Slashdot Mirror
Obama Helicopter Security Breached By File Sharing
Hugh Pickens writes "A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama's helicopter. 'We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter,' says Bob Boback, CEO of Tiversa, a security company that specializes in peer-to-peer technology. Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source. 'What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,' says Boback, adding that someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.' Iran is not the only country that appears to be accessing this type of information through file-sharing programs. 'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'"
So where's the torrent?
Gee. That's a nice balanced summary, ahead of the histrionic response of "OMG file sharers are breaching national security!"
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source.
.
.
'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'
If you use p2p file sharing software to steal music and TV shows - terrorists win.
Mit der Dummheit kämpfen Götter selbst vergebens
Isn't anything sacred anymore!
~~"Of course, that's just my opinion. I could be wrong." ~~Dennis Miller
This will result in a new Marine One being procured.
I hope this caused some synapses to fire.
they found that one file out of millions and it has links to Iran.
Wow. I wouldn't want to be him / her about now.
Those are my principles, and if you don't like them... well, I have others.
doesn't the file have to prepared for upload
Torrent link, please?
Res publica non dominetur
The buzz was so loud about the "blackberrry" hole, that they couldn't see the big picture. And a distraction is always a good strategy when planning a robbery.
I smell a ratio builder!
Otherwise they wouldn't have it on a computer connected to the internet. Any documents with a clearance level have to be on a classified network, tucked away from the wild. There was a much bigger problem with their setup than file sharing software if these were classified documents.
I'm pretty sure that stupid/careless employees can leak sensitive information through P2P on any OS. I'm not aware that any of the OSX/nix installs search any less widely for shared folders than the Windows versions.
Stupidity is definitely OS-independent.
A lot of these P2P apps share your entire home or your entire computer by default when you first install them, it's up to you to go in and shut that stuff off, or at least define a specific folder to share from rather than the default.
Tagging this with "windows" isn't fair - it can affect any other system equally, this isn't a software problem, it's a user or developer issue. For example, I've worked on numerous macs with Limewire installed on them that are sharing all the user's music automatically by default.
I work for the Department of Redundancy Department.
The RIAA should take some notes. It doesn't matter how much money you spend, or how much you sue...you'll never stop P2P or anything like it.
"The difference between genius and stupidity is that genius has it's limits" - Albert Einstein
from TFA: Rep. Jason Altmire, D-Pa., said he would ask Congress to investigate how to prevent this from happening again.
And you're going to do WHAT? Stop using defense contractors? Train the entire world on common sense? good luck!
I work for the Department of Redundancy Department.
Now the government has an excuse to completely ban Peer 2 Peer. I'm sure its complete bullshit, but it wouldnt be the first time the government lied to us about "terrorism" in order to gain financially and politically.
Is it just me, or does this whole thing seem a bit too topical? I can see this meeting taking place at the Tiversa head office.
CEO - "We need to drum up business! What's a good angle to increase our visibility?"
Marketing Droid One - "Evil powers are undermining our National Security© is tried and true, Sir."
Marketing Droid Two - "It's consistently scored highly in all of our focus groups."
CEO - "That was with the last administration! We an angle for today people!" (makes slicing hand gesture)
Up and Coming Sycophant - "I know! The helicopter! We can say that someone stole the plans to the President's helicopter!"
CEO - "That might just work. Tie that in to the usual National Security line and send out a press release!"
In the land of the blind, the one-eyed man is usually crucified.
Repeat after me, "actions have consequences". Sometimes consequences we didn't intend. Could this have happen as easily and unintentionally with any other file-sharing protocol? .e.g. FTP,HTTP. For those out there who justified their illegal file-sharing under, "I ain't hurting nobody". This post's dedicated to you.
There are a few sensitive files in my home directory, such as my private key in ~/.ssh and a few configuration files that contains passwords in clear text. I really don't want these files to be shared inadvertently, yet they are currently treated as ordinary files by the SELinux on my Fedora 10 system, so any process running under my account can access these files. Of course I can still relabel the files and change my SELinux policy, but this is beyond the ability of most people. It is a shame that SELinux, with its huge potential, is so hard to use that it still provides very little security for an ordinary user.
The responsible person should be fired for violating company policy and prosecuted for releasing secure information. I doubt it was classified information, since that would never be stored on a system connected to the internet.
The contractor needs to fire their security team and CSO too. There's no excuse for outbound traffic from desktops without going thru filtered proxies.
Next we'll find that they used commercial/free IM services too. Idiots.
In any company, there are sensitive documents that aren't government secrets.
If this was a classified file, the company is going to be in big hot water for allowing it on the public network.
If it wasn't classified, the company may still be in trouble but they may be able to save face by educating their workforce on safe computing.
The general problem this exposes is much bigger:
Companies who let their employees work from home or the road and who don't do adequate training and take adequate protection measures risk similar unintentional data breaches. These breaches can be anything from legal-but-harmful leaks like upcoming product announcements to get-fined-or-go-to-jail leaks of data like financial or medical records.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Wow. BitTorrent is really freaking the control freaks out isn't it? I guess the Pirate Bay trial must be going worse than they thought....
Send your spendthrift head of state this
Should be *banned* for security areas. If you need 'outside' for a valid reason you provide a dedicated machine for that purpose.
Its pretty simple. That company should be fired, not just the fool that caused the leak.
And i don't care what OS it runs, anything less then the above is plain reckless.
---- Booth was a patriot ----
I'll bet that they'll use this as an excuse to try and ban filesharing, when the problem isn't P2P, it's a basic I.D.10-T error. Wonder if the dope that did this works for the same company that had their entire network as internet routable addresses... Yep, their entire network could be accessed by anyone in the internet, we tested that, and their IT Manager still refused to fix his security issue. Nothing more we could do for him.
So now that they have the plans for Marine One. They can save bundles in R&D and finally build Ayatollah One.
Couldn't resist. :)
"Beer is proof that God loves us and wants us to be happy - Benjamin Franklin"
None of these ideas are foolproof, someone dumb enough would eventually screw up anyway. But that is not the point, the point is that there are simple engineering steps that can be taken to reduce the amount of inadvertantly shared data.
Football Odds
... and this is why you have draconian policies in many companies about installing ANY unapproved software. I've seen people complain about "just let me do my job" and install anything they want, but the fact of the matter is that it only takes one dumb-ass like this to wreak major havoc.
Sometimes it's best to just let stupid people be stupid.
I'm sure he is embarrassed and his job is in question. However that's not what will be freaking out the bosses. This is a systems failure, they should have had prevention and detection controls in place.
This is confidential data. Commercially sensitive data. Military data. There's a duty of care, contractual and legal obligations that lie not on the employee but the company and it's directors for failing to adequately protect it. Even if there's no legal action the company's customers and supplies will have to think twice about dealing with them.
Ha! Just kidding. The employee will get fired, maybe the IT manager too, and those tasked with the duty of care (directors) will carry on unscathed, and the customers and suppliers won't take the slightest bit of notice since hey it's got nothing to do with them.
So whats the high/low on this person having a GitMo vacation??
Any person using FTFY or editing my postings agrees to a US$50.00 charge
People who don't understand what they are doing are also making huge mistakes!
In our consumer-safety world, we blame the manufacturers/publishers of products for when their use results in harm of some kind. We do this with cars, refrigerators, shoes and drugs. Somehow we have yet to address this problem with software... or more precisely, we have EULA'd ourselves out of any recourse on the matter.
People want to share stuff on the P2P (which doesn't always mean bittorrent... it can also mean other protocols like gnutella or whatever the earlier types were) but don't fully understand what they are doing... and in as far as getting what they want, are willing to ignore trivial problems like security. People are operating complex systems with sensitive information and mixing that with software that doesn't respect it. There are a lot of contributing factors to this problem. One might be using a consumer-oriented operating system in sensitive data handling. (There once was a time when people used mainframes and unixes for "serious" business information that needed controls and desktop operating systems for clerical and similar types of work... why did that end?) Good IT practices have fallen with the amount of pay and respect IT people receive. The ones who cared and took their jobs seriously exited the field to be replaced by people who are willing to deliver to some really stupid demands.
People, business, industry and government need to take a good look at where their data is being handled. Marketing trends and "ease of use and availability" have trumped good sound practices and policies and the results are clear and obvious. If data needs to be controlled, use a terminal or at least remote desktop to get to it. Sure, you can have Windows on every desktop and workstation as long as access to critical data can't be available through a drive letter or other network mapping.
Iran is America's new best friend in the Middle East.
Funny how this should happen so recently after Obama and McCain publically agreed that the plan to replace the aging Marine One fleet should be cancelled...
http://www.nytimes.com/2009/02/24/us/politics/24chopper.html
If I worked for US counterintelligence you can bet I would develop and plant fake leaks that sound just like this sort of thing. Then again, I may be giving too much credit. Occam's Razor prevails.
I cry bullshit on this. I don't believe this crap at all.
We get the reports recently of AFIT building an anti-file sharing box, and then we hear of all these other 'dangers' of file sharing programs.
I work for a contracting company, and I know damn well that this isn't possible from the military side of the house. So, if some info got loose, then this is because some asshat 40+ year old contractor took his damn laptop home with sensitive information, and voila, instant file loss.
plz seed
Who Cares ????...... i don't...
*--- Sometimes a majority only means that all the fools are on the same side. ---*
What a coincidence that a security breach on the president's current Marine One became known right after he nixed the multi-billion dollar plan to get new ones.
http://www.nytimes.com/2009/02/24/us/politics/24chopper.html?ref=politics
Maybe the helicopter he has isn't adequate after all.
Philip Sandifer's academic website
and it's not a developer's issue. It's an IT department's issue. Why a computer with sensitive information on it was connected to the Internet? If it had to be connected, why wasn't it firewalled properly? Why the user was able to install unapproved stuff? Most importantly, why nobody seems to be asking these questions?
And suddenly your sources were out ...
... and I thought the credit crisis was a problem of epic proportions.
I am really astonished by what can call itself a "defense contractor" in the USA. Most other places probably have similar idiocy in place but this is just laughable at best. You entrust a company with the security of your files (let alone the nation) and they can't set up Kazaa so it won't share "C:\Documents and Settings\All Users\National Secrets"? Wow
I was on my ship-won't say which one-processing our morning traffic, and we'd recently switched over to using Outlook on the secure lan. There was an airgap between the SIPR and NIPR side of the house, so there were no worries, or at least there shouldn't have been.
Well, I'm processing the UNCLASS traffic, and what should come into the ship's inbox but an email from outside email address. I clicked on it, and Norton went berzerk, locking it down and freezing it before it could do anything. I forget which virus it was, but this was back in the late 90's.
Since it was safe to look at using notepad, I dug into it and found out the email itself was what we call a "MOVEREP", or ship's movement report. Those are classified, usually confidential. You don't want the enemy to know where you are going to be, after all.
It turns out the captain had carried the moverep home on a floppy (sneakernet ftw) to work on it, and had inserted it into his home machine. BIG no-no. And the machine-which was infected-dutifully grabbed the message and sent it out as a virus-infected file to everyone in the captain's private email list. Based on the TO: field, I'd say there were some 75 people that got a slightly jumbled moverep mixed in with private email and porn, and a serious case of "WTF-itis"
The captain didn't get in too much trouble, since it was later learned that sneakernet editing of movereps was actually quite common in those days. LOTS of work got taken home, and officers were already kind of lax about security. But it still highlighted a serious security risk and that hole was quickly plugged. All the officers got additional training, and ship's captains got private lines installed at home if they needed it.
One of the less painful "lessons learned" I've had the chance to witness.
Don't worry, I am sure the Iranian ISP has a three strikes policy and terrorists will be soon cut off the internet.
Also I've discovered that quite often, the reason people want the ability to install software is precisely because they want shit they know they shouldn't have at work.
I work for a university, so there isn't a hard and fast rule on admin for users. We'd like that nobody has it, because there's less problems, but due to various reasons including academic freedom and research groups owning their own systems, we have to allow it when professors request it.
Now you might assume that the reason a grad student would want admin access is just to make their work easier. They can install software when needed, without asking IT. In some cases, that is it, though there is still software you have to ask us to install since it is centrally licensed. In other cases, there are software/hardware combos for particular research that just won't run without admin. So we certainly get some legit requests.
However there are more than a few grad students that get admin, and then set about installing shit they shouldn't. Normally we find out fairly quick because some of it tends to be infected with viruses. The whole reason they want admin is not because it'll make their research easier, but because they want to install P2P apps, Skype, and so on to screw around.
I'm willing to bet the same holds true at companies. I'm sure some people need software that IT doesn't install by default to make their job easier. However I'm sure other people want to install stuff that isn't work related, and that's why they don't ask the IT department to do it and instead insist on getting admin access. While some people might say "So what? People goof off at work, why not let them?" this shows the reason. The reason isn't that IT is worried about you goofing off, the reason is they are worried about security problems.
"Rep. Jason Altmire, D-Pa., said he would ask Congress to investigate how to prevent this from happening again."
Seems like the best way would be to fire anybody in the IT department, possibly the entire company.
The Congressional investigation mentioned in the original story (which would potentially cost millions of course) wouldn't be necessary if people would just effing learn something about how computers work. Investigation complete. Can they just give me the money instead? =D
Zooperman
Now the terrorists know the location of the tiny exhaust pipe that leads all the way to the central core.
Granted this was only an advertising company with no real secrets except personal data:
We noticed strange activity from a subnet in our building, and it turns out that around 6 pm
every day, this kid was walking around to as many pc's as he could and firing up kazaa. Enabled
by lazy desktop admins that had given the same password to EVERYONE. Using this one password
of course, could get you into anybody's personal stuff, but that is another issue.
We had a summer college intern that installed soulseek and kazaa within 5 minutes of logging in
to his computer. He was surprised when we got the two largest guys in the department to walk
over to his desk (6'3 and 6'9).
Almost 20% the desktops have tried to install Limewire.
We had a microsoft administrator that needed a redhat box for something or other on our backup
dsl. He installed the 5.1 version which had tons of known vulns and left it unpatched, unfirewalled.
Within a week someone had rooted and installed a game server on that box.
