Re: Katy, bar the door
At 09:32 PM 10/31/02 -0800, Tim May wrote: ... If the attackers/hijackers cannot get into the cockpit and gain control of the plane, then the most they can do with disabling/lethal/nerve gases is to cause the plane to essentially crash randomly...which kills a few hundred people, but probably not many more. Which is yet another reason why securing the cockpit door very, very well is the single most important, and cheapest, solution. Hmmm. I agree, but if the attackers chose the right time (while the plane's on autopilot) to release the gas or whatever, they might have an hour or two to get through the cockpit door, with no resistance at all from the now-dead passengers or crew. Securing a cockpit door in those circumstances is *much* harder than securing it against someone with a shorter time to get through, and with the possibility of active resistance from the other side. (I seem to recall hearing some pilot comment that he was very confident of his ability to keep someone from breaking through the door, just by flying so that it's almost impossible to stay on your feet. Certainly, trying to use a hacksaw or cutting torch or something wouldn't be much fun while the pilot did loops or something.) On the other hand, the pilot or copilot pretty much just have to figure out something is wrong and indicate this fact to the people on the ground, and there will be a plane along shortly to shoot them down if necessary. And I don't think this kind of gassing attack would work all that smoothly in practice--some people would be affected before others, due to nonuniformity in the way air is distributed in the cabin and different levels of susceptibility. The combination of a hard-to-break-into cockpit and some kind of response to prevent these planes being used as low-tech cruise missiles seems like a win. Maybe it would make sense to add some kind of remote surveilance of the cockpit, though I imagine this wouldn't be too popular with pilots, and they'd definitely need to secure the channel properly. --Tim May --John Kelsey, [EMAIL PROTECTED] // [EMAIL PROTECTED]
Re: What email encryption is actually in use?
On Saturday 02 November 2002 12:09, Adam Shostack wrote: An interesting tidbit in the September Information Security Bulletin is the claim from MessageLabs that only .005% of the mail they saw in 2002 is encrypted, up from .003% in 2000. ... Last month, about 5% of my email was sent PGP encrypted, about 2% STARTTLS encrypted, and about 25% SSH encrypted to people on the same mail server, where POP and IMAP only function via SSH. I'd be interested to hear how often email content is protected by any form of crypto, including IPsec, Starttls, ssh delivery, or PGP or SMIME. There's probably an interesting paper in going out and looking at this. Well, here's a datum for you: in the past four or five months, I have sent exactly no encrypted email. There are several reasons, notably that most of my email correspondents are business types who can't handle encryption even after several lessons and checklists and even when the tools are integrated into the MUA. Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, human error, changes of email address, and what-not. Or because the recipient simply isn't bothering to decrypt mail any more because it's more trouble than it's worth for the low quality of information conveyed. The only business environment I've ever worked in which successfully used encrypted email mandated specific versions of mail client (Outlook, ecch) and PGP (integrated into Outlook), had a jackbooted thug to make sure everyone's keyring was up to date, and had a fairly small (couple dozen), mostly technically proficient, user base. And even there, half the time the encrypted message wasn't sensitive enough to be worth encrypting nor important enough to be worth decrypting. I have signed a few messages in the recent past, but that was probably even less worthwhile than encrypting them. For all I know, not a single one has been verified. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: Katy, bar the door
At 12:35 PM -0800 11/1/02, John Kelsey wrote: At 09:32 PM 10/31/02 -0800, Tim May wrote: ... If the attackers/hijackers cannot get into the cockpit and gain control of the plane, then the most they can do with disabling/lethal/nerve gases is to cause the plane to essentially crash randomly...which kills a few hundred people, but probably not many more. Which is yet another reason why securing the cockpit door very, very well is the single most important, and cheapest, solution. Hmmm. I agree, but if the attackers chose the right time (while the plane's on autopilot) to release the gas or whatever, they might have an hour or two to get through the cockpit door, with no resistance at all from the now-dead passengers or crew. I expect that in most cases, ATC would be concerned about no contact for an hour. In the modern age, that might be enough to scramble a fighter to go up and take a look. (A number of years ago, there was a case where a pilot, presumably asleep, flew right past Los Angles, over the Pacific ocean, and crashed. ATC was very concerned, but couldn't do anything to wake the pilot.) Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Katy, bar the door
On Fri, 1 Nov 2002, John Kelsey wrote: Hmmm. I agree, but if the attackers chose the right time (while the plane's on autopilot) to release the gas or whatever, they might have an hour or two to get through the cockpit door, with no resistance at all from the now-dead passengers or crew. Securing a cockpit door in those While we're discussing irrelevant scenarios, there's a recent trend in avionics buses to off the shelf networking protocols and buses. I much doubt the traffic is encrypted and/or authenticated, so a guy who could blow a small hole through the hull, stick a GPS antenna and/or a camera out of it, and splice into the avionics control bus with a laptop could fly around a bit. Disclaimer: this is just a funky irrelevant scenario, and I agree that the next time it's going to be something different, while everybody is staring hypnotized at flight security.
