Slashdot Mirror
Air Force Firewall Now Designated a Weapons System (gazette.com)
An anonymous reader writes with a report from the Colorado Springs Gazette that the U.S. Air Force Space Command has declared its first cyber "weapons system" operational. The weapon, deemed fully operational this month, is basically a big firewall designed to protect the Air Force's internal 1 million-user network from hackers. It will be a hot topic at the Rocky Mountain Cyber Symposium, which is expected to draw hundreds of computer experts to The Broadmoor for a four-day confab starting Monday."
More from the article about why a firewall would be called a weapon: The biggest reason for the weaponization push is financial: When it comes to budget battles, weapons, even those with a keyboard and a mouse, get cash from Congress. "Designating something as a weapons system really does help us justify our funding," Col. Pamela Wooley, who commands the Alabama-based 26th Cyberspace Operations Group, which includes the new weapon.
Sadly no details in TFA about what this firewall does. Is it just a NAT box? Is it a full-fledged IDS with dashboards that can flash “TERRORIST HACKING ATTEMPT” in big red letters while everybody scrambles to cyber battle stations with klaxons going off?
*sigh* I remember when the word cyber was a verb that meant to have online sex on IRC. Hmm, actually, that gives me a strange new way to interpret stories about cyber stuff! Not unlike oblig xkcd (oblig for this comment anyway).
profit!
So maybe the poor should re-define themselves as "potential suicide-bombers" to be treated just as generous?
Why not label all IT as weapons for secured funding? Are the budget managers really so ignorant?
Unless it's going to generate a reverse reaction of equal strength, destroying the attackers, it's not a "weapon"
Heck a $5000 is more of a weapon by definition.
Unless this has some ridiculous hack-back-attack capabilities, complete with a nerdy looking airman typing as fast as humanly possible to "execute" the hack back attack, Congress may have to start looking a bit closer at these "weapons systems."
We need more toilet paper for the bathroom.
Here you go.
WTF? Why does this toilet paper have pictures of guns on it?
This is weaponized toilet paper. It helps with allocating funding...
You do know it is still the computer geeks' term for sexy time. It was an in joke to see if you could insert that into the popular lexicon. And now, it is cyber this and that. Without a trace of humour.
some contractor got rich off of this.
Plus, if we call it a weapon and we catch you with one, we'll just ignore all of your rights and treat you with "extreme prejudice". And no second amendment bullshit, the second amendment does not say that you have the right to own a firewall.
I'm an American. I love this country and the freedoms that we used to have.
weapon [wep-uh n]
noun
1. any instrument or device for use in attack or defense in combat, fighting, or war, as a sword, rifle, or cannon.
2. anything used against an opponent, adversary, or victim:
the deadly weapon of satire.
3. Zoology. any part or organ serving for attack or defense, as claws, horns, teeth, or stings.
It's no more surprising than storing weapons in an armory.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
When will the commanders just declare their dicks to be weapons, and demand cash from Congress in order to keep them in good working order and to use them as necessary on the battlefield?
Sleep your way to a whiter smile...date a dentist!
2. ???
3. Profit!!!
Note: ??? == Congressional Funding, for all values of ???
Why is Snark Required?
Do i need a weapon license now?
so people working on such 'weapons' are now legitimate military targets?
According to Wikipedia:
308,016 active personnel
180,084 civilian personnel
71,400 reserve personnel
106,700 air guard personnel
That is only 666,000 people.
"The weapon .. is basically a big firewall designed to protect the .. network from hackers."
A basic firewall blocks connecting based on a table of IP address and port combinations. If the 'firewall' can't identify malicious connections then it's next to useless. So called 'stateful inspection firewalls' utilize a man-in-the-middle hack, only work by installing a fake cert on the client browser, decrypts passing data and supposedly identifies malicious code. Which begs the question, if the MITM firewall can decryption your communications, what's stopping some malicious third part doing the same. So basically here we have someone diluting security in order to increase security. If the 'firewall' can't identify malicious code then it's next to useless. Most of todays rich web applications can't function without running embedded code. Clicking on a URL that downloads and runs someone else's code makes the firewall next to useless.
stateful inspection firewall
If it's classified as a weapon, it is covered by ITAR and can't be easily exported. So other nations can't install one of their own from a regulated vendor (country) and block attacks from Pentagon cyber warfare systems or probes by the NSA.
Have gnu, will travel.
I can't believe (well, yes, unfortunately I can) that these people are so brazen as to openly admit they will do anything to get our money. The military industrial complex has run completely amok. It's even infiltrating our civilian life - we have tanks and storm troopers patrolling the suburbs for chrisake. And here's the irony - I'll bet dollars to donuts that almost all of these government subsidized sucklings vote against anything and everything that has to do with welfare.
Fair warning/full disclosure: I"m an Airmen in the USAF.
A 'weapon system' is a special designation. Lots of things are weapon systems. A truck is a weapon system. Every weapon system gets a System Program Office (SPO) that is responsible for developing, managing, updating/upgrading/improving the weapon system. Weapon systems have full certification processes that the SPO oversees. Think change management on steroids.
Want to modify the weapon system? Better clear it with the SPO. If you don't, it just became de-certified and you can't deploy it. If it were a plane, that would mean its grounded.
Without knowing more details other than their is a weapon system that is a firewall, that would mean that the hardware and software gets certified before it is deployed (turned on/plugged in). Chances are there are standard configurations that are then mandated.
This also means that its going to be heavily vetted. Chances are its not a commercial-off-the-shelf device., but if it is they'd be taking it apart looking for backdoors and other exploits.
So personally I'm excited by this, but then I know what it means...
Never... you are an idiot.
5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
If anyone ever deserves contempt it's the people giving the drone pilots contemptible orders. The pilots don't set the missions or pick targets.
Do you also think pilots flying in a clear sky with no risk of anti-aircraft fire are also cowards?
That nonsense has been a "weapons system" since the fucking 60s, slashdot just goes clickbaitier.
How about global thermonuclear war?
bash>
So the misunderstanding, as so often happens, is because a word has a specific meaning within a certain community that differs from the meaning of that word in the general population?
After all, they can't call it FW-1 or , if you prefer, Firewall One.
Pain is merely failure leaving the body
It's still not a fucking weapons system.
Good luck btw getting the SPO to respond quickly enough to keep the damn thing patched and properly configured.
You could justify it in the same way that in many / most companies, senior management claims that higher pay and bonuses for directors motivates them to make more profit. Could you depend on a general who does not get at least, say, twenty times as much as the ordinary airman?
> I"m an Airmen in the USAF.
Do you clean floors?
Its a software weapon written and maintained by PFY nerds running around with pocket protectors, and when it goes beep, the nerds get busy and attack with high tech keyboards and mice.
General: I think the Queens bulldogs or Bagpipe MP3's would go a better job. More replays of Trumps thoughts. Can't we just redirect them to a cable companies complaint line.
Disclaimer: I am US military officer (not the same AC as above), not an expert on cybersecurity or the legal details of US foreign weapons sales. I agree that firewalls are not a weapon.
That being said, I suspect that, in addition to the funding aspect mentioned in the summary, this is a legal maneuver to protect the details of this particular firewall. Generally firewalls are fair game for export worldwide (as they should be in my opinion) under the terms of the Wassenaar Arrangement (see Category 5). However that means the USAF has very little legal recourse against anyone leaking the operational details of the firewall, including the source code and what system it is deployed on, to either the intelligence apparatus of foreign powers or to the general public. Classifying the firewall as a weapon brings it under the purview of the Arms Export Control Act of 1976, which has a lot more teeth to it and can carry some pretty severe penalties. By classifying it as a weapon, the USAF blocks their firewall, and only their firewall, from being sold to foreign powers, without limiting the ability of cybersecurity companies to sell firewalls to friendly foreign powers.
Weaponized APK
What were the first 25?
See subject & APK Hosts File Engine 9.0++ SR-4 32/64-bit http://start64.com/index.php?o...
-
FREE, not 'souled-out' to advertisers + adds speed, security & reliability.
Does far more w/ far less more efficiently vs. addons (clarityray blockable, redundant + RAM/CPU wasteful & 'souled-out' crippled by default) & local DNS servers @ home.
It fixes DNS' security issues & stops tracking @ webpage + DNS levels via 1 file you NATIVELY have!
(Firewalls do the rest on far less used IP address trackers/threats vs. host-domain names).
-
Obtains data vs. threats & adblocking via 10 reputable security community sites - easily edited by you.
-
SPEEDS YOU UP 2 ways:
Adblocking ALL ads + local RAM cached favorite sites @ TOP of hosts for faster resolution vs. remote DNS (aids reliability) vs. other "so-called security 'solutions'" SLOWING YOU!
-
All via what you already have vs. illogically "bolting on browser addons 'MOAR'" (clarityray detected/blockable + usermode slow & increased messagepassing, cpu + ram overheads)
-
MalwareBytes' hpHosts Admin (MalwareBytes employee verified it's source as safe http://forum.hosts-file.net/vi... ) hosts & recommends it -> http://hosts-file.net/?s=Downl...
&
MalwareBytes = BEST antivirus per a VERY recent testing of them all http://www.av-test.org/en/news...
&
It's safe proven by 57 antivirus programs in BOTH its 64-bit model https://www.virustotal.com/en/...
+
32-bit model https://www.virustotal.com/en/...
&
Installer-> http://f.virscan.org/APKHostsF...
-
* "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend".
APK
P.S.=> By "yours truly" - "The Lord of Hosts" so-to-speak:
"The image this title brings to mind is a mighty military commander who can at a mere word summon rank upon rank of protective power" -> https://answers.yahoo.com/ques... & THE WORD = hosts!