The same dude installed a "web server", and an "FTP Server" on an old mac, and also unwittingly installed an open web proxy
that was part of the same package (web sphere was the package I think). Pretty soon most of the traffic
was proxy traffic that had found us (probably scanned and made its way onto web lists). The logs were
good fun to look over on that one......
music lover since 1969
Getting framed sucks... but what if it's all part of a setup?
Wasn't there some discussion about Obama wanting a new helicopter but "for the good of the nation" "considering today's economy" (nudge nudge, wink wink*) he decided against buying new helicopters.
But now that the security been breached, well, he just *has* to have a shiny new one, right?
(*What's a few hundred million dollars for a helicopter when we're committing to spending more money than the entire world's GDP, as computed using GAAP standards?)
The U.S. government is the biggest killer of humans in the world. It is easy to understand why those who may be killed next want information.
Maybe I have watched too many movies, but the simplest explanation to me is that it was intentional.
Blah blah blah blah blah. Honestly...
DNA -- National Dyslexic Association
The article on this are horribly inadequate. First, any helicopter is "Marine One" as soon as the president steps on board. So what helicopter is it? Is it the 30 year old Sikorskys that we're used to seeing or is it the new Lockheed Martin VH-71?
This is like the third posting (on /.)of this type in 2 days. This type being some completely random fuckup, somewhere, then mentioning p2p in the end. I mean this guy worked for the security company and had sensitive blueprints on his computer, and then installs a file sharing program?? Please! Fire the whole contractor for gross incompetence. Is this really what they are going to come up with to try shut down p2p? "Terrorists are accessing sensitive data over file sharing networks" (because someone is running grokster at the Pentagon.. Wow.
What are the chances this P2P source was installed by malware? Is there anything active in the wild that does that?
What sort of security depends on the secrecy of a helicopter's blueprints? Honestly.
Higher Logics: where programming meets science.
I am so tired of this sort of sensationalized reporting.
It's all part of an agenda, as I see it, about the "horrors of p2p technologies."
So let me get this straight, (at least, according to the headline).
"File Sharing" actually "breached" Obama's helicopter. How did file sharing accomplish such a feat?
Did file sharing hire some elite spies? Maybe some mossad agents?
What I think is that a company that manufactures products to snoop of file sharers has a great headline to
promote their business.
What the article REALLY amounts to, is that some defense contractor fucked up by not following security procedures.
if he had left them on a table at McDonalds the outcome could have been the same.
Could this be the first time the Streisand Effect is considered a national security issue?
That means we can finally all build ourselves our own presidential helicopter!
1. Get Limewire 2. Don't share c:\topsecretgovernmentdocuments\MarineOne\blueprints 3. goto 2
No portion of this post may be rebroadcast without the express, written consent of Major League Baseball.
Hell....lose his/her job?
If they're lucky that will be all they lose. When you're doing DoD work for the Feds....you sign some pretty heavy forms about your responsibilities and the ramifications if you break them....accident or not.
If this asshole did this with what I would have to guess was secure information....putting these plans on a non-secure computer, that alone can get you some heavy legal problems, and possibly jail time.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Shortly after 9/11 one of the principal architectural firms working on the Pentagon renovation posted all of their CAD drawings on a publicly available ftp server. I was working for a subcontractor at the time. When I contacted them to ask "WTF are you doing? Why not just post an ad in the Washington Post offering to give away all this information?" I was told by the system admin that it wasn't a problem because they hid the files on the ftp server using "an obscure folder name that nobody will be able to figure out". In other words, they posted the Pentagon's infrastructure in a folder called "/erwtn0tun-29358yt29832hncnf2h2ui2h 3fh3nc/" on their public ftp server because nobody would be able to find it in the open!!! Except I did. When I mentioned it to other people the response was "well, you can't bite the hand that feeds you" and all that rot. Of course, the ftp server was running on MS IIS and their web server was misconfigured at the same time so you could see everything ELSE on the server... Government & security (to me) are laughable.
*Insert reference to waaaambulance*
You have a very good point there.
Let the info-wars begin (again).
To the originator of the story, I suggest you direct your P2P searching efforts toward finding a file containing
the secret locations of the Iraqi WMDs.
Where are we going and why are we in a handbasket?
U.S. military in Afghanistan: Shopkeepers outside the U.S.-led coalition headquarters in Afghanistan were found selling computer memory drives stolen from inside the base. The drives contained seemingly sensitive military data, including the Social Security numbers of four American generals. The thefts were announced in April.
----
The State Departmentâ(TM)s computer security team has lost 400-odd laptop computers, CQâ(TM)s Jeff Stein reports.
Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations with foreign countries, an internal audit has found.
As many as 400 of the unaccounted for laptops belong to the departmentâ(TM)s Anti-Terrorism Assistance Program, according to officials familiar with the findings. The program provides counterterrorism training and equipment, including laptops, to foreign police, intelligence and security forces. Ironically, the Anti-Terrorism Assistance Program is administered by the State Departmentâ(TM)s Bureau of Diplomatic Security (DS), which is responsible for the security of the departmentâ(TM)s computer networks and sensitive equipment, including laptops, among other duties. It also protects foreign diplomats during visits here.
Where are we going and why are we in a handbasket?
Who Cares ????...... i don't...
If the Rebels have obtained a complete technical readout of this helicopter it is possible, however unlikely, that they might find a weakness, and exploit it.
Does the helicopter have a long trench leading up to a ventilation shaft?
You'd be surprised. Anything....ANYTHING that has to deal with a military vehicle of any sort has strict rules surrounding it about who can see it. Even something as small and insignificant as a bolt for an engine mount cannot be shown/manufactured anywhere but the United States unless you get Defense Department approval first. See ITAR [wikipedia] for more information.
Pretty much any kind of security. Keeping the blueprints secret means keeping the capabilities (range, speed, altitude) secret as well as keeping the nature of any active or passive defenses secret.
Now I know the Slashdot hivemind will respond with their usual rote mantra - "but security through obscurity is bad"... But on this, they are completely wrong. (Mostly because their notions of security consist of repeating what they've read by various talking heads.) Security through obscurity, as one layer of an overall security plan, is extremely valuable because the black hats cannot prepare in advance to meet a countermeasure which they are unaware of.
What's the problem?
*Industrial* hardware costs 10x what CheapoBrand desktops cost, why would military hardware cost the same as the next-lower-*category* of hardware?
Boeing 747s don't have to deal-with identifying oncoming aircraft within milliseconds, and launching strikes against 'em if they fail the FFI ( friend-foe-identifier ) challenge.
They don't have to be able to survive violently dodging attack.
They don't have to have 50 different kinds of communications so that NO MATTER WHAT information can get through, without being listened-in-on.
I don't understand how any geek, who knows the diff between server hardware & "consumer" grade hardware, could be shocked by the SAME difference in price being associated with the SAME increase in reliability/availability/servicability/capability.
Almost 200 comments, and not a single ROFLcopter...
You guys are slipping...
The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
Security through obscurity is bad because it is unreliable. While it's true that "black hats cannot prepare in advance to meet a countermeasure which they are unaware of", it is also true that you cannot be certain that they are unaware of it, so relying on it is just plain stupid.
Higher Logics: where programming meets science.
For trying to enforce safe computing practices that you agreed to uphold by being a user on their network? Ya riiiight.
Come work for us, and see how long you last. I give you 15 minutes max before you are escorted out.
---- Booth was a patriot ----
Who Cares ????...... i don't...
Why do "conservatives" hate America?
...putting these plans on a non-secure computer, that alone can get you some heavy legal problems, and possibly jail time.
Except that Windows has such a cult following that it's likely the authorities will turn a blind eye to the incident. Take the case where Windows somehow got onto base computers in Afghanistan and were subsequently owned by malware letting still more outsiders into the network. No one's been prosecuted publicly despite there certainly being a paper trail leading to the culprits.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
right after John McCain raised questions about the exorbitant pricetag of the President's proposed new helicopter fleet in the midst of a deep recession and right after a pork-laden spending bill was rammed through Congress with all critical thought itself being criticized. I just find the timing highly suspect, and I'm not a big believer in coincidences of this nature. "Accidental security leak" my ass!
Just how does this make a real difference to the president's security? Who can get close enough to any presidential vehicle, residence, etc to make use of this?
The capabilities of the aircraft which * One (Marine One, Air Force One, etc.) are based upon are pretty well known by anyone with an interest in them. Range, speed & altitude capabilities aren't changed significantly for these modified versions, aside from adding midair refueling to the 747-200 (which is widely distributed information).
It's a custom helicopter (just like air force 1 is a custom plane). You could for example get some sort of unique radar response from the plane, telling you the location of the helicopter, or worse, giving you something to program a sidewinder with.
Same goes for air force 1. If you had the specs of it's fof tranceiver you could wait until it's crossing the atlantic, then launch a rocket towards it which they have no chance to evade.
Basically it would reduce the problem of killing the president of the USA from successfully attacking a wide range of security forces, just to make sure you cover all angles, to the problem of making 1 tiny pinpoint strike. With the blueprints or a location indicator you'd could execute a pinpoint strike that would take involve almost no risk for the perpetrators and would sure as hell kill the prsident.
No security measure is 100% reliable - not using a security tool because it isn't completely reliable is stupid.
They might be, they might not be. Which is why you set up your security measures as if they aren't known, you set up your operational procedures as if they are known - thus giving yourself a reserve.
Right.
well exactly. If a non-expert can bring down your helicopter using nothing more than information gleaned from a wiring-diagam of it, then you've got more serious issues to worry about.
Like for example, the blueprints of the base-model helicopter being public anyway (covering all the systems which keep it in the air, as opposed to the assorted crap installed as special-equipment that tends to have no effect on flyability other than being heavy and consuming power)
A fair question. I used to work on Air Force avionics, but everything I touched (autopilot and instruments, basically) was decades-old technology that was designed to be simple, consistent, and reliable. In a word: boring.
However, there are parts of modern avionics packages that are indeed quite classified. The military doesn't like to have the specs for systems like FLIR (infrared sensors) or ECW (electronic countermeasures and weapons) out in the open because knowledge of those systems' limitations or abilities could prove useful to adversaries. For example, if an enemy were launching an operation against a specific model of aircraft, they might like to know where to concentrate their firing in order to disable as many critical systems as possible in the least amount of time.
Even knowing which parts of the aircraft are classified and which aren't could be valuable information to someone looking to gain knowledge for nefarious purposes. You have to remember that much of the military's equipment and procedures today were designed in response to the cold war, where espionage and information gathering were pretty much the biggest threat.
Windows is a gaming OS for x86 hardware. It's target audience are gamers.
We shouldn't be using a gaming OS for serious work, should we?
Shhhh! The bad guys read Slashdot too. Don't let them realize the truth!
Oh, here they are. On the terrorists computers.
Thank you, for sharing this!
IMO, I'm a bit shocked all the blueprints (if they are the real ones) are on one person's workstation that had such easy acess to the net. I would think there is a lot more at risk in this job that one would take precautions.
What I don't understand is why many workplaces -even- bother to have 99% of workstations & servers connected to the Net in some capacity. I'm a corporate n00b (just graduated) but I've worked in many large companies where everyone from the President, HR Marketing, Sales, etc's -desktop 'workstations' are connected to the Net. I'm still a bit shocked by this. I wouldn't trust any firewall, security software .... etc. if the company's earnings, employee's jobs/salaries are at risk. Its not so much that you shouldn't trust your employees. Its that you don't know everyone on the net isn't going to try to break into your system.
I run any questionable software like p2p under a secondary user and leave it running in the background as that user. Never touches my stuff unless there is a successful attack against the OS in the software or I fudge up my own user's permissions.
There needs to be more use of JAILs like FreeBSD and Apple have (not that it solves all the problems either. forget suexec etc. BTW, virtual machines for security means your OS is not good enough.)
Sure, its not super secure but then I don't have their needs and I want to be able to run some applications that use the internet...
I chalk this up to the network admin's fault. Fire them! You shouldn't need a specialist in networking unless you want to prevent this sort of thing-- its part of their JOB DESCRIPTION. (Sorry, but networking shouldn't be so complex that a full time position is required unless you have special needs.)
Democracy Now! - uncensored, anti-establishment news
I find your lack of faith disturbing...
Don't blame me, I voted for Baltar.
it's a basic I.D.10-T error.
Me: We do not use the expression ID10T, we use PEBKAC.
Judge: ID10T?
You: It means "Idiot."
Me: We do not use the expression. Everything is idiotic. We use PEBKAC—Problem Exists Between Keyboard And Chair.
You: Well, it seems that I am a little out of date.
Can I get a discount for the vacation?
"Does the helicopter have a long trench leading up to a ventilation shaft?"
No, but it does have a small door where you can bump your head.
Security through obscurity!
Where'd I go wrong??
Understanding the scope of the problem is the first step on the path to true panic.
Is Marine One like Air Force One in that it's not a specific helicopter, but just whichever helicopter the President happens to be in?
-Rich
General Ackbar says: "It's a trap!"
The media is up to its usual fear inciting tactic to lay a foundation for more war and that is IF the tone of reporting was to suggest that anti-american countries were out to get them whereas it's the idiot who installed the P2P software who should be charged! Besides, I have lost faith in the American media that claims to be free and fair. There's too much sensationalism going on.
Pretending that the place, or name of the place where prisoners are held, can simply be changed at that that's somehow a change in the policy is absurd.
Did you read the article? He signed three executive orders. One closed Gitmo. The second formed a "Special Task Force" to come up with a way to deal with captured people who are suspected of being terrorists. Hopefully one that won't take a sweet dump all over the Geneva Conventions that we came up with after the atrocities of WWII. The third makes it clear to all branches of the government, including the CIA, that America respects said Geneva conventions, in accordance with the rules that were in place before they were dismantled by the Bush Administration. It specifically states that all the judgements from the Bush Administration should be ignored.
"...Executive Order revokes Executive Order 13440 that interpreted Common Article 3 of the Geneva Conventions. It requires that all interrogations of detainees in armed conflict, by any government agency, follow the Army Field Manual interrogation guidelines. The Order also prohibits reliance on any Department of Justice or other legal advice concerning interrogation that was issued between September 11, 2001 and January 20, 2009.
The Order requires all departments and agencies to provide the ICRC access to detainees in a manner consistent with Department of Defense regulations and practice. It also orders the CIA to close all existing detention facilities and prohibits it from operating detention facilities in the future..."
Just like when Bush was C-in-C, Obama still doesn't have any new law from Congress that specifically spells out what to do with a non-uniformed person who is caught overseas attacking US soldiers and other interests, or assisting and financing those that do.
Read above.
The very same European countries than wanted nothing to do with helping to deal with these guys when Bush was in office are just as not interested in being stuck with them now that Obama's in charge. The same countries that, if these guys were to be returned to them, that would end up seeing them immediately killed ... no change.
The issue has more to do with the political liability of holding a suspected terrorist, especially for countries like Britain and France, who have large muslim populations. Europe does not kill it's prisoners, that is against their values. America, China, Saudi Arabia, Russia, and Iran are some of the only countries that engage in capital punishment.
So, you're sounding very pleased that we're going to swap out GitMo for some other physical address, as it that makes any difference whatsoever.
I'm very, very pleased that at least on paper it's now illegal to torture someone in American custody. Just because you're too lazy, disaffected, or dumb to read a few paragraphs doesn't mean the world isn't changing. It just means you aren't.
1. How is someone technologically savvy enough to need the blueprints to Marine One and yet not enough so to let this happen? 2. Why wasn't the file at least encrypted?
"They" can scratch and scrape for information all they want. Doesn't matter in the end; the US can still obliterate any adversary.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Exactly! I was told on cryptography class, that having blueprints does not help the attacker at all!
I work for a defence contractor and would assume that this info is probably classed as a secret rather than restricted. If so then why the hell was this on an internet connected network? If its only classed as restricted then while it might 'seem' to be of importance its probably not that critical...
IE its all very well knowing that Marine one has X fitted; the real skill is how the hell you counter X.
--- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
A Sidewinder is an IR-seeking (i.e. heat sinking) missile. Also, good luck getting a fighter aircraft that can mount one into range.
May I introduce you to shoulder-fired missile systems ...
Don't blame me -- I voted for Roslin.
By this logic, we should let our wartime enemies know all the details of our troop sizes, locations and movements.
I'm pretty sure you've got Sun Tzu rolling in his grave. The first line of "The Art of War" is "all warfare is deception." Nothing could be more true.
Sidewinder missiles are 9ft 4in long and weigh 190LB, I don't think shoulder mounted deployment is an appropriate solution.
Security by obscurity. The dumbest kind :)
Corrupt killer for money? Oh, that's so dreadful.
I'd much rather be killed in the name of some fanatical religious ideology -- or even just plain xenophobic hatred -- than to perish in some tawdry pecuniary scheme. Wouldn't you?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
If you followed the church of L. Ron Hubbard, you'd know that. And have a black guy in a van waiting for you.
So, ms' os has some 92% of the market, and when the offending OS is not declared, and people naturally assume the P2P software was windows based, people here have the temerity to expect us to believe that that other 8% is EQUALLY a risk? Sigh.
But, aside from that, how do we even know that the leaked/lost blueprints are real. This could be the US seed to tighten up networks, ban military personnel from using social networks (the way the UK recently declared), and maybe even to justify DOD contractors drumming up whole new info and handling protocols to justify jacking up costs. Of course, SOMEone or some company will burn, given that all this is in the open, but i am willing to entertain the possibility that compromise response measures have been in play.
Further, it is possibe that this leak was intentional not for the above reasons, but to find out WHO is interested in exploiting the "juicy information" that was "leaked". The compromise and circulation of individually coded documents can indiciate where leaks/moles exist, who is brokering/circulating the informaiton, and who is buying the information, and who is able to actually BE the threat. Probably more than just Iranians have this info. Slashdotters pretending to want the torrent might have some. Chinese might have some. Japanese, Koreans, British, French, and Russians may, too. If the compromise had never been pubicized, most of us here would be (likely) talking about something else.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
The newer AIM-120's can be truck mounted. Not trivial, but it works.
Every now and then, I wind up with something good.
Xaotik Designs
By this logic, we should let our wartime enemies know all the details of our troop sizes, locations and movements.
No, the time sensitivity gives that information different properties than blueprints. Troop movements constantly change, while blueprints are fixed. You should not be relying on the secrecy of the latter for that reason.
Higher Logics: where programming meets science.
What sort of security depends on the secrecy of a helicopter's blueprints? Honestly.
Answer: Security through obscurity.
Sidewinders don't have radar.
</pedantic>
And now you will witness the power of this fully operational helicopter!
Modding me -1 troll doesn't make me wrong.
The problem you really seem to have is that somehow you believe you whole country comes to a stop when a president dies. They are just another elected official, they whole idea of commander in chief is crazy. The whole power base should be distributed with clear areas of responsibility and liability, less focus on the president and much more focus on all the other positions, positions which in reality should be by individuals who have been elected to a position of trust by the people.
The whole idea of random political appointments with only limited oversight is not really all that healthy and is readily abuses. At the very least all major positions within the administration should be filled by sitting members from the house of representatives, you are already paying them enough, why employ additional political hanger ons.
All decisions by the administration should be subject to to continual review by the supposedly 'representative' houses and in reality should reflect the views of many people rather than just one. You are no electing a King or Queen and in many countries the 'president' is just a figure head whose power is basically limited to ensuring that the rest of governments sticks to the legislated rules.
So lose a president should basically be just a 'whoops', replace them with another and the system keeps ticking along fine, where one person can have such a profound influence over everybody else's lives even for just eight years is really wrong and people will suffer for it, as the recent past has clearly demonstrated.
Chaos - everything, everywhere, everywhen
This kind of thing happens in DOD itself by soldiers. A few years back, in a certain east european base, the commo department for a special ops unit had a system with 5 different p2p programs installed, all of them sharing out their entire hard drive containing information about special ops teams in the field, communications crypto, etc. Eventually the computer got rooted and attacked the whole network causing a 24 hour DOS for the whole base. Of course nothing was done to the solders other than they lost their computer for a little while.
This story was released one month early.
You are no[t] electing a King or Queen and in many countries the 'president' is just a figure head
It may be so in "many countries" - however in the USA the President has powers comparable to a King or Queen, and he is elected as such.
Parent is only intelligence in this entire article.
Existing Marine One(s) are ancient designs with upgrades for communications and anti-missile defense; it's unlikely any "blueprints" would provide any details about the ECM or Comms operation outside of where they might mount, and outside of that the specifics of that helicopter are well known.
The new Marine One design is in trouble (financially, politically, etc) in these times and anything that discredits the security of the existing design can only help the new one.
I'm surprised they didn't have the cajones to use the Osprey. I mean, they wanted it bad enough aren't they willing to ride in it, too?
That's still no reason not to maintain secrecy if possible. Any security solution should be multi-faceted and obscurity can be one of those facets.
You detect and identify the target first, then fire the missile.
If you already have the capability to get into a place to fire upon Marine 1, you don't need the tech to distinguish between different models of Blackhawks or Sea Kings
A large helicopter is not going to have a "reserve" that lets it fly to 30,000 feet and reach 250 MPH.
A 747-200, no matter how much you modify it, will not ever be capable of supersonic flight, nor a significantly higher ceiling than its civilian counterpart.
Or the Secret Service planted fake plans to mislead an adversary. We'll probably never know.
