Slashdot Mirror
Air Force To Rewrite the Rules of the Internet
meridiangod writes "The Air Force is fed up with a seemingly endless barrage of attacks on its computer networks from stealthy adversaries whose motives and even locations are unclear. So now the service is looking to restore its advantage on the virtual battlefield by doing nothing less than the rewriting the 'laws of cyberspace.'" I'm sure that'll work out really well for them.
September 16, 2011. Today it finally began! After all these years of talking-and nothing but talking-we have finally taken our first action. We are at war with the System, and it is no longer a war of words.
I cannot sleep, so I will try writing down some of the thoughts which are flying through my head.
It is not safe to talk here. The walls are quite thin, and the neighbors might wonder at a late-night conference. Besides, George and Katherine are already asleep. Only Henry and I are still awake, and he's just staring at the ceiling.
I am really uptight. l am so jittery I can barely sit still. And I'm exhausted. I've been up since 5:30 this morning, when George phoned to warn that the arrests had begun, and it's after midnight now. I've been keyed up and on the move all day.
But at the same time I'm exhilarated. We have finally acted! How long we will be able to continue defying the System, no one knows. Maybe it will all end tomorrow, but we must not think about that. Now that we have begun, we must continue with the plan we have been developing so carefully ever since the Gun Raids two years ago.
What a blow that was to us! And how it shamed us! All that brave talk by patriots, "The government will never take my guns away," and then nothing but meek submission when it happened.
On the other hand, maybe we should be heartened by the fact that there were still so many of us who had guns then, nearly 18 months after the Obama Act had outlawed all private ownership of firearms in the United States. It was only because so many of us defied the law and hid our weapons instead of turning them in that the government wasn't able to act more harshly against us after the Gun Raids.
I'll never forget that terrible day: November 9, 2009. They knocked on my door at five in the morning. I was completely unsuspecting as I got up to see who it was.
I opened the door, and four Negroes came pushing into the apartment before I could stop them. One was carrying a baseball bat, and two had long kitchen knives thrust into their belts. The one with the bat shoved me back into a corner and stood guard over me with his bat raised in a threatening position while the other three began ransacking my apartment.
My first thought was that they were robbers. Robberies of this sort had become all too common since the Obama Act, with groups of Blacks forcing their way into White homes to rob and rape, knowing that even if their victims had guns they probably would not dare use them. .357 magnum revolver and 50 rounds of ammunition inside the door frame between the kitchen and the living room. By pulling out two loosened nails and removing one board from the door frame I could get to my revolver in about two minutes flat if I ever needed it. I had timed myself.
Then the one who was guarding me flashed some kind of card and informed me that he and his accomplices were "special deputies" for the Northern Virginia Human Relations Council. They were searching for firearms, he said.
I couldn't believe it. It just couldn't be happening. Then I saw that they were wearing strips of green cloth tied around their left arms. As they dumped the contents of drawers on the floor and pulled luggage from the closet, they were ignoring things that robbers wouldn't have passed up: my brand-new electric razor, a valuable gold pocket watch, a milk bottle full of dimes. They were looking for firearms!
Right after the Obama Act was passed, all of us in the Organization had cached our guns and ammunition where they weren't likely to be found. Those in my unit had carefully greased our weapons, sealed them in an oil drum, and spent all of one tedious weekend burying the drum in an eight-foot-deep pit 200 miles away in the woods of western Pennsylvania.
But I had kept one gun out of the cache. I had hidden my
But a police search would
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
If they were smart, they would disconnect their computers from the public internet. People can't access hardware they can't access.
The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to you.
""[M]ost threats should be made irrelevant by eliminating vulnerabilities beforehand by either moving them 'out of band' (i.e., making them technically or physically inaccessible to the adversary), or 'designing them out' completely," the request for proposals adds."
Luckily for the Air Force, they don't actually have to do any work at all to make this happen, since it's been not only possible, but actually implemented since at least 1998, when RFC 2341 was written all about Virtual Private Networks.
Helpful Hint for the Air Force: Pay your private sector computer engineers more and you'll get the innovation you're looking for.
How about no spoofing as a good start. No changeable MAC addresses and Client side certs.
I hope they don't overlook Rule 34.
Remember that the 304th Military Intelligence Battalion declared Twitter a terrorist weapon. God forbid they discover pen and paper. Or modulated farting, for that matter.
http://rocknerd.co.uk
With apologies to Billy Bob Thornton - "Wish in one hand, shit in the other. See which fills up first."
In Cyberspace, there are no rules.
If you can imagine it, there's some government out to stop it being on the internet.
dontmesswithfootball
for an organization the size of the air force, and with the mandate it has, there is nothing laughable or overly ambitious about say, creating and implementing your own supersecure protocol, and supporting it within its subnet
and, if successful, watch it leave its military surroundings, be adapted by universities, then corporations, then the general public
kind of like the internet itself
somebody is going to do this at some point, considering the various shortcomings of our present dominant protocol suite
that it would be the military to do it first makes sense
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The only useful and meaningful thing they could do, is implement a secure internet protocol (i.e. with the missing session and presentation layers) and provide a good interface to the internet. Then the inherited insecurity of network protocols could be avoided from the beginning.
If it is done right, has advantages and is promoted and laid open to others, it might catch on and replace parts of the internet step by step. ;-)
Will probably not be faster than the IPv6 transition, but hey, they made the internet, why not make another one
Laws can not reach internet phenomena, they are too slow, and when they do, it doesn't matter anymore.
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
http://en.wikipedia.org/wiki/Evil_bit
As usual, Penny Arcade predicted the future. (http://www.penny-arcade.com/comic/2007/07/16/)
Technician: Our webs are down, sir. We can't log in!
