Re: Adding some unexpected reliability expectations

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>]

Date sent:              Wed, 13 Apr 2005 08:18:06 -0400
From:                   ljknews <[EMAIL PROTECTED]>

> http://www.cnn.com/2005/TECH/04/12/remote.control.mines.ap/index.html
>
> I think this causes reliability issues not anticipated by those who wrote
> the operating system for the laptop computer.

Amen.

The Register on Matrix too:

http://www.theregister.co.uk/2005/04/12/laptop_triggered_landmine/

(Any comments about "minefield" testing a new technology?)

With the US being one of the few holdouts against the ban on landmines, there are
predictable concerns about the danger the new mines hold for civilian populations.
 However, there would also seem to be any number of potential dangers to the
troops using them.

There are very few details provided in regard to the new mines.  There appear to
be different types.  They have some kind of wireless capability.  (The CNN article
refers in one place to yards, and another to more than a mile.  Of course, if it's
designed for yards and someone has a good antenna ...)  They have
remote detonation capability.

Based upon what is said, we can determine some additional aspects of the
technology, as well as surmise more.  They likely communicate via radio
frequencies.  They will have some kind of (likely minimal) software for
reception of signal, authentication, and activation.  (Deactivation is likely
accomplished by activating the mine when [hopefully] nobody is around.)  The
mines are probably individually addressable: blowing an entire minefield for a
single intrusion would not seem to be an effective use of resources.  Radio
communication would imply that either the mines are battery powered, or that
they contain an antenna and transponder.  Given the purpose and use of mines, it
is likely that there is an alternate and more standard triggering mechanism such
as pressure plates or tripwires that does not require wireless activation.

There are, of course, other more advanced possibilities for such a technology.
Mines could be remotely enabled and disabled, could communicate with each other,
or could communicate sensor results with a central location.  However, these
functions are unlikely in a first generation device.

The potential risks are numerous.  With radio communications mines that are
buried, or placed under or behind metal or water, may fail to detonate when
needed, or deactivate.  Any kind of software is, of course subject to failures
(which, in this case, could be literally catastrophic).  Authentication would be
a fairly major issue: sniffing of radio traffic could easily determine commands,
replay attacks, static passwords, or number sequences.  (Note that the mines
require "minimal training" for use.)  Failure of authentication could, again,
result in failure of either detonation or deactivation.  Battery failure would
be an issue and therefore transponders are more likely, but transponders would
be more difficult to troubleshoot.  (Should the transponders retransmit?  That
would assist with finding and disarming mines, but broadcasting a signal with
known improper authentication would result in a means of determining the
location of mines.)

Overall, mines still seem to be a pretty bad idea.

[Ed. Let's please allow this thread to die out, or get back to issues directly
related to software security per se.  KRvW]

======================  (quote inserted randomly by Pegasus Mailer)
[EMAIL PROTECTED]      [EMAIL PROTECTED]      [EMAIL PROTECTED]
The Internet may promise to improve the way we educate and learn,
but so did early television. TV technology has instead reduced
our attention spans, reduced intellectual conversations to sound
bits, and left us with the impression that in order to be
informed, we must first be entertained.           - Lew Platt, of HP
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade