Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Canadian Who Holds the Key To the Internet

Soulskill posted more than 4 years ago | from the hope-nothing-breaks-during-hockey-season dept.

Canada 199

drbutts writes "The Toronto Star has an interesting story on how they are securing DNS: 'It's housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet. Were it to be lost — either through a catastrophic physical or cyber attack — it could be recreated by seven individuals spread around the globe. One of them is Ottawa's Norm Ritchie. Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web."

cancel ×

199 comments

Sorry! There are no comments related to the filter you selected.

Really two different halves (3, Interesting)

XanC (644172) | more than 4 years ago | (#33092962)

The story I read said that any four of these seven must get together at one of these bases. That seems to indicate that each one has half of the key. Two of them, if they were the right two, could do it. But having four out of seven guarantees that you have at least one copy of both halves.

Re:Really two different halves (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#33092974)

The story I read said that any four of the seven must get together at one of these caches. That seem to indicate that each one has one half of the moon stone. Two of them, if they were the right two, could do it. But having four out of seven guarantees that you have at least one copy of both halves.

Re:Really two different halves (5, Informative)

joeflies (529536) | more than 4 years ago | (#33092988)

The article does state that you need 5 of 7 to restore.

Re:Really two different halves (4, Informative)

XanC (644172) | more than 4 years ago | (#33093010)

Looks like you're right; they appear to be using an implementation of Shamir's Secret Sharing [wikipedia.org]

Re:Really two different halves (1)

cjcela (1539859) | more than 4 years ago | (#33093062)

Yes, that is what I was thinking too.

Re:Really two different halves (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33093260)

Yes, that is what I was thinking too.

I was thinking of a nigger joke myself. Fuck that, how about a Jew joke? or two?

Why do Jews have such huge noses? Because air is free.

How was copper wiring invented? By two Jews fighting over a penny.

Re:Really two different halves (1, Insightful)

PAjamian (679137) | more than 4 years ago | (#33093234)

I was thinking something similar to the way RAID6 [wikipedia.org] is implemented, where you have five blocks of data plus two parity blocks so that any two block devices can be missing and all the data can still be reconstructed. This could easily be adapted on a smaller scale to work with key-sharing.

Re:Really two different halves (1)

syousef (465911) | more than 4 years ago | (#33093422)

Looks like you're right; they appear to be using an implementation of Shamir's Secret Sharing [wikipedia.org]

That sounds like the Arabic version of the Colonel's 7 secret herbs and spices. [kfc.com]

Re:Really two different halves (1)

Dahamma (304068) | more than 4 years ago | (#33093488)

Seven? SEVEN!? No, man, no! 11's the key number here. Think about it. 7-Elevens. 11 chipmunks twirlin' on a branch, eatin' lots of sunflowers on my uncle's ranch. You know that old children's tale from the sea. It's like you're dreamin' about Gorgonzola cheese when it's clearly Brie time, baby. Step into my office.

Re:Really two different halves (0)

Anonymous Coward | more than 4 years ago | (#33093604)

Cause you're fired!

Re:Really two different halves (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33093030)

The article does state that you need 5 of 7 to restore.

So if three of them should happen to suffer an unfortunate "accident", everything is totally screwed?

Re:Really two different halves (4, Insightful)

JWSmythe (446288) | more than 4 years ago | (#33093164)

    Yup. Poor disaster planning.

    They've never heard of assured continuity. It's a good plan if all other services are ok. If I read it right, the folks need to gather at a known point. That would assume air travel was still viable. We saw that stop during 9/11. Since they're smart cards, I'm assuming it would require the appropriate smart card readers. If the physical locations where they are to assemble aren't accessible, that makes it a bit rough. They mention two US sites as the places to gather, so civil unrest in the US could severely limit travel. While us Americans are very America-centric, I'm sure the rest of the world wouldn't be totally delighted if their Internet services stopped working just because we were having problems.

