Slashdot Mirror
The World's Most Dangerous Password
NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"
Get your fresh cached copy here.
Now I realize that the movie wasn't nearly as stupid as reality.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
Damn, beat me to it. Here it is anyway since you left out Skroob's quote :)
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
Last time these were mentioned, I bookmarked this link, some interesting speculation:
http://www.research.att.com/~smb/nsam-160/pal.htmIt was in the format of XXX-XXXXXXX. 111-1111111 worked, so did 222-2222222, and 333-3333333. The key validation was you take the first 3 digits, add their values.. so 1+1+1=3, then mod 3 = 0.. then take the last 7 digits, add them, 1+1+1+1+1+1+1=7, mod 7 = 0.. its a valid key, so is 222-2222222... 2+2+2=6 mod 3 = 0, 2+2+2+2+2+2+2=14 mod 7 = 0... valid key, but take something like 222-2222223 and its invalid because 2+2+2=6 mod 3=0, 2+2+2+2+2+2+1 = 13 mod 7 = 6.. the mod value always has to be 0
So what microsoft should have done was not allow all the same numbers.. but even so, the algorithm is so simple it was easy to crack... i remember writing a little microsoft key generator when i was like 11 in VB (never released it though, was for personal use =P)
i believe it was 111-1111111. the sum of the digits of the second area had to equal 7.
so 111-1111111 aswell as 111-2020201 would work. the first 3 numbers could be anything.
this was on a lot of pre-98 microsoft cds.
more info on microsoft cd-keys
It was Edgar Allan Poe, The Purloined Letter
And damn good it is too.
The best is the enemy of the good
The physical security refers to someone trying to get in from the outside. The two guys inside the silo launch center would be able to get the launch off in time.
Insofar as a single deranged person trying to launch the missiles, both launch keys have to be turned at the same time. The keylocks are separated by a distance making it impossible for a single human being to turn both simultaneously.
Crews are rotated such that the same two are not on duty on any but one shift (to prevent conspiracy), and the crewmen are subjected to some excruciatingly serious background and psychological tests before, during, and after their tours of duty in the silos.
Great care was taken in designing a fail-safe mechanism, where if the protection mechanism fails, it fails into a safe mode (like a default-deny in IPTables).
It was determined that it was better that a few missiles not leave the silos during a nuclear exchange than a few leave a silo during peace-time.
I have something in common with Stephen Hawking...
That's a valid key
1+2+3 = 6 mod 3 = 0
1+2+3+4+5+6+7 = 28 mod 7 = 0
Both = 0, valid key.. Microsofts most gay key algorithm ever!
A hacker is not a cracker.
So assuming the article's correct: a) there wasn't even one password in the launch process at the time, only physical keys, b) four people in the right place could launch nuclear missiles, and no countermeasures would have been able to stop them, and c) given the lack of stringent security in allowing visitors access to those sites, it's not inconceivable that outsiders could have seized the opportunity to take control of two launch centers.
Security in the form of extensive background checks, rotating crew assignments, and physical separation of the two keys, so that one person cannot reach both at the same time.
Having been in the Air Force for 20 years, I can categorically state all of those. And more. Common PAL code notwithstanding.
Yeah, SERIOUS as in:
In the recent past, such safeguards were poor or nonexistent. Military personnel, e.g. maintenance airmen, and civilian contractors who possessed minimal security credentials were granted LCC access, and annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs. In the interest of public relations, the Air Force permitted ready access to the Minuteman launch network by practically anyone desiring it.
Requests for visitor access were routinely processed and approved. The requesting party had only to provide a name and social security number, and authentication checks were not usually made. As a matter of course, checks of individual backgrounds or motives for requesting LCC access were not made either. Furthermore, within wide bounds, the number of individuals in a party was limited only by the capacity of an LCC - about eight persons.
Um, Saddam *DID* allow inspectors! In 2002 and 2003! Bush invaded anyway! (look it up)
I beg to differ. Having formerly done security system installations, this is a quite common practice, especially if you're dealing with security gueards. A large casino I worked for used '2222' for its security codes. McCarren Airport (Las Vegas) prior to 9/11 had '1234' for its password to get into "secure" areas.
It has to be something the lowest common denominator on the security team can remember.
What?? You thinking putting a bar on someone's shoulder makes them "tough?" And just because you call someone a "grunt" they're more suceptible to "blackmail or greed?" Newsflash -- EVERYBODY is suceptible to blackmail and greed. That's why the people who work with nukes are vetted by the security services -- officers and enlisted alike. You think the techs who worked on those missiles didn't know how to bypass those PALs regardless of what password was used?
My point is simple -- don't question someone's patriotism because I'm enlisted -- just because they don't get paid as much doesn't mean their values aren't just as strong as an officer's. The enlisted men and women in the military are the ones you have to trust -- we're the ones who make it all work.
