Why the military still needs Shadow...

Started by Zario, December 17, 2009, 06:30:59 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


Kothnok

On a related note, I interviewed for a company working with the military that was using .NET for it's software.  I had grave doubts about such a language being used by our soldiers out in the field because .NET is interpreted.  If anyone ever managed to get their hands on the physical hardware, they could simply inject their own code into the military one and make it do whatever they wanted fairly easily.  I asked my interviewer what steps were being taken to secure the code from being hacked or modified out in the field (which is where it would be used, not just by those in HQ). The answer I received was that it was protected by obfuscation of the source code.  Obfuscation is the weakest security defense around and I let my interviewer know that I was not pleased about it and would actively try to get the project to use something much more robust.  I did not get the job.

Basic security 101 seems to be sorely missing from quite a lot of applications these days - military, banking, retail, or otherwise. =/
No matter how often you refill the gene pool, there's always a shallow end.

JohnnieRat

It was essentially an oversight that people had on insurgent's capabilities in conducting electronic warfare. The problem was solved before the article was even posted. We knew about it a long time ago. We also occasionally deliberately leak things and allow the enemy to see decoy intel, this is nothing new.

By the time a Shadow or Predator feed is fed, it's too late for the people on the business end anyways.

Don't allow the media to feed you bullshit. Do think that the military would allow this information to be released without a specific reason?

Shadowwolf

JR is right and stuff like that gets fixed immediately, the military takes encryption and whatnot very seriously, but one thing off experience I can say is the Air Force is very naive when it comes to security. Theres a few incidents from my service time I saw with Air Force personnel and security issues which made me go..."Uh....".

In general though, this reporter on the article is missing the larger issue which is hes interviewing folks who make bold statements like

QuoteWho were the lame engineers who came up with a system that runs without encryption? Even the graduates of the local high school programming courses know better than to leave to chance an important security hole.

The person who made that statement needs to shut their mouth, step back and take a long look at the private world if IT too, because while this was an oversight thats been fixed, the world everyone else uses wireless tech in privately is far worse. So if this was so true, why are there so many issues with wireless, Bluetooth, RFID, etc still. Its another one of those lets take shots at the military blunders but not pay attention to similar and worse wireless security issues that affect everyday people.
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


Zario

thanks for the insight.  I'm certainly no lover of the media, especially working for a bank.  I have direct access w/some oversight of our ISOs, and it's been extremely interesting to watch them plug any gaps that are found.  

JR, I do think the misdirection with leaked info is pretty cool.  I think you should get one of these for your backyard
http://www.wired.com/dangerroom/2008/08/russias-inflata/

JohnnieRat

It's not like our drones are running off of a home wifi network with no password. Eventually, any code can be cracked. I'm also rather sure that however the wireless signal is encoded... it is classified... like EVERYTHING else of even remote importance.

And /agree on the Air Force thing. Remember when they accidentally flew a "lost" nuke in a plane across country and didn't even realize it like 3-4 years ago? It's part of the lack of discipline that stems from an organization that allows you to address your superiors by first name. I love what they do and LOVE having fast mover support at a moment's notice (My JTAC is the shit), just not a fan of lack of discipline.

TheGeneral451

i have a friend that contracts for the government and he does this very thing.  He works on security and cracking signals on wireless transfers of information, or whatever.  He can't talk about anything besides that he is in wireless security.  Any password can be cracked but any cracked password can be fixed.  But on a lighter note, this is the beginning of Skynet and soon Apo will be the next John Connors!