    If it does take 5 of 7 to restore the key, that could be problematic. They named one. I'm sure brute force decryption (i.e., torture) could find out who at least two others are. So if 3 were taken out of the equation, that leaves 4 to carry on. As time goes on, it would be a shame if the cards were lost. Just because you stuck it in the safe doesn't mean that safe will always be the one you use. People move. Offices change. People die. When Joe-key-holder dies, and his coworkers don't realize what the keys are, they could easily end up in a file box marked "Joe's office stuff", and stuck in storage to be forgotten about after a few years of staff churn.

    I don't see it as catastrophic. It's about as rough as when we were told "be sure to update your named.root file." Lots of people did it. Lots of people who should have didn't know. Even if you missed it, it didn't really break anything very much.

   

Re:Really two different halves (1)

EricJ2190 (1016652) | more than 4 years ago | (#33093244)

They wouldn't even have to torture anyone. All seven identities are known. Bruce Schneier named two in his blog, and all seven can be found in the comments.

Re:Really two different halves (2, Funny)

JWSmythe (446288) | more than 4 years ago | (#33093782)

    But, that's half the fun. Damn.

Re:Really two different halves (3, Insightful)

thej1nx (763573) | more than 4 years ago | (#33093266)

As time goes on, it would be a shame if the cards were lost. Just because you stuck it in the safe doesn't mean that safe will always be the one you use. People move. Offices change. People die. When Joe-key-holder dies, and his coworkers don't realize what the keys are, they could easily end up in a file box marked "Joe's office stuff", and stuck in storage to be forgotten about after a few years of staff churn.

I am pretty sure if you are one of the only seven people in the world to be trusted with the responsibility of a certain item, you will just "forget" it when you move.

When you come up with outlandish theories, at least use common sense. It is perfectly possible that the card gets stolen by a burglar who doesn't realizes what it is. And even then it will at least be reported and appropriate measures taken. You seem to have picked up some curious notion that nobody had the foresight to keep a note on the whereabouts and well-being of these individuals("Where are those cards again? I dunno... some dude was supposed to have them. Not sure where they are now, or who they were... we sent them deep undercover you see, to protect them against torture from enemy agents!").

This is just a mere precaution of not keeping their eggs in one basket, since losing the key will indeed be catastrophic to DNSSEC. If anything, it is obviously just one of the many other backups they have.

Re:Really two different halves (4, Funny)

slick7 (1703596) | more than 4 years ago | (#33093774)

Yup. Poor disaster planning.

More like typical disaster planning.

Re:Really two different halves (2, Interesting)

crossmr (957846) | more than 4 years ago | (#33093910)

if their Internet services stopped working

This wouldn't happen.
While Domain name resolution would stop working, if there was some kind of emergency situation, lists could be published of ip addresses for each site.
Domain name resolution is convenient it isn't required for operation.
The government of the country in question could also fire up their own DNS system and publicly publish the address for it so that citizens could use it.

Re:Really two different halves (2, Insightful)

PAjamian (679137) | more than 4 years ago | (#33093242)

No, for everything to be totally screwed, the full key held at the two secure facilities in the US would have to be lost or destroyed plus the keys held by three of the "key-holders" would have to be lost or destroyed as well.

Re:Really two different halves (0)

Anonymous Coward | more than 4 years ago | (#33093012)

Not necessarily. They could have 210 encrypted copies of the key, made generally available, without authentication. Being encrypted, it wouldn't matter if they fall into the wrong hands. Each combination of 4 people would result in exactly one of those 210 keys being decryptable, which would yield the actual key to reconstruct it.

Or, maybe they each have a public/private keypair, and all DNSSEC software is simply configured to only accept a complete rebuild if it is signed by any 4 of the 7.

Re:Really two different halves (2, Informative)

Anonymous Coward | more than 4 years ago | (#33093018)

No, if they say 4 of 7, then they probably really in fact mean 4 of 7. You are right that having just 2 pieces and distributing copies of them would get the situation you describe (well, actually, it would require 5 of 7 as 4 people would have one half and 3 would have the other half), but algorithms exist to split a key into any number of a pieces and require any number of those pieces to get a full key. Basically, just make a PAR [wikimedia.org] of the key with the desired amount of redundancy and hand out equal sized chunks of the file. This is probably not exactly what they do, but it would work similarly.

