The author of the paper has no real knowledge. The Minuteman system, for example, has redundant cables running through pressurized pipes buried underground, as well as other detection and rerouting capabilities.
This paper shows a significant misunderstanding of the command and control structure and procedures at STRATCOM (formerly SAC), National Command Authority (NCA) and other key elements of the process. I am waiting for the author to explain how the attacker will obtain the encryption codes to MILSTAR, SLFCS or any of the other communication channels into a Minuteman Launch Control Facility or the equivalent communication channels going to bomber squadrons, submarines and other force components with nuclear capability. Then there are enable codes, launch codes and various other keys that would be needed. The article also fails to address safeguards in place. One needs to only examine the "incidents" that have occurred in real life, such as a exercise tape accidentally being loaded at SAC, prompting incoming ICBM warnings, to see that these procedures worked even 20 or 30 years ago, and they hve only been improved since then.
Having worked on the unauthorized launch studies for Peacekeeper (the decommissioned ICBM system often referred as MX), I can tell you the author did not have the data needed to be able to conduct this study, much less draw any valid conclusions
We use Waste on our PCs and Linux boxes. One group in our organization still uses VIA's version which has source code available if you look hard enough. Waste gives you chat, file-sharing and traffic leveling to defeat traffic analysis. It does require one fixed IP address.
Phantom matter can be observed but only for a limited time. A wormhole can only stay open stay open for 38 minutes, unless the O'Neill power booster is connected to the power supply to the gate.
Bill is looking for a Indian expert so he can learn to grow eight arms like the Hindu goddess Shiva. Eight arms would quaduple his ability to steal other company's ideas.
Personally I hope he screws up and grows an elephant head like Ganesh. Larry Ellison and Scott McNealy can throw peanuts at Bill during his keynote speeches at COMDEX.
The international athletic event that takes place where city officials are willing to provide the biggest bribes to the committee is now in London.
or
The international athletic event where people from all countries use performance-enhancing drugs is now in London (and no it's not the Tour de France).
My name is Joe Suse. As you are aware, Novell bought Suse several months ago. Novell owns the copyrights on Unix and is currently engaged in litigaton against SCO on this matter.
If you use SCO Unix, you may be guilty of infringing on Novell's intellectual property. The only way to avoid this is to use an alternative to SCO Unix. I suggest Linux.
As a former practicing cryptologist when I see "Ciphire Mail is the world's most powerful email security tool" on the Ciphire web site, it tells me that these people have no clue. How do they know it is the most powerful? Have they compared it with all of the other solutions? For example, I know of a company that produces tables of random numbers (not pseudo-random), but numbers generated by radioactive decay as measured with a Geiger counter. Two matching CDs are made, and a preselected table or tables of 512 bytes is XORed with the plaintext. A sufficient number of tables are used to ensure that the key length is equal to the plaintext length. I would ask the Ciphire cryptologist to explain how their cipher is stronger. Given adequate physical security control of the key CDs, this system is invulnerable. This system even uses two separate computers at each end with a non-bootable media holding the plaintext/ciphertext to ensure that a proper red/black interface is maintained.
This is but one of several systems I am aware of commerically that I have seen the cryptanalysis on. FOr Ciphire to assert they have the strongest system is either ego, ignorance or maliciousness.
This poster is totally incorrect. I have served as a computer forensic expert in both civil and criminal cases, and can tell you this poster does not understand the process. For example, the prosection and defense may find an impartial examiner or use two examiners and make two copies of the seized disk or disks. Forensic tools with copy capabilities such as EnCase will make a bit-for-bit copy (including non-allocated sectors, file slack space, etc) of the disks and perform an MD5 checksum over the contents.
I now perform my work on the copy. Any results I obtain can be demonstrated in court, as can the fact that the MD5 hash is the same and that my disk is still identical to the other party's copy.
If chain of evidence is maintained, I should get the disk as it was when it was seized. Once I have it and copy it, it is effectively tamperproof, because of two persons each having a copy, the MD5 hash, additional checksums built into EnCase copy structures AND the fact that we can always recompare our copy to the original to determine it is still bit for bit.
The scientific validity of computer forensic methods can be subjected to a Frye or Daubert hearing, where scientific experts can defend the method. EnCase has already been through these hearings and no credible argument has been advanced against its validity.
If you competent defense counsel or civil counsel, this should not be a concern.
Someone should start a reward fund that goes to anyone who can prove there is Microsoft money funding SCO's attacks on open source. I'm normally not a conspiracy theorist, but it is difficult to see why SCO is engaging in such bizarre (and expensive) behavior that really benefits no one except SCO executives and Microsoft's crummy server software.