I do not read or respond to AC's. If you want a discussion, log in. Otherwise, don't waste your time.
Typical US-centric, head-in-the-sand bullshit.
2 23.htm 1 165,00.html
There couldn't possibly be another reason to prevent the UN weapons inspectors from having carte blanche access to secure facilities in Iraq, right? I mean, those guys are all about the inspections and are completely trustworthy right? They would NEVER abuse that level of access to go "beyond scope" of their charter would they?
OF COURSE THEY WOULD:
http://www.globalpolicy.org/security/issues/iraq0
http://www.fair.org/activism/unscom-history.html
http://www.time.com/time/nation/article/0,8599,35
As for punishing "violations of UN resolutions" shouldn't the UN be responsible for that? Just exactly whose resolutions are these anyway? As if the Bush league has any interest in enforcing UN resolutions against other countries that are routinely broken on a daily basis anyhow.
When information is power, privacy is freedom.
yeah, and he did let them search most of the places they wanted to search, and he kicked them out without explanation in january of 2003, and the UN just pussied out of the whole thing.
It's factually inaccurate and overly simplistic.
The weapons inspectors were in Iraq, and were getting cooperation from the government there, until the eve of the war. They had to leave because the Bush administration began it's push to war. Yes, there had been difficulty with compliance in the past, but things were going differently this time.
Apart from a single, probably Iran-Iraq war vintage chemical shell, no WMD have been found in the country. Further, all the scientists that have been interogated, as well as all the documentation found, indicate that they had no WMD, at the very latest, past 1998. 6 years ago.
Finally, most of the intelligence about Iraq's WMDs now appear to have been put forward by the Ahmed Chalabi and the INC. Much of it was uncorroborated, and contradictory evidence was discarded in the lead up to the war by the Office Of Special Plans. This group, in the DOD, stovepiped supporting evidence to ensure that the president would have the justification required to wage war; any evidence that did not support the cause or that directly worked against war in Iraq was discarded.
Sorry, kid. The president of the US started this. He made the order. He chose this. We didn't have to go to war, and there was no pressing national interest for the US in going to war there. There were NO links to Al Qaida or other terrorist groups, and his army was in a vastly degraded state. He posed a danger at most to his own people. And yes, that's an awful thing, but it's not our job to go policing the world.
Finally, regarding the inspectors and their fights with Saddam in the past - it's very likely that he didn't cooperate because he didn't want to appear weak. It's a common reaction, hiding one's weaknesses from others so as to seem strong and keep oneself safe from attack.
Username: (none) Password: admin Domain: LinkSys
The Captain is the CO (Commanding Officer). You're talking about the XO--Executive Officer, the second in command.
Gee, you KNOW alot.
Having worked in this field I'll tell you:
1. A civilian is never allowed in a live LCC.
2. The crew is sealed in the live LCC's.
3. To get access to a live LCC is much more then cutting the chain link.
4. Even if you got into one, you need to get into two to do anything.
5. Nevermind the hoards of SP's and armed Helicopters descending around you.
6. While crew members can send messages between LCCs (and I believe between bases, I can't recall) these messages are not and can not be EAM's which are only sendable from the NCA via special terminals.
7. Even if you could send the EAM, who would believe an order coming from the wrong originator.
8. The comm systems in question are not as stupid as e-mail, they are part of a dedicated MLS (b3) system.
9. Nuclear command and control has always relied on personal responsibility, do you think nuclear submarine commanders or the alert bomber force can/could not just decide to launch, or are you deluded enough to think they have some crm114 gizmo that overrides them?
In my place of business I'd have no problem with a null password if all access to the server required two trusted administrators with keys that are kept stored in seperate combination locked safes. In fact, a password beyond the assertion of two trusted people would be stupid, and if you don't trust the people allowing them access to the keys would also be stupid.
Your scenario would be something like this:
1. Something needs done to the server, so you call the CIO
2. He gives you and your other Sys Admin a one-time password for the server.
3. You two go open your safes with your combos (each of you only know one of these combos)
4. You remove your keys and open the server locks.
5. You enter the password you got from the CIO
6. You do your business, and relock the server
7. You put your keys away
Damn, I'd hate to work in your shop. Most of us only have trusted sys admins and single passwords.
Dan
JFK ordered a pullout of Vietnam, was shot within days (in Texas), and Johnson (from Texas) rescinded that order within a day or so of taking office. He presided over 5 years of escalation so disgraceful that he declined to run for reelection. His successor, Nixon, promised to end the war, but escalated it further, even winning reelection while escalating the war all over Southeast Asia. But these are all examples of competent politicians tricking Americans into backing a war with lies.