Re:Really two different halves (2, Informative)

Actually, I do RTFA (1058596) | more than 4 years ago | (#33093024)

There's no need to split it up so simply. There are ways of splitting up a dataset in 7 such that any 4 can reconstitute it without allowing any handpicked 3 to be able to do so.

An example, where you wanted to require two of three could be accomplished by splitting the key and a random number into thirds. Each party would get 1/3 of the key, 1/3 of the random number and 1/3 of the XOR of the two. Then any two can determine the whole key (assuming they knew which one of their thirds each section was, of course). It's generalizable to 4 of 7.

Re:Really two different halves (2, Insightful)

LambdaWolf (1561517) | more than 4 years ago | (#33093138)

Or even better, use a cryptographically secure secret sharing scheme, [wikimedia.org] and use the shared secret as a symmetric key to encrypt whatever other data if necessary. Then (if I'm interpreting your post correctly) you wouldn't have to worry about which parties got which segment of the key. In fact, I believe that's just what they're doing. Bruce Schneier had a post on it [schneier.com] the other day.

Re:Really two different halves (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33093034)

The story I read said that any four of these seven must get together at one of these bases. That seems to indicate that each one has half of the key.

Nonsense. Just splitting the key in half would be stupid. There are more systems that really can require at least 4 of the 7 to work and will work with any 4 of the 7. Threshold Cryptosystem [wikipedia.org] .

Re:Really two different halves (0)

MikeFM (12491) | more than 4 years ago | (#33093270)

And one ring to control them all? It sounds like the plot to a fantasy novel.

So what would happen if all seven people were eliminated?

Re:Really two different halves (0)

martin-boundary (547041) | more than 4 years ago | (#33093296)

Funny how the mind interprets things. To me it sounds more like the beginning of a James Bond thriller.

*pinky to mouth*

My first thought... (5, Funny)

Anonymous Coward | more than 4 years ago | (#33093352)

Earth! Fire! Wind! Water! Heart!

It'd be awesome if they yelled that out as they each scanned their cards.

Re:Really two different halves (1)

mysidia (191772) | more than 4 years ago | (#33093384)

When a key is divided, none of the key bits are revealed. Here's how you divide a key in half: (1) You have an original key (Ks).
(2) You generate a true random number (K1).
(3) You XOR the key by the true random number to give you K2.
(4) You distribute K1 to person 1
(5) You distribute K2 to person 2

Neither person has 'half' of Ks, but both secrets must be known to recover Ks.

Now... how do you divide a key into 7 pieces and require 5 to be present, is trickier, but the concept is the same. Generate 7 random numbers, and distribute to all 7 people additional values derived from combinations of the other 7 keys, such that the original key can be derived for all possible combinations of 5 "key" holders, but no combinations of a smaller amount.

5 of the people holding the RKSH role are required for recovery operations.. recovery operations could be needed, if a hardware security module is destroyed, fails, or can no longer be operated.

The hardware security module itself holds the actual key internally in tamper-resistant packaging.

The RKSH people with smart cards don't possess the key, but possess information that can be used to rebuild the internal key of the HSM.

Re:Really two different halves (1)

leto (8058) | more than 4 years ago | (#33093654)

It's 4 out of 7 to get the key that can decrypt the backup. The backup is not in the hands of the 7,so they cannot do anything by themselves!

Re:Really two different halves (1)

slick7 (1703596) | more than 4 years ago | (#33093758)

The story I read said that any four of these seven must get together at one of these bases. That seems to indicate that each one has half of the key. Two of them, if they were the right two, could do it. But having four out of seven guarantees that you have at least one copy of both halves.

Don't forget the two complete sets that I have in a shoe box next to my underwear.

Re:Really two different halves (0)

Anonymous Coward | more than 4 years ago | (#33093992)

5 would be more correct, you have 4 of the same halves and 3 of the same halves, with 4 you could still have only half the key.

Not good (5, Insightful)

countertrolling (1585477) | more than 4 years ago | (#33092978)

The internet is supposed to be able to repair itself. You know, route around damage and stuff? This all sounds as fragile as our transportation system when merely threatened with an explosive device, bringing it to a complete halt. Is our entire food supply this flimsy?

Re:Not good (1)

DarkKnightRadick (268025) | more than 4 years ago | (#33093004)

Is our entire food supply this flimsy?

Nothing is immune from attack. Some attacks might take more thought, but are no harder to pull off.

Re:Not good (3, Funny)

Barny (103770) | more than 4 years ago | (#33093026)

Think about it, if walmart lost their supply chain, probably 1/3 of Americans would die of malnutrition within a week, or gain 50kg from the take out consumed.

To be honest, the "internet" would keep going, and does indeed route around damage, but the "web" would have the computer version of a stroke if you dropped the root DNS.

Re:Not good (3, Funny)

rolfwind (528248) | more than 4 years ago | (#33093074)

Think about it, if walmart lost their supply chain, probably 1/3 of Americans would die of malnutrition within a week, or gain 50kg from the take out consumed.

Walmart is nutritious AND less calories than take-out?! BTW, Americans don't gain kg, pounds or lbs, sure, but not kg.

Re:Not good (1)

Tubal-Cain (1289912) | more than 4 years ago | (#33093134)

Walmart is nutritious AND less calories than take-out?!

What food is available at your Wal-Mart? There are only two kinds at my local one: McDonald's, and ordinary grocery.

Re:Not good (1)

PitaBred (632671) | more than 4 years ago | (#33093466)

And the ordinary grocery is as cheap as it gets. Try comparing nutrition contents between generics and the name-brand sometime. It's amazing how different they can be.

Re:Not good (1)

j_sp_r (656354) | more than 4 years ago | (#33093752)

Never saw brand name cauliflower

Re:Not good (0)

Anonymous Coward | more than 4 years ago | (#33093572)

Remember a while back when Sam's Club forgot to order rice and ran out and people flipped the fuck out thinking that it was the end of the world and we're all going to starve?

Re:Not good (1)

Ethanol-fueled (1125189) | more than 4 years ago | (#33093036)

Eh. And nothing of value was lost anyway. 'Cept for trollin' Slashdot.

Re:Not good (0)

Anonymous Coward | more than 4 years ago | (#33093310)

Eh. And nothing of value was lost anyway. 'Cept for trollin' Slashdot.

What, you don't have Slashdot's IP address memorized?

Re:Not good (5, Informative)

nacturation (646836) | more than 4 years ago | (#33093048)

The internet is supposed to be able to repair itself. You know, route around damage and stuff?

The internet will continue to work fine. This only impacts DNSSEC and the ability to rebuild based on the private key distributed on those smartcards. If all 7 get assassinated and their smart cards hacked to bits with no backups, we can still revert to plain old DNS.

Re:Not good (1)

vlueboy (1799360) | more than 4 years ago | (#33093390)

If all 7 get assassinated and their smart cards hacked to bits with no backups, we can still revert to plain old DNS.

That makes sense. It is obvious that people would have problems with that, though. Some people prefer to fully "handle" a crisis even if there was none to begin with. Yet we tend to drown in a papercup instead of implement such solutions until a lasting one can be applied. For example: Y2K missile launches becoming imminent? turn back your clocks for a while; a bad clock can be fixed easier than you can give back lives lost.

Re:Not good (0)

Anonymous Coward | more than 4 years ago | (#33093098)

All you base are belong to us, eh.

Re:Not good (0)

Anonymous Coward | more than 4 years ago | (#33093636)

Is our entire food supply this flimsy ? Yes - It all depends on water (fresh / saltwater)

Re:Not good (2)

Vahokif (1292866) | more than 4 years ago | (#33093852)

This is like all the phone books in the world going up in flames. The network would still work, but you wouldn't know people's numbers.

Note that this has to do with (0)

Anonymous Coward | more than 4 years ago | (#33093016)

the *crypto signing* of the zone, not the *contents of the zone*, which are, of course, all over the place.