Agent: Which webs?
Technician: All of them.
Technician: They've penetrated our code walls. They're stealing the Internet!
Agent: We'll need to hack all IPs simultaneously.
Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
actually there is a very simple measure ISPs can take to prevent many attacks.
and that is to prevent their customers from spoofing the source IP in their IP packets.
If governments (starting with the US) would pressure(force by law) ISPs to do this, it can be done with out much technological difficulties.
This anti-spoofing measure can be implemented on many levels, so that even if a certain ISP does not co-operate other ISPs could prevent its customers from spoofing any IP which does not belong to the problematic ISP. This in itself helps protect against IP spoofing.
Without IP spoofing attackers are more easily identified and blocked.
Wait til the AF finds out every PC on their network are broadcasting their IP addresses...
Blame Al Gore, he created the internet, or so I heard... :D ohh, my stomach, I can't stop laughing!!!
lol, rewrite the "laws of cyberspace". what laws are we talking about? the 'dont hack' law? good luck.
The internet rewrites the airforce!!! Ha!
"If you're not blue, you can't come in."
Using color codes for internet traffic - brilliant!
"Hanson is also interested in finding ways to dodge electronic attacks"
Do a barrel roll!
and the us air force is no match for a mere 100,000,000 chinese children being forced to hack them using computers that probably still have turbo buttons?
http://i.cubeupload.com/T6cyLu.png
From the article "Enabling Air Force servers to evade or dodge electronic attacks, somehow" Like they say ... the most secure computer is the one that is unplugged.
If you actually RTFA, you see that they aren't bonkers. Quite to the contrary. See this quote, for example:
"[M]ost threats should be made irrelevant by eliminating vulnerabilities beforehand by either moving them 'out of band' (i.e., making them technically or physically inaccessible to the adversary), or 'designing them out' completely," the request for proposals adds.
Yeah, absolutely. Remember that this is the military we're talking about. These are the guys who are the "customers" of stuff like the NSA's formally verifiable code project. These are the guys who still use 10 year old computers because those are hardened and tested to military standards. If they upgrade to 5 year old computers, the gain in speed will offset pretty much any performance penalty that security methods that don't fly in the commercial world because of said performance penalties, could cause.
These are also the guys who do a ton of things badly.
So it'll be interesting to watch.
Assorted stuff I do sometimes: Lemuria.org
How can you rewrite something non-existing?
He must have thought up a replacement by now.
it's newclear powered, & way user friendly, as well as tamper proof.
greed, fear & ego (in any order) are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of yOUR dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children, not to mention the abuse of the consciences of those of us who still have one. see you on the other side of it. the lights are coming up all over now. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.
we note that yahoo deletes some of its' (relevant) stories sooner than others. maybe they're short of disk space, or something?
http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.cnn.com/2008/TECH/science/09/23/what.matters.thirst/index.html
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
(deleted)http://news.yahoo.com/s/ap/20080918/ap_on_re_us/tent_cities;_ylt=A0wNcyS6yNJIZBoBSxKs0NUE
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.cnn.com/2008/TECH/science/09/28/what.matters.meltdown/index.html#cnnSTCText
http://www.cnn.com/2008/SHOWBIZ/books/10/07/atwood.debt/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
(deleted, still in google cache)http://biz.yahoo.com/ap/080708/cheney_climate.html
http://news.yahoo.com/s/politico/20080805/pl_politico/12308;_ylt=A0wNcxTPdJhILAYAVQms0NUE
http://www.cnn.com/2008/POLITICS/09/18/voting.problems/index.html
(deleted)http://news.yahoo.com/s/nm/20080903/ts_nm/environment_arctic_dc;_ylt=A0wNcwhhcb5It3EBoy2s0NUE
(talk about cowardlly race fixing/bad theater/fiction?) http://money.cnn.com/2008/09/19/news/economy/sec_short_selling/index.htm?cnn=yes
http://us.lrd.yahoo.com/_ylt=ApTbxRfLnscxaGGuCocWlwq7YWsA/SIG=11qicue6l/**http%3A//biz.yahoo.com/ap/081006/meltdown_kashkari.html
http://www.nytimes.com/2008/10/04/opinion/04sat1.html?_r=1&oref=slogin
(the teaching of hate as a way of 'life' synonymous with failed dictatorships) http://news.yahoo.com/s/ap/20081004/ap_on_re_us/newspapers_islam_dvd;_ylt=A0wNcwWdfudITHkACAus0NUE
(some yoga & yogurt makes killing/getting killed less stressful) http://news.yahoo.com/s/ap/20081007/ap_on_re_us/warrior_mind;_ylt=A0wNcw9iXutIPkMBwzGs0NUE
(the old bait & switch...your share of the resulting 'product' is a fairytail nightmare?)
http://news.yahoo.com/s/ap/20081011/ap_on_bi_ge/where_s_the_money;_ylt=A0wNcwJGwvFIZAQAE6ms0NUE
is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators w
Instead of letting them try to push us around, we the geeks can turn the tables and re-write government based on open source philosophy.
The plan for transition is practical, and folks like those running the Air Force will never see it coming until it is far too late for them to do anything about it.
and that rule is rule 34.
'Every story, if continued long enough, ends in death.' --Ernest Hemingway
Before you even replied, he commented that it was a typo. Now your comment just looks tautless.
Next time, pause for taut before you reply. I hope this taut you a lesson.
Posting AC, obvious, etc...
I'm stationed at the base where the "Cyber Command" was supposed to be stood up, and I'm involved with the administration and support of Secret and above level networks.