(Accept NO substitutes!)
...apk
E.G. #1 - Oliver Day (SYMANTEC/SECURITYFOCUS) CLEARLY disagree w/ you:
A RETURN TO THE KILLFILE:
http://www.securityfocus.com/c...
"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."
Speed, and security, is the gain... others like Mr. Day note it as well!
"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."
---
E.G.#2 - OReilly:
For security -> http://oreilly.com/pub/a/windo... & For speed -> http://www.oreillynet.com/pub/...
---
E.G.#3 - Steve Gibson:
Steve Gibson endorses hosts as good https://www.grc.com/sn/sn-045....
---
E.G.#4 - Aryeh Goretsky of ESET/NOD32:
It works Aryeh Goretsky NOD32/ESET hosts = good security-> http://it.slashdot.org/comment...
---
E.G.#5 - Brocke Wilders of WILDERS' SECURITY does too:
By creating an inferior clone of MY PROGRAM though -> http://www.wilderssecurity.com...
---
E.G.#6 - Mr. Steven Burn of Malwarebytes does also:
MalwareBytes' hpHosts' Admin hosts + RECOMMENDS my APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...
APK
P.S.=> Myself as well makes 7, so, SO much for your bs jealous little off topic troll... apk
APK Hosts File Engine 9.0++ SR-4 32/64-bit http://start64.com/index.php?o...
-
FREE, not 'souled-out' to advertisers, adds speed, security & reliability.
Does far more w/ far less more efficiently vs. addons (clarityray blockable, redundant + RAM/CPU wasteful & 'souled-out' crippled by default) & local DNS servers @ home.
Fixes DNS' security issues & stops tracking @ webpage + DNS levels via 1 file you NATIVELY have!
(Firewalls do rest on FAR less used IP address trackers/threats vs. host-domain names).
-
Obtains data vs. online threats & ads via 10 reputable security community sites - easily edited by you using my program.
-
SPEEDS YOU UP 2 ways:
Adblocking ALL ads + local RAM cached favorite sites @ TOP of hosts for faster resolution vs. remote DNS (for reliability + speed) vs. other "so-called security 'solutions'" SLOWING YOU!
-
All via what you already have vs. illogically "bolting on browser addons 'MOAR'" (clarityray detected/blockable + usermode slow & increased messagepassing, cpu + ram overheads)
-
MalwareBytes' hpHosts Admin (MalwareBytes employee verified it's source as safe http://forum.hosts-file.net/vi... ) hosts & recommends it -> http://hosts-file.net/?s=Downl...
&
MalwareBytes = BEST antivirus per a VERY recent testing of them all http://www.av-test.org/en/news...
&
It's safe proven by 57 antivirus programs in BOTH its 64-bit model https://www.virustotal.com/en/...
+
32-bit model https://www.virustotal.com/en/...
&
Installer-> http://f.virscan.org/APKHostsF...
-
* "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend".
APK
P.S.=> By "yours truly" - "The Lord of Hosts" so-to-speak:
"The image this title brings to mind is a mighty military commander who can at a mere word summon rank upon rank of protective power" -> https://answers.yahoo.com/ques... & THE WORD = hosts!
(Accept NO substitutes)
...apk
This is my computer. There are many like it, but this one is mine.
My computer is my best friend. It is my life. I must master it as I must master my life.
My computer, without me, is useless. Without my computer, I am useless. I must comment my code in detail. I must hack truer than my enemy who is trying to pwn me. I must pwn him before he pwns me. I will...
My computer and I know that what counts in war is not the darkness of the cubicle, the temperature of the coffee, nor the dust of the Doritos. We know that it is the lines of code we commit. We will commit...
My computer is human, even as I, because it is my life. Thus, I will learn it as a brother. I will learn its weaknesses, its strength, its parts, its accessories, its CPU and its memory. I will keep my computer patched and updated, even as I am patched and updated. We will become part of each other. We will...
Before God, I swear this creed. My computer and I are the defenders of my country. We are the masters of our enemy. We are the saviors of my life.
So be it, until victory is America's and there is no enemy, but peace!
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
I hope this is not a descriptive summary for this story.
"The Air Forces decided to put all their firewall eggs in one basket. It's SPO is very proud of it. They plan to call it Maginot"
I also hope this does not stop one from thinking the old fashioned way with layered defense in depth.
The Death Star is "fully operational"
I'll say what we're all thinking.
SKYNET
under that system, if the firewall was found to be defective (say a zero day was found) what is the time to go through all of the steps required to bring about a change? and would you then have to take down the firewall until it can get re-certified?
i'm curious, because while you can ground a plane, shutting down the firewall does not have the same effect, in fact it would be much better to keep the firewall operational until a suitable fix can be found. software changes happen more frequently than physical systems, can the weapons system process handle updates of the weekly or even daily type?
So to get decent funding, we just need to redesignate our physical borders as weapons!