That would mean... (1)

Anachragnome (1008495) | more than 4 years ago | (#33093020)

That would mean that any successful attack on the system would have to include the kidnapping/assassination of at least six of these people. Plan for seven hits--the attackers could completely botch one attempt and still be successful. Pretty good odds.

Nice of them to provide names.

We don't live in the movies (4, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#33093146)

The world is not full of evil organizations who are thoroughly evil, yet well funded, that run around doing evil for its own sake. The likelihood of someone blowing up both facilities and kidnapping the people who hold the cards just to try and take down DNSSEC is pretty unlikely. I think this is more likely protection against hacking (which is much safer) or a gigantic mistake. Always good to ask the question "If everything fails, how are we going to rebuild it?" That's what this is.

Please remember that vast kidnapping conspiracies and so on require a lot of people acting in concert. That is hard to keep hidden. What's more in this case you'd be talking about something all over the world. You are also talking about something that would draw the wrath of the most powerful nations out there. The US (who holds the facilities), the UK, China, etc. It doesn't work like in James Bond where the baddies contact the government and they have to knuckle in unless a lone agent can bring them down. What happens is the governments send in hundreds of heavily armed, highly trained, soldiers that will kill or capture anyone who is involved, or perhaps just as likely simply destroys the building they are in with a well placed smart bomb from a bomber you cannot see.

The idea here seems to more be a final redundancy against a systems failure, but one where a single person can't go rogue and cause a problem.

So please, stop with the paranoid movie plots.

Re:We don't live in the movies (0)

Anonymous Coward | more than 4 years ago | (#33093188)

Hey now, Bush did 9/11. Crazy plots CAN happen when there is enough money involved for Blackwater/Halliburton/Arbusco.

Re:We don't live in the movies (1)

ducomputergeek (595742) | more than 4 years ago | (#33093194)

12-21-2012, the World wide intertubes crashes and now an international team of super hackers/spies must quickly move to find and safely bring together the seven cards before The Inventor (Al Gore) allows one ACTA to rule them all

hmmmm.......me thinks I should open up Celtx and start writing...

Re:We don't live in the movies (2, Funny)

Jeremi (14640) | more than 4 years ago | (#33093210)

So please, stop with the paranoid movie plots.

You have to admit this does provide the basis for a pretty good movie plot... I predict that Jason Bourne (or Robert Langdon, or Richard Stallman) will be trying to save at least 5 of these people on screen within a few years.

Re:We don't live in the movies (1)

Dhalka226 (559740) | more than 4 years ago | (#33093484)

I think this is more likely protection against hacking (which is much safer) or a gigantic mistake. Always good to ask the question "If everything fails, how are we going to rebuild it?" That's what this is.

Eh, maybe. That's perfectly reasonable of course, and they should have exactly that planning. But they're taking some strange precautions if that's all they're guarding against. Why physically separate the cards? That's just going to make any effort to restore after a gigantic mistake take even longer, which is highly undesirable. Why not a few safes, or a few safety deposit boxes or some such? "Hey Bill. We fucked up, we need your combination" is much faster than "we need you to fly down here." Especially if it's really some sort of disaster situation that destroyed the facilities to begin with, and it still limits the damage one rogue individual could do.

So the facility housing the cards could blow up -- fair enough. Two copies. Three. Twelve. Backups of the backups, so to speak. Have one set of copies per facility. Now if something happens to both sets, we really are talking some epic disaster or conspiratorial plot. And if not, again, so much easier to get things back on track.

Please remember that vast kidnapping conspiracies and so on require a lot of people acting in concert. That is hard to keep hidden.

Perhaps. And yet a number of frankly more complicated various terrorist attacks have succeeded, especially when they take place somewhere we're not expecting. It would be much harder to kidnap these people as some sort of blackmail plot, of course, but for anybody who's content with the damage they caused being reward enough, who wants you to panic and spend hundreds of millions of dollars trying to stop them from doing it again, it's much easier. How many billions did the US spend after 9/11? How many more billions were lost as the entire airline industry almost went under from sheer, baseless panic? It's not like the hijackers got rich; actually they got dead. Their damage was their reward.

