Mission of Honor eARC - is Sandra Crandall's death missing?

And you already had the possibility that there would have been an officer standing next to Daniels you could have tackled him as seen as it punched the panic butter, but before he finished punching in the destruct code - at which point the whole plan comes unglued.

Didn't it take Shannon Foraker several WEEKS to get the code into the State Security's SD's to get them to drop reactor containment?

Small bits in many,many strategy updates, and then "Oops".

kzt wrote:It would be petty easy to have it also activate a logic bomb that turns off the reactor containment in say 900 seconds. Which should be plenty of time for missiles to arrive.

I assume if you're trying to nannite zombie this it would have to be a two stage thing. Fist pay someone to pre-instal the logic bomb and link it to a simple trigger. Then have a nannite controlled dupe activate the trigger.

As Rincewind pointed out actually programming the reactor glitch is too complicated for direct nannite programming. But I guess you could substitute the reactor code glitch for the bomb they installed; same basic setup and plan just with larger results.
Though you might be able to rid a link to send a remote detonation command to trigger the glitch; without needing the zombie...

kzt wrote:It would be petty easy to have it also activate a logic bomb that turns off the reactor containment in say 900 seconds. Which should be plenty of time for missiles to arrive.

An even easier trigger to the logic bomb is to blow the ship 10 seconds after the laser clusters fire.

and it dosen't need to turn off the reactor containment, which I imagine had oodles of safegards to prevent that, but there would be lots of ways to blow a ship, as foraker and harkness have demonstrated two of them.

Rincewind wrote:There would be no earthly reason for there to be a connection between his station & the ship's systems, particularly the reactor systems: (unless you suggest that PO Harder increased her risk of getting caught by wiring in a connection that someone could quite likely have spotted).

I tend to suspect that the flag systems are deeply connected into the communications and sensor platforms. And given how much contempt a RMN tech had for the SLN's security... (Note this wasn't a technical intel expert from RMN intel, that was a fleet officers opinion.) My suspicion is that if you are totally inside the SLN (as the MA is), have been for years (as the MA has been) and have the ability to produce "genuine" faked up orders (like the MA can) you will have very little difficulty in making subtle modifications to minor areas of the code.

The recent series of people finding years old critical security bugs in open source libraries used by much of the worlds programmers (all of which were in theory reviewed by lots of experts) suggests how hard these kind of flaws are to spot even when they are not carefully hidden by experts inside classified object code.

I suspect the MA can essentially make a SLN force see whatever they want to see by overriding the actual sensor inputs with phony data, can override the helm with their own commands and can both reprogram and fire missiles as long as they are not mechanically disabled. Fly by wire sucks when someone hostile owns the wires.

kzt wrote:

Rincewind wrote:There would be no earthly reason for there to be a connection between his station & the ship's systems, particularly the reactor systems: (unless you suggest that PO Harder increased her risk of getting caught by wiring in a connection that someone could quite likely have spotted).

I tend to suspect that the flag systems are deeply connected into the communications and sensor platforms. And given how much contempt a RMN tech had for the SLN's security... (Note this wasn't a technical intel expert from RMN intel, that was a fleet officers opinion.) My suspicion is that if you are totally inside the SLN (as the MA is), have been for years (as the MA has been) and have the ability to produce "genuine" faked up orders (like the MA can) you will have very little difficulty in making subtle modifications to minor areas of the code.

The recent series of people finding years old critical security bugs in open source libraries used by much of the worlds programmers (all of which were in theory reviewed by lots of experts) suggests how hard these kind of flaws are to spot even when they are not carefully hidden by experts inside classified object code.

I suspect the MA can essentially make a SLN force see whatever they want to see by overriding the actual sensor inputs with phony data, can override the helm with their own commands and can both reprogram and fire missiles as long as they are not mechanically disabled. Fly by wire sucks when someone hostile owns the wires.