Perhaps a little money might entice someone to expose the link. Or, I could just be paranoid!:)
As a consultant, I have to be very careful when choosing seminars/courses to attend. One, because they cost money, and two, because I don't get to bill that day(s), which even costs me more money.
I will never regret attending Tufte's course. I learned more about web design, the evils of Power Point (see his article in a recent Wired) and other topics related to display of information, than I ever imagined possible. His course isn't for academics. If you ever give briefings where you have to display pie charts or bar graphs, you could learn things from his course. Highly recommended.
I am setting up a market-based delphi poll to predict linux kernel releases. My partner, Admiral Poindexter, and I will be contacting a select number of you to participate in this endeavour. Please have $1000 ready to invest. BTW, if you have predictions on when the King of Jordan will be deposed or when the next terrorist strike will occur, we are interested in that as well. Thank you, and have a Total Information Awareness day.
This is another illustration of why Configuration Management should be beaten into the head of anyone taking Computer Science or Engineering. Many of the security problems I have to fix at customer sites are caused by systems having different versions, no one knowing what version is correct, not keeping backups, etc. This is not rocket science, folks. Buy a damn DVD-RW drive and back stuff up. Keep the checksums. Know what is the latest version.
Attention SCO - I Used The Letter I As A Variable
on
Latest SCO News
·
· Score: 1
in copyrighted code I produced in 1974. While examining the Linux kernel I found a clear copyright violation. Here is the excerpt from the Linux kernel code:
"i"
Please add me to your suit and send me my share. Thank you.
The last time a new $20 was issued, the Mexican counterfeiters had a high-quality bill within a week of the release. Anyone care to venture a guess as to how long it will take the Mexicans, Iranians and other folks to have the new bill in production?
Today's helpful hint: With the right halogen-based solution, you can strip the ink from crisp new one dollar bills and end up with genuine currency paper, complete with the colored threads.
Slashdot Mirror
The author of the paper has no real knowledge. The Minuteman system, for example, has redundant cables running through pressurized pipes buried underground, as well as other detection and rerouting capabilities.
This paper shows a significant misunderstanding of the command and control structure and procedures at STRATCOM (formerly SAC), National Command Authority (NCA) and other key elements of the process. I am waiting for the author to explain how the attacker will obtain the encryption codes to MILSTAR, SLFCS or any of the other communication channels into a Minuteman Launch Control Facility or the equivalent communication channels going to bomber squadrons, submarines and other force components with nuclear capability. Then there are enable codes, launch codes and various other keys that would be needed. The article also fails to address safeguards in place. One needs to only examine the "incidents" that have occurred in real life, such as a exercise tape accidentally being loaded at SAC, prompting incoming ICBM warnings, to see that these procedures worked even 20 or 30 years ago, and they hve only been improved since then.
Having worked on the unauthorized launch studies for Peacekeeper (the decommissioned ICBM system often referred as MX), I can tell you the author did not have the data needed to be able to conduct this study, much less draw any valid conclusions
We use Waste on our PCs and Linux boxes. One group in our organization still uses VIA's version which has source code available if you look hard enough. Waste gives you chat, file-sharing and traffic leveling to defeat traffic analysis. It does require one fixed IP address.
Microsoft starts new ad campaign about how great Vista is now and XP suddenly fails. Good one, Balmer.
Phantom matter can be observed but only for a limited time. A wormhole can only stay open stay open for 38 minutes, unless the O'Neill power booster is connected to the power supply to the gate.
Is anime heroin better than black tar heroin or china white heroin? I'm going to have to go to Tokyo and ask a heroine.
Bill is looking for a Indian expert so he can learn to grow eight arms like the Hindu goddess Shiva. Eight arms would quaduple his ability to steal other company's ideas.
Personally I hope he screws up and grows an elephant head like Ganesh. Larry Ellison and Scott McNealy can throw peanuts at Bill during his keynote speeches at COMDEX.
The international athletic event that takes place where city officials are willing to provide the biggest bribes to the committee is now in London.
or
The international athletic event where people from all countries use performance-enhancing drugs is now in London (and no it's not the Tour de France).
Hi,
My name is Joe Suse. As you are aware, Novell bought Suse several months ago. Novell owns the copyrights on Unix and is currently engaged in litigaton against SCO on this matter.
If you use SCO Unix, you may be guilty of infringing on Novell's intellectual property. The only way to avoid this is to use an alternative to SCO Unix. I suggest Linux.
