[IP] more on The worst case of password abuse - ever.

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on The worst case of password abuse - ever.
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 3 Jun 2004 08:11:18 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Kurt Albershardt <kurt@xxxxxx>
Date: June 2, 2004 7:43:04 PM EDT
To: dave@xxxxxxxxxx
Subject: Re: [IP] The worst case of password abuse - ever.

From a friend who still does contract work for LANL and wishes toremain anonymous:

This has been known for years in the nuclear arms community. I don'tknow why they're making such a big deal out of it. Basically, thepassword was zeros because the system never got out of field prototypetesting and was never officially deployed. There is copiousdocumentation of this in the public record going back to the 1960s.Alas, the press consistently interpreted PAL as a live system, ratherthan the dead one it was. In reality, there was no way given thetechnology of the time (pre

robust encryption) of implementing PALs, despite what this author says.Any implementation would pose an unacceptable risk of launch failure ina crisis.

In the book "One Point Safe," the author (I forget who) makes thepoint repeatedly that the U.S. nuclear force depended solely on atrustworthy chain of command to control weapons release. Safeguardssuch as dual consent, "no lone" zones, and shoot-on-violation werecontrols that did actually work, so PAL wasn't necessary. Today wewould implement that system with SSH ;)
The real threat to weapons security was never inside jobs. Theexhaustive random selection and personell testing ensured thatsleepers can't be planted. The true threat was, and still is,brute-force takeovers of launch facilities. To this day you can stilltour many of these sites (as I have) without any credentials beyond asocial security card and driver's license. Terrorists could exploitthis exposure to take over a facility before any military authoritycould respond.
This issue was a major topic of party conversation at Los Alamos.

From: "Trei, Peter" <ptrei@xxxxxxxxxxxxxxx>
Date: Tue, 01 Jun 2004 10:58:50 -0400
Subj: The worst case of password abuse - ever.

[For IP, if you wish]

This is just Strangelovesque....

What was the password which controlled the firing of America's ICBMs
for years during the height of the Cold War?

                       00000000

That's right. For *all* of them. The Permissive Action Link codes for
all of Americas missiles provided less protection than on an average
suitcase.

[It's fair to note that there were a lot of other controls, such
as the dual key system. However, it appears that a pair of
rogue controllers could have unleashed Armmagedon - pt]

Peter Trei



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] 60Gb iPod on the way?
Next by Date: [IP] Illuminating the darkness
Previous by thread: [IP] 60Gb iPod on the way?
Next by thread: [IP] Illuminating the darkness
Index(es):
- Date
- Thread