticed be the frequent roving patrols. Penetrating the LCC would not give anyone "access" to the warheads, as the LCC did not control the locks at the missile site, they just monitored them.
The only significant risk of the warhead falling in the "wrong hands" was during transport, and I can speak from personal experience that those movements were exceptionally well prepared monitored, and armed, with air support close by at all times.
Confined though we are, infinity dwells within.
somehow this has got to be the fault of George W. Bush....like everything else...
I was a Minuteman Missile Combat Crew person at beautiful and sunny Franky's Rocket Ranch, otherwise known as Francis E. Warren AFB, Cheyenne, Wyoming.
I babysat them suckers for four years. The "all-zero" setting was a day-to-day requirement because, as I recall, that panel was used for more than one function -- like most everything in the "Capsule"
And, yes, there are people in the loop. You would be surprised how hard is is to actually launch them properly. Especially if you are not supposed to.
'Nuff said. GO back to sleep. No worries.
said the guy playing russian roulette.
JFK ordered a pullout of Vietnam, was shot within days (in Texas), and Johnson (from Texas) rescinded that order within a day or so of taking office. He presided over 5 years of escalation so disgraceful that he declined to run for reelection. His successor, Nixon, promised to end the war, but escalated it further ...
I started reading the parent post, and said "Aha, this guy knows what he's talking about." Then I noticed the author, and said: "Doc Ruby again -- who always gets it right."
I just want to say, Keep up the good work.
-kgj
-kgj
That whole majority thing didn't work for the last election.
... Supreme.
If the Electoral College fails to stop majority rule, trust the Supreme Court to do the dirty work.
I guess that's what makes it so
-kgj
-kgj
We gave Hussein many many chances to comply with the weapons inspectors and he kicked them out, do you remember this?
Hussein never kicked any inspectors out, they were withdrawn by the UN.
War was and is the last resort (we don't want to kill people)
Hussein tried to surrender on the eve of war, but bush didn't want to listen to him. How does that fit in with war being the last resort?
The troops in Iraq are there because they want to be (we don't draft people)
I am sorry but that is the biggest pile of shit I have ever heard. The people in our military signed up to defend THIS country (USA). If our recruiting posters had told of how they would be sent to foriegn lands where the locals don't want them there, to be shot at so the president can distract us from his failings in the war on terror (Iraq and Bin Laden are 2 completely separate issues), how many do you think would have signed up? I thought about enlisting myself after 9/11, but I realized this would happen, and thought better of it.
the people in Iraq want us there (despite what the liberal media shows you)
Where are you getting these facts? Last I heard, a survey of Iraqis showed that most are glad that Hussein is gone, but want us to get the hell out, and the portion who are saying that the invasion was not worth it, and would rather have Hussein back is growing rapidly.
They don't show you the good things that our troops are doing to rebuild that country.
NPR (that is liberal media, right?) has done several stories on that very thing.
These insurgents *hate* Americans and everything we stand for, and have declared war on US
No, that is Al Qaida, the insurents were not filled with hatred for us, until we showed up in their yards.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Good job! you just told skynet the codes! You know it can time travel, what the hell is wrong with you people?
insinuate that the president of the United States wears a wig! ..W is for wig?
Um, guys....I hate to point this out, but manuals & documentation are usually written with examples in the place of real data. Just because his launch checklist had zeros for the launch code doesn't mean that's what the code really was. I can see the Air Force tech writers now: "Hey, what should I do about this part where I give the launch code?" "Huh? Oh, just put the code there so they'll have it in case of a launch order."
Heck, the all-zero code could have been there specifically so that when they ran drills--which they did, using the lauch checklist--they'd have something harmless to put in the PAL.
Blair probably missed the asterisk and related footnote that said, "Had this been an actual globalthermonuclear war, you would have been supplied with the real launch code. Have a nice day!"
and here I thought the password 1,2,3,4,5 in SpaceBalls was a joke.
and of course Capt Kirk's final destruct sequence was "0, 0, 0, destruct 0".
From the article: And so the secret unlock code during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO.
Did anyone else notices those are the letter O and not the number zero? No I'm not kidding. Try searching the page for 6 zeros. Those are letter "oh"s.
Ron Rosenbaum, in his article "The Subterranean World of the Bomb", tells of a method a single person can use to turn both keys using a spoon.