Sincerely,
Joe Suse
As a former practicing cryptologist when I see "Ciphire Mail is the world's most powerful email security tool" on the Ciphire web site, it tells me that these people have no clue. How do they know it is the most powerful? Have they compared it with all of the other solutions? For example, I know of a company that produces tables of random numbers (not pseudo-random), but numbers generated by radioactive decay as measured with a Geiger counter. Two matching CDs are made, and a preselected table or tables of 512 bytes is XORed with the plaintext. A sufficient number of tables are used to ensure that the key length is equal to the plaintext length. I would ask the Ciphire cryptologist to explain how their cipher is stronger. Given adequate physical security control of the key CDs, this system is invulnerable. This system even uses two separate computers at each end with a non-bootable media holding the plaintext/ciphertext to ensure that a proper red/black interface is maintained.
This is but one of several systems I am aware of commerically that I have seen the cryptanalysis on. FOr Ciphire to assert they have the strongest system is either ego, ignorance or maliciousness.
Let the buyer beware.
This poster is totally incorrect. I have served as a computer forensic expert in both civil and criminal cases, and can tell you this poster does not understand the process. For example, the prosection and defense may find an impartial examiner or use two examiners and make two copies of the seized disk or disks. Forensic tools with copy capabilities such as EnCase will make a bit-for-bit copy (including non-allocated sectors, file slack space, etc) of the disks and perform an MD5 checksum over the contents.
I now perform my work on the copy. Any results I obtain can be demonstrated in court, as can the fact that the MD5 hash is the same and that my disk is still identical to the other party's copy.
If chain of evidence is maintained, I should get the disk as it was when it was seized. Once I have it and copy it, it is effectively tamperproof, because of two persons each having a copy, the MD5 hash, additional checksums built into EnCase copy structures AND the fact that we can always recompare our copy to the original to determine it is still bit for bit.
The scientific validity of computer forensic methods can be subjected to a Frye or Daubert hearing, where scientific experts can defend the method. EnCase has already been through these hearings and no credible argument has been advanced against its validity.
If you competent defense counsel or civil counsel, this should not be a concern.
It comes from the realization that by paying, you have encouraged the criminal to repeat this sort of behavior.
The best thing everyone can do is to totally ignore SCO's demands for money.
Dear PARC,
Thanks. We've gotten all we can out of mice, object-oriented languages, windows, laser printers and everything else we stole from you.
Sincerely,
Apple & Microsoft
http://www.sco.com
Someone should start a reward fund that goes to anyone who can prove there is Microsoft money funding SCO's attacks on open source. I'm normally not a conspiracy theorist, but it is difficult to see why SCO is engaging in such bizarre (and expensive) behavior that really benefits no one except SCO executives and Microsoft's crummy server software.
:)
Perhaps a little money might entice someone to expose the link. Or, I could just be paranoid!
SCO IPs are in the Mordor address space.
As a consultant, I have to be very careful when choosing seminars/courses to attend. One, because they cost money, and two, because I don't get to bill that day(s), which even costs me more money.
I will never regret attending Tufte's course. I learned more about web design, the evils of Power Point (see his article in a recent Wired) and other topics related to display of information, than I ever imagined possible. His course isn't for academics. If you ever give briefings where you have to display pie charts or bar graphs, you could learn things from his course. Highly recommended.
1) Buy our software,
2) Put in a firewall and configure it, and
3) If someone gets through and trashes your system, let us know about it so we can issue a patch.
I feel SO secure.
I could open a "tribal" body modification shop and make lots o cash.
I am setting up a market-based delphi poll to predict linux kernel releases. My partner, Admiral Poindexter, and I will be contacting a select number of you to participate in this endeavour. Please have $1000 ready to invest. BTW, if you have predictions on when the King of Jordan will be deposed or when the next terrorist strike will occur, we are interested in that as well. Thank you, and have a Total Information Awareness day.
This is another illustration of why Configuration Management should be beaten into the head of anyone taking Computer Science or Engineering. Many of the security problems I have to fix at customer sites are caused by systems having different versions, no one knowing what version is correct, not keeping backups, etc. This is not rocket science, folks. Buy a damn DVD-RW drive and back stuff up. Keep the checksums. Know what is the latest version.
End of sermon.
You owe $5.00 for every day you've had those CDs.
Kill SCO execs for fun and profit.
in copyrighted code I produced in 1974. While examining the Linux kernel I found a clear copyright violation. Here is the excerpt from the Linux kernel code:
"i"
Please add me to your suit and send me my share. Thank you.
The last time a new $20 was issued, the Mexican counterfeiters had a high-quality bill within a week of the release. Anyone care to venture a guess as to how long it will take the Mexicans, Iranians and other folks to have the new bill in production?
Today's helpful hint: With the right halogen-based solution, you can strip the ink from crisp new one dollar bills and end up with genuine currency paper, complete with the colored threads.