While the TSA fondly fondles all of us prior to getting on a commercial airplane flight, the security of a British Trident nuclear submarine is less than that of a posh nightclub! "It's harder to get into most nightclubs than it is to get into the Green Area. There's still the pin code system to get through the gate! Oh wait, No there's not, it's broke, and anyone standing there that has thrown their security pass in or *not*, will get buzzed through. If you have a Green area pass or any old green card you can just show it to them from about 3 metres away (if the boat's on the first berths; if not 1 metre) then get Buzzed Through!!" "Missile Compartment 4 deck turns into a gym. There are people sweating their asses of [sic] between the missiles, people rowing between a blanket of s**t because the sewage system is defective, sometimes the s**t sprays onto the fwd starboard missile tubes and there's also a lot of rubbish stored near the missile tubes." "There were a few incidents of people in the gym dropping weights near the nuclear weapon's firing units. I heard one person joke about how he accidentally throw a weight and it nearly hit a missiles firing unit." "I sent this report on the 05/05/15 to every major newspaper, freelance journalists, and whistle-blower I could find. It is now the 12/05/15. I've had one email reply;" http://www.theguardian.com/uk-news/2015/may/18/navy-whistleblower-on-run-alleged-trident-safety-failings ALSO: Navy whistleblower on the run after exposing alleged Trident safety failings MoD launches investigation into claims of Able Seaman William McNeilly, who says he will hand himself into police. Josh Halliday Monday 18 May 2015 09.18 BST Last modified on Monday 18 May 2015 12.15 BST A Royal Navy submariner who blew the whistle on a catalogue of alleged security failings around the Trident nuclear programme has said he will hand himself in to police. http://cryptome.org/2015/05/william-mcneilly.pdf Able Seaman William McNeilly, 25, a newly qualified engineer, claimed that Britain's nuclear deterrent was a “disaster waiting to happen'' in a report detailing 30 alleged safety and security breaches, including a collision between HMS Vanguard and a French submarine during which a senior officer thought: “We're all going to die.'' McNeilly wrote that a chronic manpower shortage meant that it was “a matter of time before we're infiltrated by a psychopath or a terrorist; with this amount of people getting pushed through.'' The police and Royal Navy launched a hunt for the whistleblower after he failed to report back for work last week at the Faslane submarine base on the Clyde. But on Monday morning McNeilly said he would hand himself over to the authorities despite facing a possible prosecution under the Official Secrets Act 1989. Speaking to the BBC, he said: “I'm not hiding from arrest; I will be back in the UK in the next few days and I will hand myself in to the police. Prison—such a nice reward for sacrificing everything to warn the public and government. Unfortunately that's the world we live in. I know it's a lot to sacrifice and it is a hard road to walk down, but other people need to start coming forward.'' In the 19-page report, titled The Secret Nuclear Threat, published online alongside a picture of his UK passport and Royal Navy identity card, McNeilly said he wanted “to break down the false images of a perfect system that most people envisage exists.'' He described bags going unchecked and said it was “harder getting into most nightclubs'' than into control rooms, with broken pin code systems and guards failing to check passes. “All it takes is someone to bring a bomb on board to commit the worst terrorist attack the UK and the world has ever seen,'' he wrote. McNeilly, who said he was on patrol with HMS Victorious from January to April, accused Royal Navy bosses of covering up a collision between HMS Vanguard and a French submarine in the Atlantic Ocean in February 2009. At the time Ministry of Defence officials played down the incident and said the Vanguard had suffered only `scrapes'. But McNeilly said a Royal Navy chief who was on board at the time told him afterwards: “We thought, this is it—we're all going to die.'' The more senior submariner allegedly told McNeilly that the French vessel “took a massive chunk out of the front of HMS Vanguard'' and grazed the side of the boat. Bottles of high-pressured air came loose in the collision, he claimed, meaning the Royal Navy submarine had to return slowly to Faslane to prevent them from exploding. He also raised concerns about a number of his fellow seamen, including one whose hobbies he claimed were killing small animals and watching extreme pornography. Another submariner, whom he named only as Pole, had threatened to kill two fellow navy personnel and was routinely aggressive, McNeilly claimed. He described how HMS Vanguard's missile compartment doubled up as a gym, leading to potentially disastrous mishaps when seamen dropped weights near the boat's missile firing system. McNeilly said he raised these and other concerns through the chain of command on multiple occasions, but that “not once did someone even attempt to make a change.'' [Long item truncated for RISKS. PGN]
The Federal Railroad Administration said it had ordered the railroad to make more use of technology that can automatically stop speeding trains. http://www.nytimes.com/2015/05/17/us/federal-railroad-administration-orders-amtrak-to-expand-automatic-braking.html
http://www.nytimes.com/2015/05/18/world/asia/fake-diplomas-real-cash-pakistani-company-axact-reaps-millions-columbiana-barkley.html Leveraging the use of unvetted sources for vetting. After all, if we can't trust LinkedIn what we can trust? And now that the topology of social relationships doesn't correspond to the topology of legal obligations the world is ripe for the picking.
[More on Frankston's item follows. PGN] Seen from the Internet, it is a vast education empire: hundreds of universities and high schools, with elegant names and smiling professors at sun-dappled American campuses. Their websites, glossy and assured, offer online degrees in dozens of disciplines, like nursing and civil engineering. There are glowing endorsements on the CNN iReport website, enthusiastic video testimonials, and State Department authentication certificates bearing the signature of Secretary of State John Kerry. http://www.nytimes.com/2015/05/18/world/asia/fake-diplomas-real-cash-pakistani-company-axact-reaps-millions-columbiana-barkley.html Below is a partial list of sites analyzed by The New York Times and determined most likely to be linked to Axact's operation in Karachi, Pakistan. http://www.nytimes.com/2015/05/17/world/asia/tracking-axacts-websites.html
The Pakistani company Axact threatened to sue a local blog, Pak Tea House, merely for rounding up Twitter reaction to an expose'. http://www.nytimes.com/2015/05/19/world/asia/axact-fake-diploma-company-threatens-pakistani-bloggers-who-laugh-at-its-expense.html
Text of Axact's Response to *The New York Times* http://www.nytimes.com/2015/05/19/world/asia/text-of-axact-response-to-the-new-york-times.html The Pakistani company Axact condemned a New York Times article that asserted the company had reaped millions by selling fake diplomas.
[Note: This item comes from Dave Farber's IP List. DLH] Melissa Silmore, Net Neutrality, May 2015 Issue http://www.carnegiemellontoday.com/issues/may-2015-issue/feature-stories/net-neutrality/ Douglas Sicker was relaxing at home in Boulder, Colo., late on a summer evening. It had been a busy day, and he was happy to settle down to watch some HBO, ready for a few laughs. The computer science professor had led a meeting of network engineers earlier in the day, followed by drinks with the group. Afterwards, while the out-of-towners returned to their hotels, he headed home. On his screen, a clean-cut British comedian sat smiling, hands clasped atop his desk, wearing a crisp blue shirt, burgundy tie, and sport coat. The segment began unassumingly but quickly gathered steam; a 13-minute hilarious and blistering rant, punctuated by photos, graphs, and laughter. On that first Sunday in June 2014, John Oliver, host of HBO's Last Week Tonight, managed the impossible. He transformed a technical, eye-glazing debate into a pop-culture topic. Net neutrality, Oliver began, “two words that promise—boredom,'' he said while a stupefyingly monotonous CSPAN hearing played above his head. “The cable companies have figured out the great truth of America. If you want to do something evil, put it inside something boring.'' “Net neutrality essentially means that all data has to be treated equally,'' Oliver went on, as the show played a news clip announcing that the Federal Communications Commission (FCC) was opening the door for a two-tiered system where giant internet service providers (ISPs), such as Comcast and Verizon, could charge to send content more quickly. It would allow “big companies to buy their way into the fast lane, leaving everyone else in the slow lane,'' he asserted. As Oliver continued his witty entreaty for net neutrality, Sicker's ears perked up. The FCC's Chief Technology Officer in 2010-11, and previously senior advisor on the FCC's 2010 National Broadband Plan, was more than mildly interested. Amid the one-liners, Oliver displayed a line graph of Netflix's download speeds falling during a very public spat with Comcast, then pointed out the rapid improvement when terms were settled. “That has all the ingredients of a mob shakedown,'' he declared. Ranting on about the cozy relationship the cable industry enjoys with government, Oliver homed in on President Barack Obama's appointment of FCC Chair Tom Wheeler. “The guy who used to run the cable industry's lobbying arm is now running the agency tasked with its regulation. That's the equivalent of needing a babysitter and hiring a dingo!'' he exclaimed, below a photo of a wolf-like creature leering over a baby. He even pictured Comcast's chief executive officer in a metal top hat and car—pointedly perched on a Monopoly game board. The pinnacle of the bit came at the end. With ceremonial music rising in the background, Oliver stood and addressed the hordes of internet commenters, as the web address for the FCC site loomed large onscreen. “Good evening, monsters,'' he exhorted, “we need you to get out there and focus your indiscriminate rage in a useful direction. ... Turn on caps lock and fly my pretties. Fly! Fly!'' he screamed, as the credits began to roll. Sicker was just one of a million viewers tuned in that evening (YouTube views are now nearly 9 million) as were many of Sicker's colleagues from the telecom sector. “The next day, everyone was sharing links to that clip,'' he recalls. “People could not stop talking about it.'' That same day, the FCC comment site shut down, evidently flooded. Comments eventually reached nearly 4 million. Those 13 minutes of razor-tongued entertainment had galvanized the public to a new issue that has, in reality, been under debate for more than a decade. [...]