"They" in my original post referred to "the incompetent warriors at the top of the Pentagon" in the preceeding sentence. Where was Rumsfeld during the last vicious conjob war? Working his way through the ranks to become the Secretary of Defense presiding over the defeat in Vietnam. Cheney was his partner in crime. The actual prosecutors of that war, whose shoes they eventually filled, promoted these same warmongers through the ranks. So comparisons to Vietnam are apt, even beyond the effectiveness of Asian guerillas against the Pentagon. It's the same people running the show!
Moving on to your tripe contrasting American troops losing 58,000 protecting a hated regime, and losing 900 troops removing a hated regime... We lost a very few removing the Hussein regime, after we decimated them in 1990, then continued bombing their shut down country for the 10 intervening years. We have lost most since then, defending the American occupying regime, increasingly hated, with no end in sight.
So talk out of your ass about JFK, but get your head out of the past and focus on the Texan in charge of the nightmare raging *today*. This nightmare in Iraq can spiral out of control beyond even the stupidest propaganda justifying Vietnam. And if you and your partisan buddies keep lying about both wars, you'll never learn enough to get us out of this one.
--
make install -not war
Nope. That'd be The Purloined Letter by Edgar Allan Poe.
While we're on the subject, and before this gets out of hand, just a reminder to everyone about
The Default Password List
Indispensible tool.
Your Mom
There is someone in the loop. The missle silo's in Colorado are manned by Air Force officers. A college buddy of mine was Air Force ROTC (Reserve Officer Training Corps, pronounced rot-see). In return for the Air Force paying most of his tuition, he serves 4 years active duty and an additional period of time in the reserves. He has been assigned to the "Space and Missiles" program, which means that after a year of training he'll either be sent to "Space" which is mainly research and development, or to "Missiles", which is sitting in the missile silos. Of the people assigned to this program, about 20% go to space, and 80% go to missiles. As my friend describes it, he'd work on a 3 day rotation, where every third day he'd have a 24hr shift in an underground bunker where his primary job would be to wait for the signal to come in and then do the thing with the two keys and entering the final launch code or however it works these days. So there are still people in the loop for the US's long range missiles.
Article 42:
Should the Security Council consider that measures provided for in Article 41 would be inadequate or have proved to be inadequate, [the UN Security Council] may take such action by air, sea, or land forces as may be necessary to maintain or restore international peace and security. Such action may include demonstrations, blockade, and other operations by air, sea, or land forces of Members of the United Nations.
I'm on a road shaped like a figure eight; I'm going nowhere but I'm guaranteed to be late.
Well, according to Dr Hans Blix (the head of the inspection commission) Iraq was cooperating fairly well. The message that cooperation was inadequate was coming from the same source that was claiming incontrovertible evidence of ongoing WMD activity. Most of the world wanted inspections to continue, based on the doubts raised by the US, in spite of the fact that inspections were revealing nothing.
The scenario outlined in Crimson Tide is impossible. (And yes, I know that for a fact because I worked as a Fire Control Tech on those missiles.)
What changed in 1995 was that certain launch related codes that had previously been held on the boat were removed from the boat to further up the chain-of-command. However, the preperations for that change (which required some physical as well as procedural changes) had been in progress since about 1989. (Probably earlier, that's just when I first heard about it. The D5 system, whose design dates to the mid 80's, was prepared for the changes right from the drawing board.) That the final changes went into effect about the same time as the movie came out is nothing but coincidence. Those curious about the issue can google for Crimson Tide in the sci.militairy.naval newsgroup where the movie is extensively discussed.
Nixon ordered troop reductions. And escalated the bombing campaign. And then lost the war. Something Ike, Kennedy, and Johnson hadn't even come close to doing.
Sarin was found last week.
Oh come off it, your Weapons of Mass Destruction was a single shell, improvised into a roadside bomb, containing sarin that was largly inactive, which dated back to the Iran - Iraq war of the 80's.
An old rusty shell is hardly a weapon of "Mass Destruction", no matter how you want to spin it. Call me back when they find a single barrel of recent Sarin. Hell, call me back when they find credible evidence of a nuclear weapons program. I'll settle for an incomplete hex defusion plant, or a even the blueprints for a warhead.
I was a Minuteman Missile Combat Crew person at beautiful and sunny Franky's Rocket Ranch, otherwise known as Francis E. Warren AFB, Cheyenne, Wyoming.
I babysat them suckers for four years. The "all-zero" setting was a day-to-day requirement because, as I recall, that panel was used for more than one function -- like most everything in the "Capsule"
And, yes, there are people in the loop. You would be surprised how hard is is to actually launch them properly. Especially if you are not supposed to.
'Nuff said. GO back to sleep. No worries.