Date sent: Wed, 13 Apr 2005 08:18:06 -0400 From: ljknews <[EMAIL PROTECTED]>
> http://www.cnn.com/2005/TECH/04/12/remote.control.mines.ap/index.html > > I think this causes reliability issues not anticipated by those who wrote > the operating system for the laptop computer. Amen. The Register on Matrix too: http://www.theregister.co.uk/2005/04/12/laptop_triggered_landmine/ (Any comments about "minefield" testing a new technology?) With the US being one of the few holdouts against the ban on landmines, there are predictable concerns about the danger the new mines hold for civilian populations. However, there would also seem to be any number of potential dangers to the troops using them. There are very few details provided in regard to the new mines. There appear to be different types. They have some kind of wireless capability. (The CNN article refers in one place to yards, and another to more than a mile. Of course, if it's designed for yards and someone has a good antenna ...) They have remote detonation capability. Based upon what is said, we can determine some additional aspects of the technology, as well as surmise more. They likely communicate via radio frequencies. They will have some kind of (likely minimal) software for reception of signal, authentication, and activation. (Deactivation is likely accomplished by activating the mine when [hopefully] nobody is around.) The mines are probably individually addressable: blowing an entire minefield for a single intrusion would not seem to be an effective use of resources. Radio communication would imply that either the mines are battery powered, or that they contain an antenna and transponder. Given the purpose and use of mines, it is likely that there is an alternate and more standard triggering mechanism such as pressure plates or tripwires that does not require wireless activation. There are, of course, other more advanced possibilities for such a technology. Mines could be remotely enabled and disabled, could communicate with each other, or could communicate sensor results with a central location. However, these functions are unlikely in a first generation device. The potential risks are numerous. With radio communications mines that are buried, or placed under or behind metal or water, may fail to detonate when needed, or deactivate. Any kind of software is, of course subject to failures (which, in this case, could be literally catastrophic). Authentication would be a fairly major issue: sniffing of radio traffic could easily determine commands, replay attacks, static passwords, or number sequences. (Note that the mines require "minimal training" for use.) Failure of authentication could, again, result in failure of either detonation or deactivation. Battery failure would be an issue and therefore transponders are more likely, but transponders would be more difficult to troubleshoot. (Should the transponders retransmit? That would assist with finding and disarming mines, but broadcasting a signal with known improper authentication would result in a means of determining the location of mines.) Overall, mines still seem to be a pretty bad idea. [Ed. Let's please allow this thread to die out, or get back to issues directly related to software security per se. KRvW] ====================== (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] The Internet may promise to improve the way we educate and learn, but so did early television. TV technology has instead reduced our attention spans, reduced intellectual conversations to sound bits, and left us with the impression that in order to be informed, we must first be entertained. - Lew Platt, of HP http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade