The World's Most Dangerous Password 696
NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"
Google Cache (Score:3, Informative)
WOPR's 'guesses' (Score:5, Informative)
Now I realize that the movie wasn't nearly as stupid as reality.
Re:At least it wasn't... (Score:5, Informative)
Damn, beat me to it. Here it is anyway since you left out Skroob's quote :)
PAL info (Score:1, Informative)
Last time these were mentioned, I bookmarked this link, some interesting speculation:
http://www.research.att.com/~smb/nsam-160/pal.htmRe:Reminds me ... (Score:2, Informative)
So what microsoft should have done was not allow all the same numbers.. but even so, the algorithm is so simple it was easy to crack... i remember writing a little microsoft key generator when i was like 11 in VB (never released it though, was for personal use =P)
Re:Reminds me ... (Score:5, Informative)
so 111-1111111 aswell as 111-2020201 would work. the first 3 numbers could be anything.
this was on a lot of pre-98 microsoft cds.
more info on microsoft cd-keys [omnitechdesign.com]
Re:hmm (Score:5, Informative)
And damn good it is too.
Re:Its only a bad password (Score:5, Informative)
The physical security refers to someone trying to get in from the outside. The two guys inside the silo launch center would be able to get the launch off in time.
Insofar as a single deranged person trying to launch the missiles, both launch keys have to be turned at the same time. The keylocks are separated by a distance making it impossible for a single human being to turn both simultaneously.
Crews are rotated such that the same two are not on duty on any but one shift (to prevent conspiracy), and the crewmen are subjected to some excruciatingly serious background and psychological tests before, during, and after their tours of duty in the silos.
Great care was taken in designing a fail-safe mechanism, where if the protection mechanism fails, it fails into a safe mode (like a default-deny in IPTables).
It was determined that it was better that a few missiles not leave the silos during a nuclear exchange than a few leave a silo during peace-time.
Re:Reminds me ... (Score:1, Informative)
1+2+3 = 6 mod 3 = 0
1+2+3+4+5+6+7 = 28 mod 7 = 0
Both = 0, valid key.. Microsofts most gay key algorithm ever!
Not a hacker (Score:1, Informative)
RT()A (Score:5, Informative)
So assuming the article's correct: a) there wasn't even one password in the launch process at the time, only physical keys, b) four people in the right place could launch nuclear missiles, and no countermeasures would have been able to stop them, and c) given the lack of stringent security in allowing visitors access to those sites, it's not inconceivable that outsiders could have seized the opportunity to take control of two launch centers.
Re:Its only a bad password (Score:4, Informative)
Re:Its only a bad password (Score:4, Informative)
Re:Its only a bad password (Score:1, Informative)
Yeah, SERIOUS as in:
In the recent past, such safeguards were poor or nonexistent. Military personnel, e.g. maintenance airmen, and civilian contractors who possessed minimal security credentials were granted LCC access, and annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs. In the interest of public relations, the Air Force permitted ready access to the Minuteman launch network by practically anyone desiring it.
Requests for visitor access were routinely processed and approved. The requesting party had only to provide a name and social security number, and authentication checks were not usually made. As a matter of course, checks of individual backgrounds or motives for requesting LCC access were not made either. Furthermore, within wide bounds, the number of individuals in a party was limited only by the capacity of an LCC - about eight persons.
Re:trust (Score:4, Informative)
Re:Not Stupid (Score:4, Informative)
It has to be something the lowest common denominator on the security team can remember.
Re:Its only a bad password (Score:5, Informative)
What?? You thinking putting a bar on someone's shoulder makes them "tough?" And just because you call someone a "grunt" they're more suceptible to "blackmail or greed?" Newsflash -- EVERYBODY is suceptible to blackmail and greed. That's why the people who work with nukes are vetted by the security services -- officers and enlisted alike. You think the techs who worked on those missiles didn't know how to bypass those PALs regardless of what password was used?
My point is simple -- don't question someone's patriotism because I'm enlisted -- just because they don't get paid as much doesn't mean their values aren't just as strong as an officer's. The enlisted men and women in the military are the ones you have to trust -- we're the ones who make it all work.
Re:trust (Score:3, Informative)
There couldn't possibly be another reason to prevent the UN weapons inspectors from having carte blanche access to secure facilities in Iraq, right? I mean, those guys are all about the inspections and are completely trustworthy right? They would NEVER abuse that level of access to go "beyond scope" of their charter would they?
OF COURSE THEY WOULD:
http://www.globalpolicy.org/security/issues/iraq0
http://www.fair.org/activism/unscom-history.html [fair.org]
http://www.time.com/time/nation/article/0,8599,35
As for punishing "violations of UN resolutions" shouldn't the UN be responsible for that? Just exactly whose resolutions are these anyway? As if the Bush league has any interest in enforcing UN resolutions against other countries that are routinely broken on a daily basis anyhow.
Re:trust (Score:1, Informative)
who modded that insightful? (Score:3, Informative)
The weapons inspectors were in Iraq, and were getting cooperation from the government there, until the eve of the war. They had to leave because the Bush administration began it's push to war. Yes, there had been difficulty with compliance in the past, but things were going differently this time.
Apart from a single, probably Iran-Iraq war vintage chemical shell, no WMD have been found in the country. Further, all the scientists that have been interogated, as well as all the documentation found, indicate that they had no WMD, at the very latest, past 1998. 6 years ago.
Finally, most of the intelligence about Iraq's WMDs now appear to have been put forward by the Ahmed Chalabi and the INC. Much of it was uncorroborated, and contradictory evidence was discarded in the lead up to the war by the Office Of Special Plans. This group, in the DOD, stovepiped supporting evidence to ensure that the president would have the justification required to wage war; any evidence that did not support the cause or that directly worked against war in Iraq was discarded.
Sorry, kid. The president of the US started this. He made the order. He chose this. We didn't have to go to war, and there was no pressing national interest for the US in going to war there. There were NO links to Al Qaida or other terrorist groups, and his army was in a vastly degraded state. He posed a danger at most to his own people. And yes, that's an awful thing, but it's not our job to go policing the world.
Finally, regarding the inspectors and their fights with Saddam in the past - it's very likely that he didn't cooperate because he didn't want to appear weak. It's a common reaction, hiding one's weaknesses from others so as to seem strong and keep oneself safe from attack.
Re:At least they're default routers... (Score:1, Informative)
Re:Crimson Tide (Score:3, Informative)
Re:Poor ICBM security ...who cares? Right? (Score:4, Informative)
Having worked in this field I'll tell you:
1. A civilian is never allowed in a live LCC.
2. The crew is sealed in the live LCC's.
3. To get access to a live LCC is much more then cutting the chain link.
4. Even if you got into one, you need to get into two to do anything.
5. Nevermind the hoards of SP's and armed Helicopters descending around you.
6. While crew members can send messages between LCCs (and I believe between bases, I can't recall) these messages are not and can not be EAM's which are only sendable from the NCA via special terminals.
7. Even if you could send the EAM, who would believe an order coming from the wrong originator.
8. The comm systems in question are not as stupid as e-mail, they are part of a dedicated MLS (b3) system.
9. Nuclear command and control has always relied on personal responsibility, do you think nuclear submarine commanders or the alert bomber force can/could not just decide to launch, or are you deluded enough to think they have some crm114 gizmo that overrides them?
In my place of business I'd have no problem with a null password if all access to the server required two trusted administrators with keys that are kept stored in seperate combination locked safes. In fact, a password beyond the assertion of two trusted people would be stupid, and if you don't trust the people allowing them access to the keys would also be stupid.
Your scenario would be something like this:
1. Something needs done to the server, so you call the CIO
2. He gives you and your other Sys Admin a one-time password for the server.
3. You two go open your safes with your combos (each of you only know one of these combos)
4. You remove your keys and open the server locks.
5. You enter the password you got from the CIO
6. You do your business, and relock the server
7. You put your keys away
Damn, I'd hate to work in your shop. Most of us only have trusted sys admins and single passwords.
Dan
Re:trust (Score:4, Informative)
"They" in my original post [slashdot.org] referred to "the incompetent warriors at the top of the Pentagon" in the preceeding sentence. Where was Rumsfeld during the last vicious conjob war? Working his way through the ranks to become the Secretary of Defense presiding over the defeat in Vietnam. Cheney was his partner in crime. The actual prosecutors of that war, whose shoes they eventually filled, promoted these same warmongers through the ranks. So comparisons to Vietnam are apt, even beyond the effectiveness of Asian guerillas against the Pentagon. It's the same people running the show!
Moving on to your tripe contrasting American troops losing 58,000 protecting a hated regime, and losing 900 troops removing a hated regime... We lost a very few removing the Hussein regime, after we decimated them in 1990, then continued bombing their shut down country for the 10 intervening years. We have lost most since then, defending the American occupying regime, increasingly hated, with no end in sight.
So talk out of your ass about JFK, but get your head out of the past and focus on the Texan in charge of the nightmare raging *today*. This nightmare in Iraq can spiral out of control beyond even the stupidest propaganda justifying Vietnam. And if you and your partisan buddies keep lying about both wars, you'll never learn enough to get us out of this one.
Re:hmm (Score:3, Informative)
Re:At least they're default routers... (Score:5, Informative)
The Default Password List [phenoelit.de]
Indispensible tool.
Re:Someone's gotta say it (Score:5, Informative)
Re:trust (Score:4, Informative)
Should the Security Council consider that measures provided for in Article 41 would be inadequate or have proved to be inadequate, [the UN Security Council] may take such action by air, sea, or land forces as may be necessary to maintain or restore international peace and security. Such action may include demonstrations, blockade, and other operations by air, sea, or land forces of Members of the United Nations.
Re:trust (Score:5, Informative)
Well, according to Dr Hans Blix (the head of the inspection commission) Iraq was cooperating fairly well. The message that cooperation was inadequate was coming from the same source that was claiming incontrovertible evidence of ongoing WMD activity. Most of the world wanted inspections to continue, based on the doubts raised by the US, in spite of the fact that inspections were revealing nothing.
Re:Crimson Tide (Score:3, Informative)
The scenario outlined in Crimson Tide is impossible. (And yes, I know that for a fact because I worked as a Fire Control Tech on those missiles.)
What changed in 1995 was that certain launch related codes that had previously been held on the boat were removed from the boat to further up the chain-of-command. However, the preperations for that change (which required some physical as well as procedural changes) had been in progress since about 1989. (Probably earlier, that's just when I first heard about it. The D5 system, whose design dates to the mid 80's, was prepared for the changes right from the drawing board.) That the final changes went into effect about the same time as the movie came out is nothing but coincidence. Those curious about the issue can google for Crimson Tide in the sci.militairy.naval newsgroup where the movie is extensively discussed.
Re:trust (Score:3, Informative)
Re:WOPR's 'guesses' (Score:2, Informative)
I gather there are analogous attacks for today's sophisticated encryption schemes using time or even heat to gain some knowledge of how much work has been done.
Anyway, it's a movie (Wargames)--I look at it as my job as a viewer to find a scenerio under which it makes sense.* That just got MUCH easier I think, both for Wargames and Dr. Strangelove.
* WARNING: do not try this with the Matrix Reloaded.
Re:trust (Score:2, Informative)
Oh come off it, your Weapons of Mass Destruction was a single shell, improvised into a roadside bomb, containing sarin that was largly inactive, which dated back to the Iran - Iraq war of the 80's.
An old rusty shell is hardly a weapon of "Mass Destruction", no matter how you want to spin it. Call me back when they find a single barrel of recent Sarin. Hell, call me back when they find credible evidence of a nuclear weapons program. I'll settle for an incomplete hex defusion plant, or a even the blueprints for a warhead.
Re:WOPR's 'guesses' (Score:3, Informative)
Depends what you mean by often, Paxman did a study in 1997 and found that less than 1% of packet were out of order, while Moon et al did a similar thing in 1998 and found it to be less than 0.1%.
Bruce Blair is full of crap. (Score:2, Informative)
I babysat them suckers for four years. The "all-zero" setting was a day-to-day requirement because, as I recall, that panel was used for more than one function -- like most everything in the "Capsule"
And, yes, there are people in the loop. You would be surprised how hard is is to actually launch them properly. Especially if you are not supposed to.
'Nuff said. GO back to sleep. No worries.
Re:Someone's gotta say it (Score:3, Informative)