http://boingboing.net/2015/05/13/john-deere-of-course-you-ow.html Gabriel Goldberg, Computers and Publishing, Inc. email@example.com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433
http://adage.com/article/digital/inside-google-s-secret-war-ad-fraud/298652/ "Sasha is a member of Google's secretive antifraud team. The unit, numbering more than 100, is locked in a war against an unknown quantity of cybercriminals who are actively siphoning billions of dollars out of the digital advertising industry, primarily via the creation of robotic traffic that appears human. Mysterious to many even within Google, the group has never spoken to an outsider about the way it hunts botnets, let alone allowed someone into its offices to observe the process. But that silence ended the moment Sasha opened his computer." That's "Secret" ...
Following is an excerpt from an e-mail I received from Fairfax County Public Schools (Fairfax VA, near Washington DC). Relying on internet connectivity without a backup plan, for a high stakes test - what could possibly go wrong? [Standards of Learning are a set of state-wide standardized tests taken by all elementary, middle school, and high school students.] ----- [May 19] at approximately 12:30 p.m., Pearson Education, Inc., the company which provides the computer delivery system for Virginia's online Standards of Learning (SOL) tests, experienced an interruption in Internet connectivity. The 90-minute service interruption today affected FCPS test sites along with other school divisions throughout Virginia. Students who had already begun testing before the interruption of Internet service were not impacted. However, some students were unable to log on to the system to take scheduled SOL tests and other students received error messages when they tried to log off after completing tests. As a result, some students had to wait in the test environment after they completed their tests until connectivity was restored and they were able to submit the tests. The FCPS Office of Student Testing is working with schools to ensure that all tests were submitted properly following the interruption. At this time, we do not anticipate that any student responses on tests that were submitted were lost. In some cases, students started tests but, due to the interruption, were unable to finish before the end of the school day; tests for these students will need to be rescheduled. Some schools may have canceled SOL testing because of the interruption and will notify students and families when today;s SOL tests will be rescheduled.
FYI—I had to check the date on this article several times to convince myself it wasn't April 1st. Beware Terrorist Trekkies!!! No wonder TSA keeps checking my ears... Elizabeth Roberts, *The Telegraph*, 17 May 2015 http://www.telegraph.co.uk/news/uknews/11611086/Secret-files-reveal-police-feared-that-Trekkies-could-turn-on-society.html Scotland Yard kept a secret dossier on Star Trek and the X-Files in the run up to the millennium amid security concerns trekkies at a convention. For years Star Trek fans—known as Trekkies—have been the butt of jokes about their penchant for wearing pointy ears and attending science fiction conventions. But the police feared British fans of the cult American show might boldly go a little too far one day. It has emerged that Scotland Yard kept a secret dossier on Star Trek, The X-Files, and other US sci fi shows amid fears that British fans would go mad and kill themselves, turn against society or start a weird cult. The American TV shows Roswell and Dark Skies and the film The Lawnmower Man were also monitored to protect the country from rioting and cyber attacks. Special Branch was concerned that people hooked on such material could go into a frenzy triggered by the millennium leading to anarchy. An undated confidential report to the Metropolitan Police, thought to have been filed around 1998-99, listed concerns about conspiracy theorists who believed the end of the world was nigh. “Fuel is added to the fire by television dramas and feature films mostly produced in America. These draw together the various strands of religion, UFOs, conspiracies, and mystic events and put them in an entertaining storyline.'' The report added: "Obviously this is not sinister in itself, what is of concern is the devotion certain groups and individuals ascribe to the contents of these programmes." The dossier—called UFO New Religious Movements and the Millennium—was drawn up in response to the 1997 mass suicide by 39 cultists in San Diego known as Heaven's Gate. The group members were "ardent followers of The X-Files and Star Trek" according to Special Branch. [...]
http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said. The threat stems from a flaw in the transport layer security protocol that websites and mail servers use to establish encrypted connections with end-users. The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they're communicating over an unsecured, public channel.
http://theconversation.com/paranoid-defence-controls-could-criminalise-teaching-encryption-41238 You might not think that an academic computer science course could be classified as an export of military technology. But under the Defence Trade Controls Act - which passed into law in April, and will come into force next year - there is a real possibility that even seemingly innocuous educational and research activities could fall foul of Australian defence export control laws.
Jeremy Kirk, IT World, 20 May 2015 (link to the proposal is in the article.) http://www.itworld.com/article/2925375/security/us-proposes-tighter-export-rules-for-computer-security-tools.html The U.S. Commerce Department has proposed tighter export rules for computer security tools, a potentially controversial revision to an international agreement aimed at controlling weapons technology. On Wednesday, the department published a proposal in the Federal Register and opened a two-month comment period. The changes are proposed to the Wassenaar Arrangement, an international agreement reached in 1995, aimed at limiting the spread of “dual use'' technologies that could be used for harm. Forty-one countries participate in the Wassenaar Arrangement, and lists of controlled items are revised annually. The Commerce Department's Bureau of Industry and Security (BIS) is proposing requiring a license in order to export certain cybersecurity tools used for penetrating systems and analyzing network communications. If asked by the BIS, those applying for a license “must include a copy of the sections of source code and other software (e.g., libraries and header files) that implement or invoke the controlled cybersecurity functionality. Items destined for export to government users in Australia, Canada, New Zealand or the U.K.—the so-called “Five Eyes'' nations which the U.S. belongs to—would be subject to looser restrictions. Those nations' intelligence agencies collaborate closely. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass “proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,'' the proposal said. Tools that would not be considered intrusion software include hypervisors, debuggers and ones used for reverse engineering software. There has long been concern that software tools in the wrong hands could cause harm. But security professionals who conduct security tests of organizations often employ the same software tools as those used by attackers. Thomas Rid, a professor in the Department of War Studies at King's College London, wrote on Twitter that the proposed export regulations “seem too broad; could even damage cybersecurity.'' Many private computer security companies sell information on software vulnerabilities for commercial purposes, a practice that has been criticized. Those companies have defended their sales models, arguing that without a financial incentive, the software vulnerabilities may not have been found, which ultimately protects users. Many have policies that forbid selling sensitive information to unvetted parties. The proposal said there is a “policy of presumptive denial for items that have or support rootkit or zero-day exploit capabilities.'' Rootkits are hard-to-detect programs used for electronically spying on a computer, and a zero-day exploit is attack code that can take advantage of a software flaw. Changes to the list of controlled items covered by the Wassenaar Agreement are decided by consensus at its annual plenary meeting in December. [It's better to burn out than fade away.]
https://www.eff.org/deeplinks/2015/05/africas-worst-new-internet-censorship-law-could-be-coming-south-africa Only once in a while does an Internet censorship law or regulation come along that is so audacious in its scope, so misguided in its premises, and so poorly thought out in its execution, that you have to check your calendar to make sure April 1 hasn't come around again. The Draft Online Regulation Policy recently issued by the Film and Publication Board (FPB) of South Africa is such a regulation. It's as if the fabled prude Mrs. Grundy had been brought forward from the 18th century, stumbled across hustler.com on her first excursion online, and promptly cobbled together a law to shut the Internet down. Yes, it's that bad.
http://www.infoworld.com/article/2922315/virtualization/venom-security-vulnerability-little-details-bite-back.html Paul Venezia, The Deep End, InfoWorld, 18 May 2015 Bad attacks rarely come through the front door—instead, the old cracks let in the problems selected text: It's fittingly ironic that a vulnerability of this nature is vectored through such an innocuous and fossilized function as a virtual floppy disk driver; it's even more ironic that the bug in that code has existed since 2004.
