|
|
|
SSChampion
Group: Administrators
Last Login: Yesterday @ 8:26 PM
Points: 23,166,
Visits: 6,925
|
|
|
|
|
|
Forum Newbie
Group: General Forum Members
Last Login: Tuesday, March 09, 2010 6:11 PM
Points: 4,
Visits: 95
|
|
Hello Steve,
Bruce Schnieder has an interesting discussion about the implications (or non-implications) of this in his January news letter http://lists.virus.org/crypto-gram-10/msg00000.html. Worth a read.
Regards
Michael
|
|
|
|
|
SSCertifiable
Group: General Forum Members
Last Login: Today @ 12:08 AM
Points: 5,997,
Visits: 2,420
|
|
Just before this story broke I watched a tv show depicting the very same thing. I thought it was quite the coincidence. The relationship between the two are two closely knit and thus I believe that somebody close to the Drone program probably knew about the issue and then leaked it to the TV networks in enough time for writers to create the story. I think it is extremely arrogant but not uncommon. If somebody knew about the issue and reported the issue, then it needs to be fixed - before it gets hacked. In this case, it has since been hacked and must be fixed. I believe the same principle also applies to DBAs and Developers in the private and public sectors.
Jason
I have given a name to my pain...
SQL RNNR
Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp
|
|
|
|
|
SSC-Enthusiastic
Group: General Forum Members
Last Login: Thursday, March 11, 2010 6:14 AM
Points: 115,
Visits: 456
|
|
| It's hilarious but it aint my tax money because I don't live in usa but in Sweden. One would however think that the manufacturer would take more pride in the products and would not compromise in security just to get a product out fast or what ever might have been the cause. One would also think the militry would have their own proper quality tests.
|
|
|
|
|
SSChasing Mays
Group: General Forum Members
Last Login: Friday, February 26, 2010 6:24 AM
Points: 631,
Visits: 169
|
|
Is this really a problem with security? Or is it working as intended?
The "big" story here is that someone unauthorised can (and does) use the feed from the camera of the drones and thus the logic goes, can avoid them.
Just slapping some encryption (best something proprietary that is weak) is easy. Figuring out who can then use the feeds is the actual logistic problem. In addition it creates a lot of bad will among allies who can currently use the feeds. Does the USA need even more bad will among its allies?
The "big" story in here is fearmongering. True, some bad guys can watch themselves watched - when was the last time an ATM was totally secure? They can't fire (yet) a rocket on a drone as this channel is encrypted. They can't control a drone. All they can do is watch themselves. So the bad guys won't do anything bad while the "policeman" stands at the corner of their block?
This is probably good. It puts pressure on the bad guys.
To me as ex-military this is a non-story just reported to create some hype and have a "big" story about inadequate military procedures. Actually the design is working as intended, just the bad guys have woken up and use it. Same happened with credit cards, same happened with spam, same happened with ATMs. Do we just slap more security on these too because the bad guys use them until the point where 99% of us are not allowed to use these anymore because our security clearance is too low?
|
|
|
|
|
SSC Journeyman
Group: Administrators
Last Login: Monday, March 15, 2010 2:40 AM
Points: 76,
Visits: 1,198
|
|
As posted above, read the Bruce Schnier article about it as he gives a clear view on what effects securing this channel may have to the men on the ground relying on the devices. As another poster put the story has definitely been spun to create a fear mongering element to it, I'm sure all of us here have seen 10k spent to protect 10 cents worth of data in the name of 'security'. No one will dare question it though in the current cover you rear climate brought about by fear mongering articles like the above because it just may happen.
I love those 'what if' meetings where it goes from the sublime to the ridiculous about what may happen (disaster recovery, security, pick your poison here)... I'm always waiting for chicken licken to burst through the door to tell us the sky is falling.
I think I just showed my age there.
|
|
|
|
|
SSChasing Mays
Group: General Forum Members
Last Login: Friday, February 26, 2010 6:24 AM
Points: 631,
Visits: 169
|
|
Bruce Schneier's blog post is good but he only addresses the technical implications and not the political fallout. In this regard the Wired Danger Room article and David Axe's comment are useful.
(Sorry, but due to being at work I can't provide the links right now. Somehow certain websites trigger a few alarm bells.  )
|
|
|
|
|
SSC-Enthusiastic
Group: General Forum Members
Last Login: 2 days ago @ 1:27 PM
Points: 178,
Visits: 578
|
|
Speaking as a former Air Force officer, your point is well taken, but unless you have lived a while in the co-joined reality and fantasy of the service, you don't understand how these things actually happen.
Encryption is a great idea of course, but in the military as we have seen in many recorded instances, encryption is not going to save us from pure, unadulterated stupidity. Cases in point:
When Ronald Reagan ordered a squadron of F-111's to bomb Libya, one of those planes flew off course and disappeared presumably into the sea. The F-111 (in those days) used 'slap-in' hard disks (similar to RAID drives). If some flight tech accidentally loaded the tracking data for say, Iowa - confusing that with Libya - the plane will do what it is told and... well, you know the rest of the story.
We recently had a bomber fly across country with nuclear weapons; something that is a complete and utter "no-no". Weapon loads are marked carefully with colors to indicate ordinance. How someone confused one color with another leaves one to presume that clearly, whoever was in charge that day was color blind.
Of course, we all know that in the first Gulf War, our first President Bush announced that the much-touted Patriot missile had a record of 42 launches, 41 kills. In fact, as the Israelis reported after that skirmish - we did not hit a single scud missile, and in fact, the Patriot was never designed for that task. Our record, in truth, was 42 launches, 0 hits.
Sure, all our high tech is a potentially wonderful thing. And yes, encryption is a great idea. But the cold hard reality of pure, and utter good old stupidity should remind us that no matter how "cool", "slick" or hi tech any weapons system is, its the human trying to use it that is the weakest link in the chain, and no amount of encryption, security, or procedures are worth squat when simple mistakes can make a mess of "smart systems".
There's no such thing as dumb questions, only poorly thought-out answers...
|
|
|
|
|
Grasshopper
Group: General Forum Members
Last Login: Yesterday @ 11:28 AM
Points: 14,
Visits: 289
|
|
It isn't just that the "Military" missed it. The defense contactor should know better. I have no experience with General Atomics Aeronautical Systems but have worked with Northrop Grumman. They seem security conscious, at least in securing networks and data.
M
|
|
|
|
|
Forum Newbie
Group: General Forum Members
Last Login: Monday, February 01, 2010 8:02 AM
Points: 1,
Visits: 19
|
|
| Had I as a Systems Engineer made a similar decision it is unlikely that I would be able to find future work in the industry. The people behind this decision should similarly all be held accountable.
|
|
|
|