"Some sort of unique response"? Is there a magic "president aboard" radar beacon? That sounds like an excellent security measure. Anyway "program a sidewinder"? They're HEAT SEEKING missiles. They just look for anything with a hot engine. Presumably including AF1 or M1. Having "detailed plans" won't make these more likely to find or hit their target. And as for "air force 1. If you had the specs of it's fof tranceiver you could wait until it's crossing the atlantic"... Rubbish. And the exact frequecies used and such would certainly not be in the blueprints, but determined at a later date, and probably changed frequently. Not that I think it would be useful to anyone. If you can hit a fast-moving aircraft in mid-Atlantic surrounded by a fighter escort, it's a lot simpler and more reliable to hit the pres when he's on the ground, just target the White House.
Don't worry, there's always Joe Biden. He's run enough for the main job...
Dark Reflection
So where is the DHS Security Level Red?
Not even Kartoff-Jerkoff on CNN with his pants down and punp'n his Peter on his webcam.
Where is Condi (thang) Rice spill'n vomit about those dang Ruskies in Iran?
So much for Security of Homeland.
There's a small thermal exhaust port, right below the main port.
First of all, I do not worship Obama. I voted for him, because the alternative was far worse. However, I do applaud his actions so far. I know that some rogue parts of the CIA will always be fucked up, but that's what America gets for having an unconstitutional secret society with a secret budget doing secret things. You said things like detainees had access to lawyers. I invite you to google "Gitmo detainee lawyer" and see if there are any new stories that dispute that. You said Pelosi was a chickenshit. I'd agree, but not more of a chickenshit than any other politician who wages war and has never been in one. Like the near entirety of the Bush cabinet. But let's get back to the real issue at hand: Geneva Conventions, Executive Orders, and what to do with a "terrorist," since "communist" and "nigger" are so out of style these days when denying a human being their basic rights.
You do not understand the Geneva Conventions because you have not read them, or because you have read them and you don't get it. The Geneva Convention is a Treaty signed by the United States. It applies to us at all times, even if we're fighting an enemy with no official state. If you don't believe me, then read it. It's near the beginning, I promise.
Also understand that as a treaty already signed into law, Congress doesn't have shit to do with anything. Under Article II of the Constitution, the President has the power to interpret treaties. Bush and Cheney instructed Yoo and some other cronies to give them the legal basis to torture terrorism suspects. The only way they could do this is to ignore the accepted meaning of the Geneva conventions and current military policy. They tried to invent another status because what they wanted to do was so plainly illegal, it was ludicrous to see it any other way.
Army Regulation 190-8 | OPNAVINST 3461.6 | AFJI 31-304 | MCO 3461.1 ...
"Military Police: Enemy Prisoners of War, Retained Personnel, Civilian Internees and Other Detainees", 1997
a. This regulation provides policy, procedures, and responsibilities for the administration, treatment, employment, and compensation of enemy prisoners of war (EPW), retained personnel (RP), civilian internees (CI) and other detainees (OD) in the custody of U.S. Armed Forces. This regulation also establishes procedures for transfer of custody from the United States to another detaining power.
b. This regulation implements international law, both customary and codified, relating to EPW, RP, CI, and ODs which includes those persons held during military operations other than war.
Emphasis mine. Let's get to the good parts.
1-5. General protection policy
a. U.S. policy, relative to the treatment of EPW, CI and RP in the custody of the U.S. Armed Forces, is as follows:
(1) All persons captured, detained, interned, or otherwise held in U.S. Armed Forces custody during the course of conflict will be given humanitarian care and treatment from the moment they fall into the hands of U.S. forces until final release or repatriation.
(2) All persons taken into custody by U.S. forces will be provided with the protections of the GPW until some other legal status is determined by competent authority.
(3) The punishment of EPW, CI and RP known to have, or suspected of having, committed serious offenses will be administered IAW due process of law and under legally constituted authority per the GPW, GC, the Uniform Code of Military Justice and the Manual for Courts Martial.
(4) The inhumane treatment of EPW, CI, RP is prohibited and is not justified by the stress of combat or with deep provocation. Inhumane treatment is a serious and punishable violation under international law and the Uniform Code of Military Justice (UCMJ).
b. All prisoners will receive humane treatment without regard to race, nationality, religion, political opinion, sex, or other criteria. The following acts are prohibited: murder, torture, corporal punishment, mutil
I agree. There are different types of secrecy/obscurity with useful properties. Time-limited secrets are useful because they convey the advantage of surprise. Unguessable data strings are used as unforgeable references, aka capabilities in security parlance, and they have strong mathematical properties which make them useful for this purpose. Asymmetric crypto uses a closely held, secret key to encrypt/decrypt sensitive data, and the keys have well-known mathematical properties which them infeasible to guess or derive from the cipher text.
These types of secrets can be useful, but I don't see how blueprints fall into any of these categories, and I'm hard-pressed to understand what type of security would be provided by keeping such a secret that isn't better provided some other way.
Higher Logics: where programming meets science.
Surely a helicopter's design is very much like that of cryptography. The algorithm/source-code/blueprints/manufacturing designs can be widely known, provided the secret key isn't. So maybe the helicopter's security will even be enhanced by the "many-eyes" effect.
The problem you really seem to have is that somehow you believe you whole country comes to a stop when a president dies. They are just another elected official, they whole idea of commander in chief is crazy. The whole power base should be distributed with clear areas of responsibility and liability, less focus on the president and much more focus on all the other positions, positions which in reality should be by individuals who have been elected to a position of trust by the people.
The whole idea of random political appointments with only limited oversight is not really all that healthy and is readily abuses. At the very least all major positions within the administration should be filled by sitting members from the house of representatives, you are already paying them enough, why employ additional political hanger ons.
All decisions by the administration should be subject to to continual review by the supposedly 'representative' houses and in reality should reflect the views of many people rather than just one. You are no electing a King or Queen and in many countries the 'president' is just a figure head whose power is basically limited to ensuring that the rest of governments sticks to the legislated rules.
So lose a president should basically be just a 'whoops', replace them with another and the system keeps ticking along fine, where one person can have such a profound influence over everybody else's lives even for just eight years is really wrong and people will suffer for it, as the recent past has clearly demonstrated.
Well, technically, congress is supposed to have the keys, not the president. He's just there to keep bad legislation from getting through, even if congress approves it. Really, it should be much more difficult for a president to not veto a bill than it is.
Disclaimer: The opinions and actions of the US Gov't are in no way representative of those held by this author or its ci
This seems like very convenient timing to me.
There's been PLENTY of time for the Marine One's blueprints to leak somewhere. Like, three decades. Funny that it came up right when everybody's starting to talk about the 11.2 billion dollar plan to replace the Marine One fleet.
Now they'll be able to say - justifiably, of course - that they have no option but to upgrade the fleet of aircraft! Sorry, taxpayers, but really - it's not like this is a couple trillion dollars or anything.
is what will happen when our medical records are put online. the same way corporate databases, social security information, and military information has been accidentally disseminated through either laptop theft/loss or in this case, inadvertent p2p exchanges.
Believe it or not they can have a variety of targeting parameters. They can track radar (the AIM-9C), they can do gps targeting too if necessary (so a lock on a cell phone, given a hostile program on said cell phone, would be possible).
Any rocket that can track radar can be set to track a fof tranceiver.
. If for example a windows SIPRnet, or JWICs system gets comprised with spyware.
And there you have it. Encrypting the traffic just means that the worms are also encrypted. The real question WTF is Windows doing on a military base at all?
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
In case of presidential death, I understand there is some redundancy: they have a hot-swappable vice president who would assume power.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Air force One isn't exactly a sitting duck, it is known to be equipped with counter-measures. The details are classified but it would be a safe guess to say it has chaff and flare launchers. Now, what do you think airborne lasers are being developed for? Defending air force one will be (is?) the first application
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
You are no[t] electing a King or Queen and in many countries the 'president' is just a figure head
It may be so in "many countries" - however in the USA the President has powers comparable to a King or Queen, and he is elected as such.
Most (all?) European kings/queens have pretty much zero power. Some technically have the power to interfere with legislation, but never do.
(Many European presidents also have pretty much zero power.)
if the story is true AND targeting such a vehicle should prove as easy as you say... then maybe it's more of a political angle then a simple file sharing problem. I mean, if you disliked the president and you wanted to pursue more of the Bush administration (use of anti-terror to attack the Constitution and Bill of Rights, start new wars etc.) policies, then a perceived attack by terrorists on the President would accomplish both.
... the worm shouldn't be able to "phone home" with data - there is no route from one of these classified computers back to the internet.
As it should be. That's simply a part of layered security. The big question mark is WTF are systems that are, in practice, designed to spread worms doing on the private network in the first place? If the worm got in, then there also exists a way out, private network or not.
The GP is basically describing a system of boondoggless that might be used to link classified networks, but there shouldn't be any routes that lead to an unclassified network.
There fixed that for you. VPNs are fine. Some day someone might even find a legitimate use for one. However, VPN or not, the worm got in, so it follows that there is at least one route out as well.
It's not just a technical problem, but a staffing or management problem: someone selected and deployed systems that spread worms.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Because of the state of the economy, there is currently a controversy over spending $460 million on a new Marine One helicopter. Now that the blueprints for the currently Marine One are supposedly in the hands of our enemies, they can claim they *have to* get the new helicopters for "security" purposes. How convenient...
Popisms.com - Connecting pop culture
If open-sourcing software can make it more secure. Could open-sourcing these blueprints make the hardware more secure. Hell given its a big DoD contractor they could allow cash prizes to people finding security problems with the hardware. That way your pretty much guaranteed anyone who can have input on the design does have input. 2 heads are always better than 1.
Yeah, but still, $400M seems kind of steep. Wonder what it is like in constant dollars...
According to wikipedia an F-15E cost only $30M in 1998. I can't imagine that a helicoptier needs to cost the same as a squadron of F-15s. Even though they're becoming slightly dated the F15 is still superior to almost every other fighter on the planet - although the very best European and Russian designs are probably becoming close to on-par.
Just what capability will a new HELICOPTER give the president? These things are really just used to ferry people from point A to B. I could see a military attack helicopter being very expensive - those things actually serve combat missions that other aircraft can't. However, Marine One is just a transport. Sure, you can put some fancy anti-missile and communications gear in it, but the fact is that if it actually ends up being targetted in combat we're probably going to be flying flags at half mast.
I'm a big sportsfan. I did a P2P search for Football, and all I got were these damn launch codes.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
"They" can scratch and scrape for information all they want. Doesn't matter in the end; the US can still obliterate any adversary.
Damn straight, just like we did in Vietnam, or when we destroyed Al-Qaida and brought bin Laden to justice.
Oh wait.
What is most disturbing is the quick turn-around from Obama's much publicized economic after-school-program/summit in which the new helicopters are proposed to be cut.
A week later the blueprints for Marine-ONE are leaked
Well shucks, I guess we have to have that new helicopter now
So the only question is, did the White House order the leak or the contractor? Or did they just work it out between them?
I think they should be a little more transparent about these things.
Do Americans modding this as "insightful" automatically get flagged? :)
what happened to the basic principle that security through obscurity is not security ?
This story is fabricated by people who want to ban file sharing. It's just too good to be true. Like 9/11.
Except those systems are standardized, and the particular daily details controlled by a constantly-changing and manually-loaded cryptosystem key. Not that Identifying a jet as a friendly or foe is much help: you can still lock a weapon system onto a target identified as "friendly", and ignore targets listed as "unfriendly".
Then, assuming you have locked (or even CAN lock. . .) and launched a weapon, you have to run the gamut of the onboard Electronic Countermeasures. Whose methods are programmable, changeable, and regularly updated to the most current threat data we have.
In other words: you, sir, are blowing smoke here. ECM/ECCM/Radar/IR Defense is a well-developed field of study, and your comments show little knowledge of it.
It's a custom helicopter (just like air force 1 is a custom plane). You could for example get some sort of unique radar response from the plane, telling you the location of the helicopter, or worse, giving you something to program a sidewinder with.
The airframe is based on a standard Sikorski design. The engines, communications gears, active defense systems and what-not are unique. The parts that reflect radiation aren't.
Just to preface, I'm pointing out reality, not trolling here.
The Slashdot hive mind is a bunch of IT wonks. Most are not engineers, fewer are aerospace engineers, and still fewer are military aircraft aerospace engineers. Nobody should take the average slashdotter seriously when it comes to topics like this.
The "security through obscurity is bad" mantra is valid in their world of computers, which they then attempt to apply to everything. Not everything in the world is open source, and there are reasons for some things that are not. There ARE capabilities of military aircraft that are meant to be secret, but since people can SEE the aircraft, much effort has to go into obscuring what those capabilities really are. This is most true with the top speeds of jet aircraft. For fighter aircraft, it was possible to fairly accurately determine the top speed based on an approximate weight, lifting surface area and airfoils, and the geometry of the engines. To this day, I know engineers with PhDs with specialties in engine design that can accurately determine the thrust of a jet engine just by looking at one.
There's only so much "magic" that can be done with an aircraft to hide its true abilities. That which can be done is often very elegant, yet very complicated to achieve. The entire point is obscuration. Its creating a black box so an observer cannot figure out how the aircraft does something. Security through obscurity. That's the only option.
This post is profoundly stupid. The president can is like the CEO of a corporation: he manages all the bureaucracies in the federal government. He's also the Commander in Chief of all branches of the military. We've all seen what can happen when the president gets assassinated and his job gets transfered into less competent hands (Kennedy->Johnson). The loss of a president can have a profound impact on the nation.
Your proposal to mingle the executive branch with the legislative branch is flawed in that you'd be investing way too much power in the president and his administration (something it seems you'd be keen to avoid).
in the absence of a real war, and trying to make a good profit out of your business. I think diversifying into infrastructure is an equally attractive prospect - building nationwide infrastructure needs a lot of really solid metal and a good lot of rock blasting and things like that.
After all you have to invent new wars and identify new villains daily, keep the President in the dark and then piss in the corner and say hey Prez, there's piss in the room, now buy this cool new cleaner from us or else it's gonna stink like hell.
You know what, bosses, you don't have to piss when selling infrastructure goods. And if you just ask, they'll give you more projects. so whay not take a jack and put some changes here and there and ship useful things rather than go around the world getting a bad name. Obama'll be gone in 2012. And then you'll have to face the world's anger and your own people who dont like it any more. someone is bound to break / soften. That will be problematic.
Absolutely likely. I've worked for small "beltway bandit" companies, and their security is always lax.
Today, I work for a Fortune 100 defense contractor, and we couldn't do this if we tried.
1. The classified networks are completely disconnected from the internet. If you need to bridge a network between multiple locations (what one of the other posters was talking about), you encrypt the traffic using an NES and send it over an unclassified link. The source and destination of that encrypted data path is a closed network.
2. Yes, you can copy data from the classified network to the unclssified network, but it requires a long procedure with tons of paperwork. Basically, if you can do this without raising any red flags, the data is probably clean.
3. Even if your stupid-ass manages to copy classified data to the unclassified network, users don't have admin rights, and can't install anything not on the approved software list.
THIS is why Windows can be on a classified network. Properly-configured and managed, it is as-secure as Linux.
Man is the animal that laughs.
And occasionally whores for Karma.
Or Blackberry...
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
At least, that's what the liberal media wants us to believe.
Here's hoping that all of Obama's policies fail so that we can get America back to what it is supposed to be. (I can't believe he's actually trying to turn this recession into a depression, but he's doing it.)
The only way data is leaving off that private network is...
And thus there is no way for the worms to get in. Oh, wait. The base was full of worms.
If they can get in, they can get out. An encrypted network is a nice extra, if it is set up correctly and separately. And it can be a useful component in layered security. But it's still just sending around encrypted Windows worms.
I'm not a fan of certification. However, military suppliers are. And here we have at least one wormless system available.
How the worms got onto the military base are only part of the question and only a symptom. They would only be harmless data without a system designed to run the code on sight. At the bottom of it all, someone or group allowed Windows machines to be deployed on the base. There's almost certainly a paper trail that can be followed. When the culprits are found, double-tap to be sure.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
There was the time, quite recently, that the Belgian king got to wield a little power in order to keep his country together. He actually refused the resignation of a prime minister ^^
xkcd is not in the sudoers file. This incident will be reported.
The value of the person filling the role of president does not end with their job description. As you said, they are a "figurehead". Hell, you could even equate them to a country's mascot. But much like a team mascot dying, losing a president deals a great blow to the moral of the populace. Hence, it is not just a "whoops" and replace him.
to the entire country.
Leaders aren't just like servers that get swapped in when one goes down.
Consider JFK's assassination as our most recent full example. Not only did it take out the hope of almost an entire generation - it ended entire directions, policies, and initiatives that, if continued, would have left this country and this world a different place.
Taking out the leader of *anything* is always a big deal to that group, no matter how many people may be able take that leader's place.
It's possible, but unbelievably stupid - and unlikely for someone who knows enough to use p2p in the frickin' first place.
- WHY would such a person, who seemingly likes their job, do this on a work computer *and/or* leave this work file on the same computer?
- why doesn't the article mention that this information is NOT classified?
My tinfoil hat tingles, as I realize Obama recently turned down funding for a new helicopter.
I think this is a way to have a rationale for a defense contractor to push for funding for a new helicopter, and/or a way for this "Internet security company" to make a name for itself with FUD.
According to the article, the company that unearthed this p2p plot, Tiversa, is connected to the Pentagon via Gen. Wesley Clark as the company's "adviser". Doesn't that make my tinfoil hat tingle.
The Invisible Hand of the Free Market is what punches workers in the nuts.
Consider what JFK's assassination did - not only did it nearly wipe out the hope of an entire generation, it changed of the policies, initiatives and strategies of America, and created a different future for America and the world. People aren't simply swappable, especially at the top. Everyone does things differently; and groups of humans do not respond predictably, orderly or many times even decently to drastic change.
The Invisible Hand of the Free Market is what punches workers in the nuts.
Come on the source is MSNBC and speaks of an unespecific "file-sharing" program. That news is a terror seed against file-sharing, so you can realize that not only a 5 year old is downloading songs, also the terrorists are using those EVIL P2P networks. In my opinion not worthy of slashdot
Post an article on slashdot about sensitive data being lost, and then see how many members of the military, DoD civilian employees, and DoD contractors pop up to tell about the various security procedures and technical safeguards for such information.
Whether that kind of security information is classified or not, you're not supposed to do your best to make it easy for the bad guys to find out. At least make them ask you in person. Or make them draw suspicion as they're asking around about it. Think of it this way, you wouldn't give out your password, but you also wouldn't announce on the internet that "no one can get my password because I keep it securely locked in my bedroom third drawer on the left at 1313 Quick Street".
A lot of people came out to show how much they think they know. Quite the social engineering coup.
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
Sidewinders are heat seeking. Dont see how a radar cross section of the target would help...
An Unfortunate Sequence
Unfortunately if we lose Obama, we get Biden for president. If Biden goes missing we get Pelosi as a replacement. If Pelosi goes missing we get Robert Byrd. And if Byrd goes missing, we get Hillary....
Google "AIM-9C" ...
If this asshole did this with what I would have to guess was secure information....putting these plans on a non-secure computer, that alone can get you some heavy legal problems, and possibly jail time.
Except that these incidents happen happens all the time, without jail time. No one's been prosecuted publicly for deploying known insecure systems like Windows, despite there certainly being a paper trail leading to the culprits. Take the case where Windows somehow got onto base computers in Afghanistan and were subsequently owned by malware letting still more outsiders into the network. Windows has such a cult following that it's likely the authorities will continue to turn a blind eye to the incident and make up excuses for not deploying systems capable of filling mission-critical roles.
Another prime example is that the world's seventh largest economy was shut down for five hours because some individuals decided to override technical decisions with an ideology. There are more such incidents monthly than you can shake a stick at. In a lot of regions, a threat to national economy or security is rated by the cost of the damage. Yet, for anything related to Windows, these metrics appear not to be applied.
In any other field, heads would roll.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Maybe an obvious question, but why wasn't the file (folder) at least encrypted?
Tech heads, of course, are going to miss the real deal here. Blaming IRAN for the breach? Come on... Flash forward several weeks/months/years. Obama's helicopter goes down due to some avionics jamming/infiltration/remote override. The old guard now has the very public connection to make to finally take Iran out. This is a setup. Whether or not they can execute the maneuver remains to be seen. But if they do, reference this reply--yes, this very one you are at this moment dismissing as paranoid delusion.
Hum . . . I wonder if this has anything to do with President telling the Pentagon not to buy 26 new helicopters. Marine One is actually a fleet stationed globally to support the Presidents movement.
Software is easy to patch.
Hardware....not so much.
Sure, you could probably find a security hole, and get the information about it out there.
But what if it requires 6 months to design a replacement part or system, lab test it, field test it, get it examined and passed for safety regulations, and then get a hold of the president and tell him his helicopter's been recalled, only to find out that it's currently flying him over a rebel base full of X-wings?
"City hall" in German is "Rathaus" Kinda explains a few things......
Well, if it can be truck-mounted, then we just get a truck out into the middle of the Atlantic, and wait until Air Force 1 flies overhead, then fire the missile.
The plan is perfect.
Oh....wait.....
Salim Killa Preza Yousa! You screw up plan again!
"City hall" in German is "Rathaus" Kinda explains a few things......