I can say with some certainty that a lot of the higher-ups involved with the process of the "Cyber Command" not only don't know what the hell they're doing or even talking about, and most of the big brass involved see their "leadership" of this expansion of the AF's role as a way to make themselves look like pioneers on the same level as Doolittle. It's really a whole bunch of brigadier generals chasing that second star, and a lot of yes-men colonels chasing their first.
That being said, the AF's handling of classified networks is actually pretty excellent. Obviously going into details is strictly verboten, but I can say that the policies and procedures are second to none (after working with several fortune 500 companies and using their best and most secure as a baseline comparison), which is exactly as it should be. We are literally talking about national secrets, here.
* Making hostile traffic inoperable on Air Force networks.
...
* Locating and identifying once-anonymous hackers.
* Enabling Air Force servers to evade or dodge electronic attacks, somehow.
Use PKI over VPN to carry all Air Force traffic and reject everything else. The VPN solution would run on customized hardened nodes spread across the globe. These would provide multiple redundant paths and the ability to reject 'electronic attacks', 'hostile traffic' and 'anonymous hackers'
davecb5620@gmail.com
So, they are finally going to mandate use of the "evil bit" as described in RFC 3514 on April 1, 2003?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
"Hey its just a series of tubes, how hard can it be?!"
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Wait until after business hours before you start that long FTP transfer. Anything over a hundred kilobytes can wait until night.
"Believe me!" -- Donald Trump
So they want to simultaneously change the underlying network fabric in order to make their systems unattackable, and also be able to successfully attack any other system at any time? Does no one there see a disconnect between these goals?
First Rule: Don't talk about Internet
Second Rule: Don't talk about Internet
Third Rule: ???
Fourth Rule: Profit
by doing nothing less than the rewriting the 'laws of cyberspace.'
who will do the rewriting?
Air Force Po'grammers? :)
Eclipse PDE and Me
Most of the article seems to be sensible; improve the security of internal air force networks, etc. Can't argue with that. But here:
"You can control your own networks, rewrite your own laws," says Rick Wesson, CEO of the network security firm Support Intelligence. "You can't rewrite everybody else's."
Of course, the Air Force does have a way to rewrite the rules of the entire Internet, although it won't be free. They can get the US government to mandate a change for public networks in the US. That change might affect other countries, who would need to adopt the new standard in order to stay compatible.
A change that I'm expecting is the forced adoption of security certificates. Someday, all Internet traffic will be encrypted, and routers will not permit traffic unless it has been signed by a certificate that has, in turn, been approved by an authority. It's not hard to imagine that this would be proposed as a solution to stop crackers, pirates, paedophiles, spammers, and (of course) terrorists.
To some extent, it might even work! Spam would be harder, so would piracy. Certainly, the days of mass piracy on TPB would be over: online piracy would move to VPNs, which would have to be small, as large ones would be easily detected by traffic analysis. Spammers and crackers would need to steal valid certificates, which could be difficult, as users would most likely rely on their TPM to sign packets for them. The real disadvantage is that Internet users would not be anonymous, which has many unpleasant implications.
The tao of democracy: the government you can vote for is not the real government.
...I dunno, stop using Windows servers as their main architectural backbone for one. After all what is their $50 million/year technology budget buying, outdated windows licenses?
In a speech last night in Cincinnati, Barack Obama said he'd be going over the budget line-by-line. You don't think he's gonna stumble across their IT budget w/the line item labeled "Bill Gates - $50 million/year" & not go "WTF?!!!"
Live as if you were to die tomorrow. Learn as if you were to live forever. -Mahatma Ghandi
I'm not sure which old story to refer to here.
The guys who cracked PlayStation3 in a couple weeks?
The various top DoD and White House officials who took classified computers home to play with?
The various spooks and spook wannabes who dumped sensitive stuff into voicemail boxes, or Yahoo mail, or whatever it was, off their crackberries?
Security remains only as good as the control over the folks who have access.
"Now, before leaving the controlled area for the day, please look into this bright light..."
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
So what's going to be the new rule 34?
I have no doubt that the Air Force has the resources to, with suitable leadership and direction, implement seriously secure systems. They have serious secrets to protect, and don't need to fall for the "But $HORRIBLY_INSECURE_SOMETHING is a best of breed industry standard(tm)!" stuff.
That said, though, their "Rewrite the laws of Cyberspace" idea gets a giant WTF. With a lot of security improvements, the task is difficult; but the way forward is relatively clear(ie using PKI for everything, auditing the hell out of stuff, etc. are time consuming and nontrivial; but well understood). Ideas like "dodging rather than blocking attacks" just seem meaningless. The whole plan seems to be:
1. Heretofore unimagined security magic.
2. Air Force Computer are secure.(profit)
Maybe they actually have heretofore unimagined security magic; but they don't want to talk about it; but the whole thing seems dubious.
Its not so crazy that they would replace TCP/IP with something else fairly similar for their internal use.
Aren't we sentencing some guy for logging into Windows computers from over in Europe that had no pass and ran the Windows Operating System? Maybe we should stop playing all these games and have Microsoft rebuild their operating system correctly as not to have hundreds of thousands of zombie computers online. How many of those Zombies run Apple or Linux? What's that you say less then 1%, or perhaps the answer is none at all? The government built the internet but can't secure it? We need 500 different anti virus programs because one specific operating system is incompetent at security? Send the users to jail you say because we can't stop kids from ignoring laws? Who woulda thunk it?
"I guess I'm gonna fade into Bolivian."
"Blue" in the military means "friendly". It comes from military maps, where unit symbols depicted as color blue are friendly forces and unit symbols in red are enemy forces. For example, if you look in just about any book about the American Civil War, you will alway see by convention that United States forces are blue and Confederate forces red. I belive this convention has been adopted by NATO.
So when he says "If you're not blue, you can't come in.", I suppose he means that they will have some sort of positive identification to determine who the requester is and if a connection is accepted or refused.
"I'm sure that'll work out really well for them."
Why shouldn't it? They seem to do rather well when they decide to redefine things.
After an unfortunate incident in New Mexico involving something that definitely wasn't a UFO, they produced Air Force Regulation 200-2, the rules for reporting UFOs, including as a matter of course the necessary definitions of all things UFOish. With that regulation firmly in place, they created Project Blue Book to investigate UFOs. Blue Book concluded, as they always have before and after Blue Book, that UFOs don't exist. Having defined UFOs out of existence, they maintain AFR 200-2 to keep UFOs defined away.
Should any UFOs happen to appear and be shown to actually exist, we can only conclude that the owner/operator of such a craft has either not yet heard of AFR 200-2, or is unable to read it. Defending the planet then will not require an ex-fighter pilot US president ordering a computer virus to be delivered to their mothership. Instead, all that will need to be done is establish communication and reading AFR 200-2 (and possibly the Blue Book conclusion studies) to them.
A more prosaic example is the Air Force manual regarding testing of fuels and the components therein. They define "mogas" (motor vehicle gasoline) as having too little benzene to be a health risk. The equivalent civilian fuel contains 100 to 1000 times more benzene than the level considered a health risk. This works so well that USAF orders its mogas from the same civilian suppliers that deliver to gas stations, but their redefinition protects service members working on fuel systems from benzene exposure. Unfortunately, civilian employees get hazardous duty pay for working in situations where they're exposed to benzene in mogas, because their labor union prevents the AF testing manual and its definitions from protecting them adequately.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Newton, sick of all those apples falling on his head, is planning to rewrite the laws of physics to make gravitation a repulsive force.
Empires grow and crumble, and the Turtle Moves. Gods come and go, and still the Turtle Moves. The Turtle Moves.
maybe they want to stop skynet from being built.
They're using their grammar skills there.
I would expect that all of an ISP's addresses should be in the block(s) they received from ICANN. If something on their sub-net is generating headers with foreign addresses, then they ought not to route it.
That doesn't work because the low bid always wins. What would be better would be if the government shifted from a bid system to a fixed bid system. ie: This job is for $50k, this is what we want, now tell us how you are better than the other guys. That would be 100x more effective, but also 100x more time consuming because then they would have to READ EVERY PROPOSAL, not just the two lowest ones.
The dangers of knowledge trigger emotional distress in human beings.
of course, what if the van had no doors to open for the question to be asked?!? would they go down a chim chiminey chim chim charoo? i grow wheatgrass on my van roof, and no passenger doors and no cargo doors were made. Only have the front cab window and a Sun roof with a grill/cremation furnace underneath. do your worst, USAIRSDMCFFRIFAAFBCIABATFECES!
They could always use CONS over TP4 and CLNP over TP0 like those Eurocommies wanted to back in the '80s.
I knew my OpenNET/DECnet skillz would come in handy again. Just let me at them AUI connectors...
Why, no one has ever thought of that before..
The Air Force excels at just about everything they do. But for the past decade or two, their Achilles Heel has been computing technology because it moves faster than anything else they're used to.
The Air Force is a very old organization and although they can generally respond to most anything quickly, overall change tends to happen very very slowly. Not long after I enlisted in 1998, there were rumors that the uniform was going to change from the classic camouflage pattern to a kind of pixellated-marble look. Based on what recent photos I can find, they're still only about halfway through getting the new uniform out to everyone.
Also, I know for a fact we're still flying some planes with vacuum tubes in the autopilot computer even though upgrades for all airframes have been around since at least the 80's. Most of the technical manuals that I used to repair avionics were between 25-40 years old and still had technical errors in them. (We weren't able to make corrections to technical manuals any more than you'd be allowed to make pen-and-ink corrections to a federal law.)
Computer use only became common in most squadrons about 10 years ago and even then, they were not really used for the correct purposes. Some captain would get the bright idea that somebody should use a spreadsheet program instead of a paper form for some menial task, force everybody to use it, ignore the pleas from his subordinates that it tripled the effort required to perform the task, and then make up some elaborate report for his commander about how he just saved the Air Force $358,000.
While I was in the service, the Air Force never really caught on that you had to hire and train smart people who know about computers if you wanted to make the most of them. Some squadrons took young administrative airman fresh out of tech school and sat them down in front of the admin console and said, "All right, it's your job now to make sure this doesn't break." This is very uncharacteristic of the Air Force as you normally need at least several weeks of training before you can be trusted to mop the floor correctly. But when a commander has something that needs to be done and he doesn't know how to do it, it's not at all uncommon for him to assign someone to it while implying that they should be rather quiet about it.
Others units farmed out network administration to government contractors like Lockheed Martin which wasn't any better because most of their employees are old military retirees who thought they were going to get paid more as a civilian for doing the same thing they did in the military and ended up being wrong on both counts. (Got seven stripes and an MSCE? Then they're hiring!)
I guess this long-winded point it that it doesn't surprise me that high-level Air Force officers are saying, "Hey, who says we can't control this thing? We're the Air Force, after all." They're used to having fine-grained control over everything in their view and a high degree of security surrounding it.
In other words, the Air Force is still nowhere near where they need to be in terms of network security. The only encouraging part of this is that they finally realize it.
Don't like hacker attacks? Unplug your modem! Wait, does anyone still remember modems?
Help me fix my brother's injured butt!
The AF can deal with someone in a nearby van, but not easily deal with someone anonymously using a free wifi connection in Europe that is bounced through 5 different servers. Even if they were able to completely track an attacker, how do they deal with multiple international jurisdictions?
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
There go my plans to connect to Cheyenne Mountain's WOPR computer to play Global Thermonuclear War! I guess they want to play Tic-Tac-Toe, instead?
I think I can expand on your idea. While I know the idea of ICANN and the US Department of Commerce controlling the root servers is unpopular with many, I think the following senario is the kind of situation where it would be beneficial.
ICANN assigns blocks of addresses to ISPs. If an ISP is letting "customers" originate (spoof) addresses that are not part of the ISP's assigned block, then ICANN could just refuse to route (or resolve) any traffic from that ISP by decertifying its assigned address block, unless the ISP cleans up its sub-net.
Historically ICANN has had a *very* light hand, but somebody needs to be the responsible adult on the playground and ICANN's control of the address space is as good a place as any to do it.
Whatever they do, don't do what the Russians did in last nights episode of Spooks. Those fiendishly clever Ruskies planned to launch a cyber attack on Brittan, to do this thay are going to tap into an undersea fiber optic link and cause a massive DOS attack against the UK commercial sector. MI5 came up with a counter-plan: bounce a zero-day-attack off the fiber link to the submarines communications and navigation system. To do this they would need the subs 'Remote Access Protocols'.
.. on computer ?) and steal the 'protocols' off the computer, copy them to CD and get out of the building.
..
.. :o
To do this MI5 blackmails the head of the FSB into sneaking into the Russian Embassy (where the nuclear access protocols are kept
They duly implement the plan, and on screen at MI5 headquarters, they see, the primary firewall and then the secondary firewall being disabled followed by the control screens on the sub going garbled and all the lights going out
In episode one, al-Qaeda is planning to detonate a bomb with the support of Chechens with links to Russia
Spooks Episode 2 Series 7
davecb5620@gmail.com
...read "Enabling Air Force servers to evade or dodge electronic attacks, somehow." from TFA and see "Collect underpants, ???, Profit"?
lameness filter forced me to munge the layout
RFC1149a - Standard for the transmission of flash memory on avia
Network Working Group_____________ TubeSteak
Request for Comments: 1149a__________LOL WTF
3 November 2008
A Standard for the Transmission of Flash Memory on Avian Carriers
Status of this Memo
This memo describes an experimental method for the encapsulation of
flash memory in avian carriers. This specification is primarily
useful in Metropolitan Area Networks. This is an experimental, not
recommended standard. Distribution of this memo is unlimited.
Overview and Rational
Avian carriers can provide high delay, low throughput, and low
altitude service. The connection topology is limited to a single
point-to-point path for each carrier, used with standard carriers,
but many carriers can be used without significant interference with
each other, outside of early spring. This is because of the 3D ether
space available to the carriers, in contrast to the 1D ether used by
IEEE802.3. The carriers have an intrinsic collision avoidance
system, which increases availability. Unlike some network
technologies, such as packet radio, communication is not limited to
line-of-sight distance. Connection oriented service is available in
some cities, usually based upon a central hub topology.
Frame Format
The flash memory is packaged, inside a small waterproof container,
and formatted to FAT32. The waterproof container is attached to the
back of the avian, between the wings, as a backpack. The bandwidth
is variable and limited by the carrying capacity of the avian.
Upon receipt, the backpack is removed, the flash memory extracted
and checked for physical and liquid damage.
Discussion
Multiple types of service can be provided with a prioritized pecking
order. An additional property is built-in worm detection and
eradication. With time, the carriers are self-regenerating. While
broadcasting is not specified, storms can cause data loss. There is
persistent delivery retry, until the carrier drops. Audit trails
are automatically generated, and can often be found on logs and
cable trays.
Security Considerations
Security is a problem during normal operation, as flash memory
has a non-trivial and intrinsic value. Special measures must be
taken (such as data encryption) when avian carriers are used in
a tactical environment.
[Fuck Beta]
o0t!
The headline here says 'rewrite the rules of the internet', whereas the Wired article talks about 'rewriting the rules of cyberspace.' Subtle difference here.
The internet exists as it is--fundamentally an IP-based network connected in all the ways we know about, routing, addressing, etc.
The thing is, there's no reason that the Air Force (or anyone else) couldn't create their own, entirely incompatible version. Start with something that has guaranteed QoS, hard-wired source addressing, encryption at the equivalent of the transport layer, content-metadata in the packets (or equivalent to packets--it doesn't have to be a packet protocol at all), etc..
If you need to connect it to the internet, create a tunneling protocol, or a translating switch. Make it different. Make it incompatible. Make it rigid in its requirements. You CAN create a secure network, but not if it's based on the same technology that makes up the existing internet.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
"You still have the problem of how to run www.af.mil in a manner open to the public, as well as the public sites for many military bases, while still securing them"
...
A contradiction in terms. You can't secure *.mil, at least in my understanding of the term. Never mind in technological terms just keeping track of the information. For low level mil traffic and public access, continue to use the InterTUBES.
"Still, wouldn't you LIKE to find out who's sending you spam/phishing attacks/etc... so you can, if nothing else, impolitely ask them to stop at 0100 in the morning?"
Any such attacks are usually from some compromised desktop in JP. Once the VPN filters it out, I don't want to see it. The VPN node keeps such logs. Putting a 'secure' system on the Internet with only a username and password for protection, is dumb as dumb can be
HPDIA0200W Authentication failed. You have used an invalid user name, password or client certificate.
davecb5620@gmail.com
but all the neo-cons redirected the money to haliburton and an occupation.