I've just googled it. Here's a review of his book, The Secret Parts of Fortune, which has the article. I'd originally read it in another collection, Travels With Dr. Death.
/. readers might also be interested in another of his articles, Secrets of the Little Blue Box, about the original phone phreaks, published ~1970. update: i just checked and found it online. read and enjoy.
I highly reccommend his books. I don't know what's in Secret Parts, but Travels also had articles about:
I've gone way off-topic, but just had to plug that book. A fantastic read.
"Our interests are to see if we can't scale it up to something more exciting," he said.
"The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition."
You must be talking about the Soviets. Everybody knows Americans use NTSC!
No, if this were a real global thermonuclear war, the WOPR would have extr... [NO SIGNAL]
If anyone in this thread wants to read up on the Arab-Israeli conflict, check out this timeline. It's pretty even-handed in my opinion, but you can make up your own mind.
Vino, gyno, and techno -Bruce Sterling
one, two, three, four, five.
Lord Helmet: "So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in muy life. That's the kinda thing an idiot would have on his luggage."
President Skroob: "One, two, three, four five? That's amazing. I've got the asme combination on my luggage!"
> What if all the PAL codes had been set to '00000000,'
Lovely. Now all Lex Luthor has to do is get a time machine and go back there, and he can pwn the world!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
No more spoking the opiate pipe for you! Cutting down on the drugs will enhance your ability to have facts and logic actually permeate through your thick ignorant skull. Then again, there's the challenge of having you process said facts and logic properly, which is most obviously beyond your capabilities. The only thing you got piped into your brain is the liberal/leftist bullshit propaganda who have a stake in only reporting the bad things that are happening in Iraq because apparently malicious sensationalism is what sells to the dumbass liberal sheeple of the US. Congratulations! You're an ignorant idiotic kool-aid drinker! Reverand Jim Jones is waiting for you at the bottom of that cup of kool-aid you're about to imbibe.
si vis pacem, para bellum..."if you wish peace, prepare for war"
You are welcome to hog the opium pipe, dreaming your junkie Limbaugh dreams. Obnoxious junkie talk might fire up your fascist robot buddies, but it's about as interesting as your latest dittohead acquisition, Dennis Miller. State of the art 1988, the peak of your throwback culture's ghastly influence. Just nod gently in the glow of your TV...
--
make install -not war
Gee, this all sounds very interesting but is there anyway to confirm the original story?
:-)
FWIW, it's not the first time I've seen people take a posting on an obscure web site and treat it as if it came right from the Big Kahuna, his or her self, on Mt. Sinai.
Oh, that's right it can't be confirmed, national security and all that, so we can continue to blather about anything on topics of this nature, without having to prove a thing.
Any of you people NY Times reporters?
"If Saddam Hussein didn't have WMDs, all he had to do was cooperate with the inspecters, verify he didn't have them, and there would have been no war. He'd still be alive, running the country, and killing whoever he pleased, whenever he pleased."
Rather like the current "President" of Uzbekistan, Islam Karimov. His favourite method of dealing with dissidents is to boil them alive.
But there are no plans to invade and bomb Uzbekistan since, like Saddam in the 1980s, Karimov's presently obeying orders from Washington, doing as he's told, and keeping the pipeline projects on track. This makes him Our Ally In The War On Terror(tm).
I fully expect him to become Our Eternal Enemy(tm) in about 4 or 5 years time though.
Unlike most voters, however, I will blame President Kerry, Presidents Bush I and Bush II, President Clinton, President Reagan, President Carter, etc, for perpetuating a foreign policy which has done so much damage to the long-term interests of the United States and the rest of the world.
...but I'd still like some independent corroboration.
And really, it has a lot going for it. Who would have believed it? I mean, besides Dick Feynman?
[Hint: Feynman was able to get into quite a few safes during his time researching things related to The Bomb, at least in part because some people left the default factory comboinations on their safes.]
(Metal Gear Solid)
I mean, weren't they keeping the hostages alive so they could get the PAL codes? Right? And now it turns out that all Liquid had to do was just start brute-forcing it...
That would make for a funny scene, though. Liquid finally gets a list of the PAL codes...and they're all 00000000. Goes ballistic 'cause he thinks they're trying to mess with him. Etc.
'Course, it's been awhile since I played that game. Was that before Solid got infected with a killer virus that targets only him, or after the AI creates a virtual reality that interferes with everything that's going on...aaack...brain melting again after trying to comprehend it.