Category Archives: History

History, Security

This Day in History 1944: the 584th Squadron of the 394th Bomb Group

7 Comments

An American “Martin Marauder” in the 584th Squadron of the 394th Bomb Group — the “Bridge Busters” — was shot down over France on this day in 1944 during mission #148.

Captain Harper and his crew were flying in the lead position of the second box of the formation bombing Neuweid, Germany when their B26 received a direct hit from anti aircraft fire, burst into flames and crashed. No parachutes were observed by other crews, but Sgt Howard Mote was later reported as a POW, the rest of the crew were killed.

    Captain Lawrence P. Harper – Zachary Taylor National Cemetery
    1/Lt William Andrews – Zachary Taylor National Cemetery
    1/Lt Paul Stephens – Arlington National Cemetery
    1/Lt James Harrison – American Cemetery in the Netherlands
    2/Lt Kenneth Wolf – Zachary Taylor National Cemetery
    T/Sgt James Kelly,Jr. – Zachary Taylor National Cemetery
    S/Sgt Stuart Ottenheimer (second from right above – born August 7, 1922) – Zachary Taylor National Cemetery (Section E Plot 169-170)
    Sgt Ralph Pagano – Zachary Taylor National Cemetery

394th Bomb Group Insignia

Some interesting B-26 footage can be seen in this collection of propaganda films called Martin Marauder in Action

The B-26 had a very high rate of accidents in takeoff and landing until crews were trained better and (perhaps more importantly) an aspect ratio design was modified on its wings/rudder.

The following United States War Office Official Training Film 1-3301 How to Fly the B-26 Airplane was for pilots who had to fly what unofficially became known as the “Widowmaker”. Note that the lead character says

Life Begins With a Checklist…and it May End if You Don’t Use It

History, Security

Fuzz and the NeXT Computer

Leave a comment

For some reason I have been hearing a lot of reminiscing lately about the NeXT Computer. Perhaps it is the unfortunate passing of Steve Jobs at an early age that has led people to have fond memories of his various projects and companies.

Two things stand out in my mind when I think of NeXT.

First, my college chemistry department had a lab of them but they were rarely used. For those who owned their own Amiga, far more powerful and capable computers, there was no comparison. BeOS (also started by an ex-Apple executive, Jean-Louis Gassee) was a better comparison to the Amiga due to more advanced multi-media that has become the hallmark of Apple. It lost out to NeXT in an acquisition decision by Apple and then seemed to disappear, but I digress.

The donated NeXT Slabs sat in the lab, more aesthetically pleasing than everything else, much like Apple products are today, but that did not make them popular. They were fine as network terminals but the physical looks of a terminal back then did not compensate enough to draw anyone to them.

NeXT Slab

And that’s a good segue to the second thing I remember. The fuzz analysis done by Barton Miller roasted the security of NeXT Computer.

Here’s a slide from his presentation called Fuzz Revisited in 1995, a follow-up to a 1990 fuzzing test, that shows up to 43% of utilities crashed on commercial UNIX.

43% is actually the NeXT. Ouch, now that’s what I call fuzzy memories. The other flavors you see listed in the slide above averaged about half as many security failures.

Food, History, Security

US Security Experts Bemoan “Colander” Model

Leave a comment

Note that some of the most effective armor technology on land and sea uses a porous model.

First, take for example a visionary in World War I realized it’s better to be flexible in order to make breaches quickly disappear (render them ineffective) rather than to try only to prevent them (allow cracks to form in a solid and be exploited). That idea led to self-sealing fuel tanks for aircraft and vehicles.

The US military is still funding research to find ways to use a flexible yet porous membrane to prevent leakage for water tanks as well as fuel. Here is a typical modern breach response study application:

…enable vehicle operation in hostile environments and minimize loss of fuel due to a direct/indirect hit…

Second, another interesting example is a membrane developed on submarines in World War II that can subdue enumeration (e.g. sonar) by an attacker. An anechoic tile is porous enough to allow signals in yet prevent them from a “bounce” back out. Porous sound canceling material also can be found in recording studios.

Anechoic Tile

Third, polytetrafluoroethylene (often known for its use in Gore-Tex) is another great example since it is used to make fabric waterproof yet breathable — porous yet impermeable.

Gore-Tex Schema

I said earlier to take note of the porous model because Wired has offered the following chilling quote in a story called Darpa Begs Hackers: Secure Our Networks, End ‘Season of Darkness’ about the state of American cyber security.

U.S. networks are “as porous as a colander,” Richard Clarke, the former White House counterterrorism chief turned cybersecurity Cassandra, told a packed ballroom.

He says that like being porous is a bad thing. I would rather hear response time is inadequate or that the US needs to develop better tools for the job to distinguish friend from foe (e.g. grapes from water)

Colander in action

Begging hackers to develop a perimeter with no holes, or to imply that a security barrier should never be porous, will trend things worse not better. It would be more effective to spend resources (beg hackers) to help on threat recognition, redirection and response.

A solid perimeter will never be truly solid as history shows time and time againand again.

US Commodore Perry's Ships Breach the Japanese Perimeter in 1853

To retain and protect assets while dispensing/releasing threats, which is exactly what a colander is designed to do (and why a chef uses one), is not an inherently bad model. As the military examples show above there is a long history of developing highly technical colanders that provide an efficient security solution to handle even the highest risk environments.

History, Security

US Federal CIO calls for Security and Innovation

Leave a comment

Steven VanRoekel, the former Microsoft executive and newly appointed Federal Chief Information Officer, has presented his first keynote.

He seems to say the choice between innovation and security is a false dichotomy — you can have both.

Now there are some who say we shouldn’t invest in government information technology in this fiscal environment, or use concerns about cyber security as a blanket excuse to preserve the status quo.

But if anyone doubts that now is the time to invest, consider the fact that more than half of the Fortune 500 companies were founded during an economic downturn. When forced to do more with less – when there is no alternative but to create a better way to get things done – that is when the real breakthroughs occur. In tough times, visionaries and risk-takers can tap into underutilized human capital, technology, information and other resources, picking up the pieces to reassemble them into something completely new.

Excellent point. Innovation is a great by-product of security (e.g. can’t innovate where/how you want if you have to spend your time/money fighting attacks) not to mention security innovation itself is a growth area.

His presentation was at the Palo Alto Research Center (PARC) and he made reference to its important role in American history.

When I was growing up in the 80s, I remember hearing people say that America was “destined” to be a service economy. We didn’t make anything anymore – our best days were behind us. But then ideas like those that came out of PARC helped spark a technology revolution that reestablished America’s leadership and launched the innovation economy.

Nicely said, but I call that a false dichotomy. American companies do not have to innovate in order to make things. Just look at Microsoft.