It could start with the need to do business with government. The government could adopt protocols and standards that are more secure than the ones we are [ab]using now. And then, just as with digital TV in the US, an announcement is made saying "as of Aug 2009 if you want to do business with the US government, you will have to start using these protocols." Suddenly, software makers have motivation to supply the next versions of their email software that works with the new government email protocol standard and on and on.
People know SMTP sucks. The trouble is getting that ball rolling for change. Who could individually start that ball rolling? The biggest spender of all time, of course, the US Federal Government.
"Yes, I'm sure every potential recruit would just love to have to install a VPN client to go check out af.mil."
..
Pretending to be dumb is no excuse for a slashdot subscriber. Like the potential recuit isn't in du' Army yet, as such the recuitment site would have to be on du' InterTUBES
'Hey dude, how can I get onto this FaceBook from this here 'secure' computer'
davecb5620@gmail.com
Why do these stories keep getting put on slashdot? Wired is god aweful reporting to begin with, and they make EVERY military related story into some stupid diatribe article. One day they are laughing that the Air Force allows users to surf the web, the next they are talking about how the Air Force is some draconian government gestapo crushing freedom because it blocked social networking sites. These people are tools...I mean for christ's sake there is a huge picture of Neo stopping bullets at the top of the article. The Air Force could discover the cure for cancer and these assholes would write a story about how they are killing millions of cells in humans.
I mean seriously...the DoD only has the largest enterprise network in the world. The DoD was a big part of the Internet even happening in the first place. I think it is pretty assinine to point and laugh and take quotes from the non technical people and further warp them by putting them out of context. Wired is pathetic.
The only change I can believe in is what I find in my couch cushions.
If the RIAA can rewrite the laws of cyberspace, why not the Air Force?
Airplane Photos, Airline News, Planespotting Guides
Because the military's decision making machine is seriously stupid.
"If any question why we died, Tell them because our fathers lied."
Leave it to these guys to thinking THEY should be the ones to rewrite the internet...I have not read the article, but if the title holds true, and the USAF thinks its time to make some changes to
better track internet usage, then don't think whatever you come up with should be implemented...that is what the IEEE is for no?
"The thing is, there's no reason that the Air Force (or anyone else) couldn't create their own, entirely incompatible version."
You've figured out exactly what they need to do. Now, all they need is to hire the greatest expertise in the world to implement it. Someone with years (decades?) of experience of doing exactly this and bringing such products to market. Someone who actually loves doing this! And to whom everyone else takes a back seat.
May I present (drum-roll): Microsoft!
I don't understand this story very well... you'd think the Air Force had some mission besides gouging money out of the American taxpayer. Where's the big ticket items that will require years of budget appropriations?
Oh wait: government software projects. I forgot. Nevermind.
In World War I one of the countermeasures the Russian's used against the possibility of a German invasion was to use a different gauge of railroad; the rationale was that the German's wouldn't be able to support their troops without rail, the German trains wouldn't be able to run on Russian tracks, and therefore they wouldn't be able to sustain an advance.
This practice cost the Russians a vast amount of trade revenue due to the inefficiencies of the system, and in the end it was all for nothing.
The Germans, not being morons, allowed the Russians to advance into German territory and then pulled the same trick on them: surrounding and destroying forces who had effectively cut their own supply lines by advancing past the end of their own rail lines.
So yes, on the one hand, making your system incompatible with the "enemy" system may have advantages, but it also has dramatic disadvantages. You won't have the benefit of the rest of the worlds security research, you won't benefit from the advances on more popular systems, and you won't be in a position to be aggressive with your resources because you'll have the same problems working on other people's networks as they'll have on yours.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I believe that the DoD's network for secure (TS, S) information - Sipernet - actually does run on the Internet infrastructure. It doesn't behave the same way as normal traffic and special devices are used at the end points that connect to the Internet to disguise the traffic.
Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
Well unlike any other institute that has threatened to re-write the rules of cyberspace, they're probably that institution with the largest amount of (nuclear and conventional) weapons that has threatened to do so. So does that give them the right? :-p
...in bed
...and has the equipment, the know-how, and furthermore, the balls to DoS the holy crap out of any upstream ISP or NSP that's providing a source path for anyone who is "being an irritant" while making it look like the DoS is coming from Europe or Asia or wherever the original cuprit(s) who pissed them off are located. Don't ask me how I know this.
Oh wait, nevermind...
Mod parent up! +1 I Think Slashdot Is My Personal Blog!
Isn't this a simple issue of isolating a few "clean" networks and essentially NAT'ing them, denying access to any external address (at the BGP level, the way Sprint recently blocked Cogent)? Anybody coming in from elsewhere will have to VPN into some time-sensitive opening (see below). Done and done.
Time-sensitive opening: create a giant honeynet on the entry-way IP blocks which host the VPN. The VPN firmware/software would determine which IP:port to connect to with one-time "password" (OTP) generators like SecureID ... hell, you could even use the physical SecureID keychain for this part, thus gaining two-factor authentication. Connecting to the wrong one results in getting blocked by the entire VPN network for 10 minutes. Too many failed authentications on a OTP generator will result in that generator being revoked or frozen, just like your online bank account.
How does this not solve the problem? You're relatively immune to DDoS attacks, a strong enough level of security ensures only privileged accounts gain access, and facilitating access lists should be as secure as their physical equivalents.
Use my userscript to add story images to Slashdot. There's no going back.
Cyber attack =
reverse IP lookup, and when it's reliable, well, that's what "Rods From God" are for.
Just don't use MPAA lawyers to do the ip lookups.
Yes, but... if you can think of the internet as a hierarchical tree instead of a web. People think of it as peer-to-peer like a web. But it is really subnet-backbone-subnet, both physically, and logically (DNS). All ISPs have to physically feed into a higher level link until you reach the tier-1 providers which put it on the backbone. Then the tier-1s have to resolve at the 13 root name servers to know where to send it. At each level of the tree, each subnet gets gate-wayed/routed to the higher (or lower) layer. Each level of subnet should have discrete sets of blocks of ICANN assigned numbers right down to the neigborhood dsl-exchange.
So, ICANN could, at least theoretically, make "being connected" conditional on a provision that would flow from tier-1 down to the neighborhood ISP -- "you only resolve and forward out-ward traffic if its origin headers match the assigned block(s) of the origin subnet(s)". If a subnet starts spewing spoofed packets, the next higher tier (up to tier-1) disconnects them until they agree to fix (or filter) the problem. ICANN then rides herd on tier-1 to keep it enforced.
Leave rule 34 intact!
Justice is the sheep getting arrested while an impartial judge declares the vote void.
Or perhaps today's protocols can be tailored, to make military networks "technically or physically inaccessible" to malicious traffic. "We'll start with blue," says Information Directorate chief Donald Hanson, using the military term for friendly forces. "If you're not blue, you can't come in."
WHat a great idea. We could call it a "firewall" or something.
It's simple: I demand prosecution for torture.
A contradiction in terms. You can't secure *.mil, at least in my understanding of the term. Never mind in technological terms just keeping track of the information. For low level mil traffic and public access, continue to use the InterTUBES.
Bastian fortress hardening - you're not looking to protect the information on it in the traditional sense, you're trying to prevent anybody from compromising the machine to either change the information on it or use it as a gateway for further hacking.
Once the VPN filters it out, I don't want to see it. The VPN node keeps such logs. Putting a 'secure' system on the Internet with only a username and password for protection, is dumb as dumb can be ...
The VPN isn't, by itself, going to be filtering out phishing emails. And we've graduated from username/passwords some time ago.
I don't read AC A human right
I'm sure that the air force has all of our best interest at heart. At least they think they do, or they might think they do. Or that is, er. Come to think of it maybe I will live in that bunker in Montana after all.
Today is an ephemeron, doomed to the crypt of yesterday.
The answer is more I.T. people. To really make this technology stuff work, we need to employ approx 1 I.T person for every 3 computers.
The Air Force must have completed the rewriting of the rules today at 1:00 PM. That might be the answer to why there are no new stories on /. since then.
The USAF has the big advantage that they're not trying to grow their web traffic. If nobody on free mail services can talk to them, no problem. If executable downloads don't make it through the mail filters, no problem. If every incoming document gets run through a conversion to ODF to strip any funny stuff, no problem. If every incoming image is rendered and recompressed at the firewall, no problem. If their users's machines need a dongle to authenticate, no problem. If their servers have to run NSA Secure Linux or LynxOS or EAL4 QNX, no problem. They can take a hardass attitude if they want to.
Comment removed based on user account deletion
when they locate one of theese stealth spammers I hope the send a predator to deliver the cease and desist notice .
Rewriting "the laws of cyberspace" is for wussies. to save on my heating bill I rewrote the laws of thermodynamics.
Comment removed based on user account deletion
this is so much of a pledge to rewrite the internet, so much as its toplevel brainstorming by folks who just dont know that much about the technology behind the internet. if its a wardog pondering, then the idea of 'dodging' and the concepts he implies sound vaguely related to tor routing. i think more than visions from leaders, the af is going to need to do some serious recruiting to find some very savvy sysadmins and network people, most of which are already purchased by fortune 500's. this is challenging, as most of the admins i know are rather opposed to joining the war machine agenda.
Good people go to bed earlier.
This reminds me of an old fairytale story,..
About a king sitting on his throne all alone.
Because everyone else in his kingdom left.
Ok, so based on my experience with the Air Force the rules will be as follows:
1. kiss you superiors butts, even when they tell you to do something wrong
2. do crappy work - and bitch about it a lot
3. work sloooow
4. after steps 1-3 your superiors will tell you that you've been doing it wrong (nevermind the fact that they told you to do it that way), and you need to start over
5. Thank you boss for the opportunity to do it 'the right way' this time
6. start again, then someone else gets tasked with the project despite your objections
7. you tell the new guy to go to step 1, and continue until project completed
I am open source, and Linux baby!
I'm one of those American Right people you speak of, however I think we're so far off on the horizon you can't see us clearly. You see, we're being obscured by all those people to the Left of us that are constantly trying to take away the First and our guns. We usually blame the Left for all our ills, but I guess the problem is that our view is just as obscured as your view by that huge mass of selfish people in the Middle.
Oh and the Second is more important than the First: You don't need to yell if you're armed, or as Roosevelt said "Speak softly and carry a big stick."
Some of the workers responsible for governmental, critical security are well trained, seasoned and dedicated. I would not discount their abilities one little bit.
Hey fsckers,
Stop trying to hack my gateway.
Oh the US air force is crying because people are trying to hack them.
Boo hoo hoo.
You clowns have been trying to brute force my ssh server for years -- Good luck with that. As a server located on sovereign Australian soil I consider this an act of aggression.
I know this because most of the ssh probes in my logs are from us airforce mil ip ranges.
Give by the sword, die by the sword. Bastards.
Interesting but I see no links to any documentation that I can can read to validate this. Is it theory or truth? ...or a fun thing to say? Anyone can make an accusation.
This is the first time I hear this. Surely it would (or should) have come out when the father or the son was campaigning (or Jeb).
Anyone have something on this?
For the record: I am not American and am not taking sides here and am not really up on all the information on the Bushes. (or is that Bushs?)
IPX!
It is the Army or the Navy.
So flyboys, hunt them down and kill them.
It's recently dawned on me that there more than seven continents taught to you at school, which are N. America, S. America, Europe, Africa, Asia, Australia, and Antarctica. In fact, there is an eighth: the Internet. Consider: the empires that colonized the Americas knew about them for years before there was serious Europeanization (E-ization from now on, because it is so hard to spell out.). Once they started becoming seriously interested in expanding into the Americas, they reacted in the following ways: they first began settling the regions and using what they could to be more efficient. Second, they vilified the natives, decrying what they learned was necessary to survive and the culture that sprang from it as barbaric and savage. Third, they imposed their culture on the natives, forcing them to submit to their laws until everything that was native was now part of Europe. Anything they keep is seen as a novelty. I see this happening with the Internet. People have known about it for a long time, but haven't really cared about it. Now it's becoming more and more necessary for them to operate within it. So, in recent years, they have begun using what we have had, like e-mail and online news sources. Now they are saying our websites are bad, like the article on CNN. In it, the author implies that our culture is savage, cruel, and callous. Now again, they have begun imposing their laws upon us, barging into our 'continent' and claiming it is theirs because we aren't responsible enough. By the time they realize that they are wrong, it will be too late; our culture will be long gone. I propose the following: we, as a culture, begin mass-migrating to another medium, or we fight for our lands and keep out the intruders. I vote for the latter. It is not their right to steal what is ours, nor is it their 'responsibility' to use it the way it was 'supposed' to be used. But don't listen to me. Think for yourselves, before it is too late.
Does this mean that when i try to access their servers i will no longer be greeted with:
"Hello Professor... would you like to play a nice game of 'surf pron'?"
soylentnews.org Go there to enjoy the people!
>how do they deal with multiple international jurisdictions? Extraordinary rendition?
Next week: Fat guy tries to rewrite the law of gravity? Mortgage broker tries to rewrite the law of diminishing returns? Nobel prize for Average Joe who successfully rewrites the law of averages? I'm inclined to think that this is more: "Tarzan rewrites the Law Of The Jungle" (before consulting the tigers).
http://www.space-track.org/ is run by some branch of the US military which may or may not have been part of the USAF and may or may not have been disbanded or reinstated recently.
We can neither confirm nor deny.
In order to get access to the data provided by space-track.org you need to agree http://www.space-track.org/perl/user_agreement.pl that you won't disclose such data to anyone else, especially any Arabs or Chinese, on pain of prosecution for treason or littering or stuff.
Should you agree to such restrictions and log on to the site, your login and password, and all the content of the site, are transmitted in the clear.
Whether you want to run a website or a war I doubt these are the people you want to do it.
The Bush era just jumped the shark. What a bunch of idiots sitting in the US army.
The first rule of the Air Force Internets is - you do not hack the Air Force Internets. The second rule of the Air Force Internets is YOU DO NOT HACK the Air Force Internets. Third rule of the Air Force Internets is if you get hacked, power down, the hack is over.
I mean, Montana has an AFB in it, along with 6 Air Force bases in nearby states. There is no place anywhere in Montana that isn't relatively close to an Air Force Base. That's a great plan for getting to a place where "The Man" can't hit you. *grin*
http://www.faqs.org/rfcs/rfc3514.html or as I like to call it, the "bert bit"
the USAF should enforce ALL RFC's ( postmaster@domain anyone?) and those that
do not comply get a thrashing that ED209 would get a chubby over.
There have been people targeted and arrested as "protesters" just for having their car searched and categorized because the cop finds a bag with a mini-book of the Declaration of Independance, We the People preamble Constitution, and "Patriot Games" starring Harrison Ford. No bad attitudes caused the unwarranted search. They just look at the title "Patriot Games" as non-fiction material subversive to the government as opposed to someone questioning why they were pulled over. Criminal government means the government is occupied by criminals, not Criminal-government as a criminal to be governed.
If you look at the seminal works in computer security you will see that a lot of the most significant early ones were reports for the Electronic Systems Division of the Air Force Systems Command.
I don't know how much damage has been done to either or both of USAF and NSA by incompetent and technically illiterate managers and politicians since those days but a spy agency with expertise in cryptographic algorithms is not what you need in overall charge of the thinking about systems security. An organisation where systems must be usable by people overloaded with work in a high stress environment is more appropriate than one whose mission is to spy on foreigners and die rather than give up any information.
I would cite SELinux as an example in support of my argument. It is fine in theory but so hard to use in practice that the usual advice is to disable it if you want to get any work done. This fits the spy agency thinking that it is better for the system to be inoperable than for there to be any possibility of information leakage. That is totally unacceptable to anyone who needs to get a job done.
Having had my little rant, maybe I should read the article...
known as "the public".
They cannot report "suspicious" vans now.
So all the future spy needs to do is be invisible from the distance of the station.
Without the public helping, you have now left the field open to the spy: artificial sensors will improve. The human eyeball not so much.
So what they really saying is whoever was wacking them , They GOT THERE BUTTS KICKED HAHA.
hackers of the world unite, we must teach the scourges of facism that they cannot prevail.
THAT MEANS YOU BOB
"The VPN isn't, by itself, going to be filtering out phishing emails. And we've graduated from username/passwords some time ago."
The email system would only accept email from identifiably PKI certified senders and while this one uses PKI certificates it hasn't yet graduated off the InterTUBES, as in I can still send malicious packets directly to the server, which if the current infrastructure were adequate then the US Air Force wouldn't be:
".. fed up with a seemingly endless barrage of attacks on its computer networks from stealthy adversaries whose motives and even locations are unclear.. "
Netperger Syndrome: an obsessive compulsion to argue with total stranger over the InterTUBES
davecb5620@gmail.com