Jeff Jedras, IT Business, 15 May 2015 http://www.itbusiness.ca/news/only-three-per-cent-of-people-aced-intels-phishing-quiz/55685 opening text: We probably think we're pretty savvy when it comes to identifying online attacks and phishing emails, Intel Security put us to the test and found us lacking: 97 per cent of respondents were unable to identify all the examples of phishing in their email security quiz.
Lucian Constantin, InfoWorld, 19 May 2015 Researcher develops code that can trick Safari into showing a different URL in its address bar than the one currently loaded http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html selected text: The latest versions of Safari for Mac OS X and iOS are vulnerable to a URL-spoofing exploit that could allow hackers to launch credible phishing attacks. The issue was discovered by security researcher David Leo, who published a proof-of-concept exploit for it. Leo's demonstration consists of a Web page hosted on his domain that, when opened in Safari, causes the browser to display dailymail.co.uk in the address bar. The ability to control the URL shown by the browser can, for example, be used to easily convince users that they are on a bank's website when they are actually on a phishing page designed to steal their financial information.
Jeremy Kirk, InfoWorld, 20 May 2015 http://www.infoworld.com/article/2924732/security/new-logjam-encryption-flaw-puts-web-surfers-at-risk.html LogJam is closely related to the FREAK security vulnerability and involves downgrading TLS connections to a weak key selected text: The flaw, called LogJam, can allow an attacker to significantly weaken the encrypted connection between a user and a Web or email server, said Matthew D. Green, an assistant research professor in the department of computer science at Johns Hopkins University.
Lucian Constantin, InfoWorld, 20 May 2015 Tens of routers and other embedded devices from various manufacturers likely have the flaw, security researchers say http://www.infoworld.com/article/2924187/security/critical-vulnerability-in-netusb-driver-exposes-millions-of-routers-to-hacking.html
https://medium.com/backchannel/the-body-cam-hacker-who-schooled-the-police-c046ff7f6f13 Policies about where and when to turn cameras on, language to warn people who are being filmed, and limits on using the footage in investigations can address some of these concerns. But liberal public disclosure laws like Washington's leave a gaping loophole. How can police departments release videos to an eager public without invading the privacy of victims, patients and bystanders on some of the worst days of their lives?
[To:] President Barack Obama The White House 1600 Pennsylvania Avenue NW Washington, DC 20500 [...] We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad. [snip] [approximately 150 signatories, including security experts and tech companies] Full text at: https://static.newamerica.org/attachments/3138--113/Encryption_Letter_to_Obama_final_051915.pdf http://cdn.arstechnica.net/wp-content/uploads/2015/05/cryptoletter.pdf Lots of news media have picked up on this, but distressingly few link to the actual letter. Maybe I'm old-fashioned, but I think primary sources are important. [Also noted by Lauren Weinstein, https://docs.google.com/document/d/1mX98l2Y05t_pV_gu_o_h4WezVajAXkca0NtZ7V9dQ_U/edit?hl=en&forcehl=1 who added. “Not that it will likely make any difference in the final analysis regardless of who is President or in Congress, but hope springs eternal.'' PGN]
http://www.networkworld.com/article/2925171/security0/is-security-really-stuck-in-the-dark-ages.html It had to be a bit of a jolt for more than 500 exhibitors and thousands of attendees at RSA Conference 2015 last month, all pushing, promoting and inspecting the latest and greatest in digital security technology: The theme of RSA President Amit Yoran's opening keynote was that they are all stuck in the Dark Ages. [via NNSquad]
Why should the FBI (Martin Luther King), the CIA (numerous Muslims) and the NSA (LOVINT) have all the fun? Now we can all be extorted by non-govt criminals, too. The honeyplot thickens... Best LOL line of the article: "These sites are meant to be secure" Geoff White, Channel4, 21 May 2015 http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web Hackers have struck one of the world's largest internet dating websites, leaking the highly sensitive sexual information of almost four million users onto the web. The stolen data reveals the sexual preferences of users, whether they're gay or straight, and even indicates which ones might be seeking extramarital affairs. In addition, the hackers have revealed email addresses, usernames, dates of birth, postal codes and unique internet addresses of users' computers. Channel 4 News has been investigating the cyber underworld, discovering which websites have been hacked and exposing the trade in personal information of millions of people through so-called "dark web" sites. Secretive forum The investigation led to a secretive forum in which a hacker nicknamed ROR[RG] posted the details of users of Adult FriendFinder. The site boasts 63 million users worldwide and claims more than 7 million British members. It bills itself as a "thriving sex community", and as a result users often share sensitive sexual information when they sign up. The information of 3.9m Adult FriendFinder members has been leaked, including those who told the site to delete their accounts. Shaun Harper is one of those whose details have been published. "The site seemed OK, but when I got into it I realised it wasn't really for me, I was looking for something longer term. But by that time I'd already given my information. You couldn't get into the site without handing over information. "I deleted my account, so I thought the information had gone. These sites are meant to be secure." [Long item truncated for RISKS. PGN]
"The hardest part - responsible disclosure. Support guy honestly answered there's absolutely no way to get in touch with technical department and he's sorry I feel this way. Emailing InformationSecurityServices@starbucks.com on March 23 was futile (and it only was answered on Apr 29). After trying really hard to find anyone who cares, I managed to get this bug fixed in like 10 days." —Egor Homakov [Sakurity via NNSquad] http://sakurity.com/blog/2015/05/21/starbucks.html
Few people looking to buy a state-of-the-art smartphone would even think about a Russian model, but the makers of the YotaPhone aspire to change that. http://www.nytimes.com/2015/05/17/world/europe/a-russian-smartphone-has-to-overcome-rivals-and-jokes-about-origin.html
Texting while driving has company. Some people are also using social media services, taking selfies, and even making videos while they are behind the wheel. http://bits.blogs.nytimes.com/2015/05/19/some-people-do-more-than-text-while-driving/
Maybe I'm too much of a programmer, but the word "voluntary" should mean something. Most of the information we turn over today is NOT voluntary. You can't get a prescription without revealing it to the pharmacist; the pharmacist can't give it to you without revealing it to the state and insurance databases; and all of this is required by law. The change in accessibility over the years is a clear example of a difference of degree becoming a difference of kind.
If level-crossing gates block the full width of the road then there's the risk of vehicles being trapped as they close; if they only take half of the road then they provide a better warning than just flashing lights, but impatient drivers can zig-zag round them. The *REAL* fundamental problem is that trains traveling at 120mph (~200km/hr) or more can take several minutes/miles to stop—which vehicle drivers don't always seem to appreciate—and ensuring that a train has time to stop if the crossing is not clear would mean halting the traffic for quite a while, thus increasing the risk of impatient drivers attempting to cross anyway. As I understand it, crashes or near-misses often happen on busy roads when a line of slow-moving or stopped vehicles backs up across a level-crossing. So the moral is—always be sure that there's enough empty road on the other side of the crossing for your vehicle before you drive onto it.
Most publicity on this subject seems to focus on the specific hack and its perpetrator, condemning his action. This diverts attention away from the much more serious underlying problem: A hacker, using simple tools and a trivial intrusion into a network box, succeeded in breaching the isolation between the passenger network and a highly safety critical technical network of the aircraft. This raises serious concerns about the overall network design of the aircraft. And more problems may be coming: Today, passenger and safety air/ground communications are pretty well isolated from each other because they use separate radio links and different technologies that do not readily mix.<br> But one plausible future development option is a move towards integrating everything into a single air/ground link, all using IP technology. So, effectively, the closed aeronautical safety critical networks will come together physically with the Internet in this link, being separated only logically by routers, firewalls and the like. Just one compromised router somewhere in the world could make the safety critical networks, on-board as well as on the ground, reachable from the Internet. Physical isolation would no longer be possible.
Please report problems with the web pages to the maintainer