I doubt if they go that far, simply because they don't have a continuing need for it, and the KISS principle suggests that, the more activity you do, the more likely you are to be caught at it. (Gilding the lily is another word for this anti-pattern.)

They may have the SLN's administrative systems riddled with back doors, but even then I doubt it. There's enough corruption already in the SLN that all they have to do is take advantage of it.

JohnRoth wrote:

kzt wrote:I tend to suspect that the flag systems are deeply connected into the communications and sensor platforms. And given how much contempt a RMN tech had for the SLN's security... (Note this wasn't a technical intel expert from RMN intel, that was a fleet officers opinion.) My suspicion is that if you are totally inside the SLN (as the MA is), have been for years (as the MA has been) and have the ability to produce "genuine" faked up orders (like the MA can) you will have very little difficulty in making subtle modifications to minor areas of the code.

The recent series of people finding years old critical security bugs in open source libraries used by much of the worlds programmers (all of which were in theory reviewed by lots of experts) suggests how hard these kind of flaws are to spot even when they are not carefully hidden by experts inside classified object code.

I suspect the MA can essentially make a SLN force see whatever they want to see by overriding the actual sensor inputs with phony data, can override the helm with their own commands and can both reprogram and fire missiles as long as they are not mechanically disabled. Fly by wire sucks when someone hostile owns the wires.

I doubt if they go that far, simply because they don't have a continuing need for it, and the KISS principle suggests that, the more activity you do, the more likely you are to be caught at it. (Gilding the lily is another word for this anti-pattern.)

They may have the SLN's administrative systems riddled with back doors, but even then I doubt it. There's enough corruption already in the SLN that all they have to do is take advantage of it.

In SL systems there is definitely a connection between the flag computers and the ship computers. They may even be on the same system, otherwise bing would net have been able to access a private report sent to his flag captain.

I'd lay odds that PN systems design was moulded to a considerable degree by the people they were getting tech advice from - the same people who designed and built a significant fraction of the SLN, and probably encouraged the practices they were accustomed to following; you may recall that the fences separating Tepes' systems were of doubtful value. What happened with Maitland's reports would not have come as a surprise to either the RMN or the RHN, or at least not those with some idea of how the Great Escape was pulled off. The notion that pre-installed worms anywhere on the ship could be triggered from a command console on Oppenheimer's flag bridge is not the least bit far-fetched.

As an aside, I'd put even more on the proposition that Harkness would have a much harder time pulling that stunt off on current-model RHN systems. At the least, he'd have to start from something a lot higher-grade than a gaming console!

darrell wrote:
In SL systems there is definitely a connection between the flag computers and the ship computers. They may even be on the same system, otherwise bing would net have been able to access a private report sent to his flag captain.

kzt wrote:

Rincewind wrote:There would be no earthly reason for there to be a connection between his station & the ship's systems, particularly the reactor systems: (unless you suggest that PO Harder increased her risk of getting caught by wiring in a connection that someone could quite likely have spotted).

I tend to suspect that the flag systems are deeply connected into the communications and sensor platforms. And given how much contempt a RMN tech had for the SLN's security... (Note this wasn't a technical intel expert from RMN intel, that was a fleet officers opinion.) My suspicion is that if you are totally inside the SLN (as the MA is), have been for years (as the MA has been) and have the ability to produce "genuine" faked up orders (like the MA can) you will have very little difficulty in making subtle modifications to minor areas of the code.

The recent series of people finding years old critical security bugs in open source libraries used by much of the worlds programmers (all of which were in theory reviewed by lots of experts) suggests how hard these kind of flaws are to spot even when they are not carefully hidden by experts inside classified object code.

I suspect the MA can essentially make a SLN force see whatever they want to see by overriding the actual sensor inputs with phony data, can override the helm with their own commands and can both reprogram and fire missiles as long as they are not mechanically disabled. Fly by wire sucks when someone hostile owns the wires.

Kzt, many of those security bugs inherent in old software are as a result of those programmers "cribbing" the code.

Cribbing, borrowing code, was big back then. And many programmers did so without first properly vetting the code. Heck, many routines were just pulled off of BBS's. In the early days of computing, time to market was more important than security.

(Not sure it has changed any for Microsoft with their seemingly 'publish now, patch later' philosophy.)

Code monkeys like myself, who wrote code from scratch was in great demand and it is how I got in the business. But coding all of a C program or assembly from scratch back in the day just wasn't practical. I was coding in my secret weapon, Lisp - which allowed me to develop from scratch. And the time savings of Lisp produced code of which many companies couldn't compete - without cribbing and the inherent bugs of unvetted code.

I'm rewriting some old code now that has that problem. Also, some code doesn't have "inherent" bugs or flaws, but bugs and flaws produced from the introduction of modern capabilities that were NOT capabilities of an OS and software in general, when first coded.

Edit:
The cribbing problem persists even today and is getting worse as code is purchased from third parties and unvetted.

Rincewind wrote:There would be no earthly reason for there to be a connection between his station & the ship's systems, particularly the reactor systems: (unless you suggest that PO Harder increased her risk of getting caught by wiring in a connection that someone could quite likely have spotted).

kzt wrote:I tend to suspect that the flag systems are deeply connected into the communications and sensor platforms. And given how much contempt a RMN tech had for the SLN's security... (Note this wasn't a technical intel expert from RMN intel, that was a fleet officers opinion.) My suspicion is that if you are totally inside the SLN (as the MA is), have been for years (as the MA has been) and have the ability to produce "genuine" faked up orders (like the MA can) you will have very little difficulty in making subtle modifications to minor areas of the code.

The recent series of people finding years old critical security bugs in open source libraries used by much of the worlds programmers (all of which were in theory reviewed by lots of experts) suggests how hard these kind of flaws are to spot even when they are not carefully hidden by experts inside classified object code.

I suspect the MA can essentially make a SLN force see whatever they want to see by overriding the actual sensor inputs with phony data, can override the helm with their own commands and can both reprogram and fire missiles as long as they are not mechanically disabled. Fly by wire sucks when someone hostile owns the wires.

cthia wrote:Kzt, many of those security bugs inherent in old software are as a result of those programmers "cribbing" the code.

Cribbing, borrowing code, was big back then. And many programmers did so without first properly vetting the code. Heck, many routines were just pulled off of BBS's. In the early days of computing, time to market was more important than security.

(Not sure it has changed any for Microsoft with their seemingly 'publish now, patch later' philosophy.)

Code monkeys like myself, who wrote code from scratch was in great demand and it is how I got in the business. But coding all of a C program or assembly from scratch back in the day just wasn't practical. I was coding in my secret weapon, Lisp - which allowed me to develop from scratch. And the time savings of Lisp produced code of which many companies couldn't compete - without cribbing and the inherent bugs of unvetted code.

I'm rewriting some old code now that has that problem. Also, some code doesn't have "inherent" bugs or flaws, but bugs and flaws produced from the introduction of modern capabilities that were NOT capabilities of an OS and software in general, when first coded.

OK. Let's start inspecting the rivets. In a system like a warship, everything is connected. That doesn't mean that everyone can get to everything from anywhere. The physical connection exists but the logical connection doesn't. Nobody on the flag bridge should have the authorizations to see into the reactor controls. One of the six basic security principles, if properly implemented, would have prevented it: defense in depth. That means that the attempt would have to go through multiple security checkpoints. A second security principle - diversity of defense - would make it harder for a hacker to bypass each checkpoint because what worked for one wouldn't work for the next.

Security is a game of details. Miss a detail and you've left a hole that a clever opponent can exploit. There's a big difference between "nobody on the flag bridge should have the authorizations to the reactor controls," and "no terminal on the flag bridge can access the reactor controls."

Computer security is a specialization; the average programmer doesn't know enough about it to reliably create secure programs. If ce did, there would be a lot fewer SQL injection and HTML injection exploits.