Re: Katy, bar the door
At 10:49 AM 11/2/02 -0800, Bill Frantz wrote: (A number of years ago, there was a case where a pilot, presumably asleep, flew right past Los Angles, over the Pacific ocean, and crashed. ATC was very concerned, but couldn't do anything to wake the pilot.) Around a year ago a small private jet lost contact over the US. A jet was dispatched, saw iced windows, no response to signals. The plane was on autopilot, eventually crashed in the middle of nowhere. The passengers/pilot are believed to have passed out from anoxia. (The autopilot kept them at high altitude too!) When that trucker kamakazi'd into the state capital in Sacramento last year, they decided to put Jersey barriers up. Hard to do that in the air (Blimps with nets?)
Re: Fwd: Asbestos ban again cited as the real cause of WTC collapse
building I inspect, my own work not excepted. You have to battle to get contractors to do it right. And owners to pay for quality work and maintenance rather than wait for vicitms and insurance companies to pay the tithe of negligence. This is the same problem as with other expenses without immediate gratification and uncertain effectiveness (to the laymen) - use of hi-fi cryptography, for example. Too often the mere *existance* of a technology is used as an excuse to build systems which *require* such technology (and maintenance) and then do the token application of the technology and forget about it. I wonder if anyone used asbestos-steel-WTC meme (R) (TM) (C) to promote strong crypto ... = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
Re: Fwd: Asbestos ban again cited as the real cause of WTC collapse
Lack of asbestos fireproofing (FP) on structural steel could have played a role in the WTC collapse but the source of that argument, proponents of Junk Science and Herbert Levine, are on shaky ground. I've responded to their WTC asbestos-lack argument elsewhere, my main point being that asbestos is only one of several reliable, equally effective, FP materials available -- though asbestos is one of the oldest and the one with the most long-lived die-hards. (The asbestos industry for over a century promoted its material as a solution to a wide range of hazards, and battled in court repeatedly against those who disagreed -- the comparison with tobacco is apt. And like tobacco, an amazing number of its advocates died from exposure to the material so avidly promoted.) The problem all FP materials share is that of inept installation and poor maintenance, and none are effective if improperly installed and protected against deterioration as was the case with WTC -- not that WTC is unique in this. The installation and maintenance of FP materials in WTC has been documented as poor. Had the material been asbestos not much would have been different, and might have been worse. Installation of asbestos has been long known as poor, not least because the industry made it appear that even poor asbestos installation was superior to any other type. Not true. Independent testing laboratories set standards for FP and rate all materials by the same methodologies -- giving each system a fire-rating based on its resistance to fire and heat -- 1 hour, 2 hour and so on. Various parts of buildings are required by building codes to be fire-proofed for a set hourly resistance, e.g., 3-hours for floors and their supporing structure, 2-hours for interior walls acting as fire separations or mechanical system enclosures, 1-hour for hazardous materials storage. However, over time due to subsequent alterations, installations of mech/elec systems, and building movement, FP is often damaged and needs restoration to maintain its effectiveness. That does not happen. I see deficient FP in every building I inspect, my own work not excepted. You have to battle to get contractors to do it right. And owners to pay for quality work and maintenance rather than wait for vicitms and insurance companies to pay the tithe of negligence. The Port Authority is a negligent landlord and Silverstein is no better. But they are the norm for Junk Property Owners who promote attacks on Junk Science as a cover for their criminal venality. And in this they are kissing kin of the asbestos industry ghouls.