Seven cards on seven guys takes, oh, about seven bullets. Doesn't even have to be the same time, though it's obviously easier if it is. How hard is that, really? Send some guys out, give them a date -- or hell, just tell them to keep CNN on until they see news that the facilities just got blown up. It would take some extra work to figure out where they keep the cards, I suppose, but the average person is going to keep them in a handful of potential locations. And even if you don't get it, you still greatly delay the rebuilding process.

The facilities themselves are the bigger trick. I know nothing about them so I can't even posit a guess as to how hard they might be to destroy in any meaningful way.

What happens is the governments send in hundreds of heavily armed, highly trained, soldiers that will kill or capture anyone who is involved, or perhaps just as likely simply destroys the building they are in with a well placed smart bomb from a bomber you cannot see.

Which is, no doubt, exactly what would happen. But that didn't deter bin Laden, did it? Nor did it catch him. Oh, we toppled a few governments who may or may not have been actually involved in ANY tangible way (much less directly with what happened) because, well, we like to blow shit up when something bad happens and governments and buildings and things we can clearly see from satellites are nice, easy targets. But the people who did it, by and large, have escaped.

Blackmail is a terrible idea for a lot of reasons, but again, people who consider the damage they cause to be payment enough are an entirely different story. The majority of this post-9/11 stuff is security theater not because it's an inappropriate thing to try or even because of how much we spend relative to the actual risks, it's theater because of how ridiculously hard it is to stop somebody who doesn't care if he kills himself in the process of getting his task done. Especially without trampling all over peoples' rights.

I don't find some sort of terrible terrorist event involving DNSSEC to be likely, much more because I don't think it is an important or exploitable enough thing to target than because it would be too hard to do so. You're probably right that if these cards were ever used, it would be due to some gigantic mistake or hacking incident. Even a disaster isn't likely given the physical distance between facilities. I just don't think it's as ridiculously outlandish as you do, and I think that where the price is likely to be a cute news story doesn't get written, an extra precaution like not giving out these guys' names is not unreasonable.

As an aside, of course it sounds like a paranoid movie plot. I'm sure the terrorist attacks that have happened seemed like one too, until they actually occurred. I'm not sure there was any movie about flying hijacked airplanes into buildings, but there were certainly many "terrorist hijacks a plane for mischief" plots -- Air Force One and Executive Decision both jump to mind, and Die Hard 2 was similar (though they hijacked the ATC to crash the planes instead). They're paranoid movie plots because of how ridiculously low the probabilities of them happening are, but as we all know, "ridiculously low" is not "zero." As I said, I'm not suggesting 9/11-scale ridiculousness, but there's no reason not to factor it into the planning. Especially when doing so requires so little extra thought or expense.

Re:We don't live in the movies (1)

interkin3tic (1469267) | more than 4 years ago | (#33093786)

The world is not full of evil organizations who are thoroughly evil, yet well funded, that run around doing evil for its own sake.

Alternatively, one or more of these evil-for-evil's-sake, well funded organizations do exist, and have just convinced you that they don't exist. Had you been wearing my tinfoil hat, that wouldn't have happened.

Re:We don't live in the movies (1)

JWSmythe (446288) | more than 4 years ago | (#33093880)

So please, stop with the paranoid movie plots.

    I love writing paranoid movie plots. I can give the fun details, without having to drag it out to be a feature length film, or even a single television episode.

    In my next episode, the secret evil government agency will start kidnapping Slashdot users with low UID's (see, you're safe), and post disinformation on their plans here, so anyone who thinks they know something about a secret government conspiracy can be written off as it being read on Slashdot first. :)

 

Re:That would mean... (1)

Martin Blank (154261) | more than 4 years ago | (#33093198)

Plan for seven hits--the attackers could completely botch one attempt and still be successful.

It's a 4-of-7 recreation set. You only have to knock out four to prevent the key being rebuilt. You also don't have to kill them -- just prevent them from remembering their passwords.

Re:That would mean... (0)

Anonymous Coward | more than 4 years ago | (#33093208)

The passwords are probably 1-2-3-4-5, and written on a post-it note on the monitors of their home computers...

Re:That would mean... (1)

JWSmythe (446288) | more than 4 years ago | (#33093212)

    Assassination is cheap. Kidnapping is expensive.

    All a working assassination takes is one nutjob with a gun. He doesn't even have to escape, if he's crazy enough. It really doesn't even require a gun, but it's much easier to pop a person than to do it in a whole variety of manual ways. Of course, people look at movies and think of all the other options. "We could plant a pound of C4 under his car, and detonate it with a cell phone." Ya, good luck there, First you have to get the C4 and detonator. Then you have to convert a cell phone to be a trigger. Then there's testing. If you don't test your trigger, how do you know it'll work when the time is right? We all get spam phone calls. One call offering you a free trip to Disney ruins the whole plan. Then you, of cours,e have to plant the charge undetected, and pray that the whole thing works. Way too many places for it to mess up. You'll probably get caught trying to buy the C4 on Craigslist anyways. :)

    Kidnapping takes significant planning. You have to get your guy in, and then both of them out without being detected. Then you need somewhere to store him. You gotta feed him, keep him healthy, etc, etc. A dead hostage isn't worth anything. An escaped hostage is not only not worth anything to you, but he'll point the cops right back to you. You have to keep the hostage alive and in custody to make it a viable plan.

    All in all, it's easier to let them keep their silly keys and their silly plan. For as much planning as that would take, you could hit the central depository for any major bank chain in a major city, and make a whole lot more profit. Those are a lot easier to find too. Follow the armored trucks. If you're feeling really ballsy, there are the federal reserve banks, and gold reserves. Bring big trucks though if you want the big score, The US has 12 reserve banks, and there are about 8,100 tonnes of gold in them, along with all kinds of other fun commodities. I'd give any plan on those about a 0.1% chance of success. :)

Re:That would mean... (1)

tylernt (581794) | more than 4 years ago | (#33093320)

I'm a little worried that you are so familiar with these topics. Please wait, police are enroute.

Re:That would mean... (0)

Anonymous Coward | more than 4 years ago | (#33093732)

You just wrote the lead-in to a Burn Notice script!

Hi. I'm Michael Westen. And if you need to get someone out of the way...

Re:That would mean... (1)

JWSmythe (446288) | more than 4 years ago | (#33093864)

    Oh, I'd love to write for someone like them. :) I can come up with all kinds of fun conspiracies, and ways criminals can do things. Talking to friends, I've worked through all kinds of different scenarios for crimes. Not that I'd do them, because I know my luck and I'd get arrested on the way to committing it. :) In the fictional contexts, it doesn't matter if the bad guy gets away or gets caught, I'm still free, and no one gets hurt.

    I'd get bored though. Not with writing conspiracies and spy thriller action, but when the bosses come in and say "This episode must include ....", and it's boring as shit, I wouldn't want to do it. Nifty thief steals an expensive painting/statue/jewelry from some uber-secure museum. Boring. They come in through an underground passage. They sneak in through a skylight dangling on ropes. They hide in the building until it closes, steal it, and then walk out in the morning like nothing happened. Like I said, it's all been done before. As it is, I already spot huge plot holes in Burn Notice. No good story should have a MacGuffin, Deus ex machina, pathetic plot device, etc, etc, just to make the plot work. "The robber steals the painting, runs out the side door, and someone happened to have left a Bugatti/Ferrari/Lamborghini with the engine running just outside the door. Or worse, a Mini Cooper, and the robber escapes making impossible maneuvers and then ditching the police in a narrow alley.

    And dear god don't make me write in where a hacker has to break into a computer to steal some classified information, and the password is the target's dog's name or the name, the name of their kids favorite stuffed animal, or the ex-girlfriend that he's been pining over for years.

    And .. no fucking stopping the bomb that's going to destroy the city or all of humanity, at 1 second before detonation by cutting a random wire. No, no, no, no, no and fuck that.

 

Re:That would mean... (1)

icebraining (1313345) | more than 4 years ago | (#33093826)

Then you have to convert a cell phone to be a trigger.

Well, supposing you buy the detonator along with the C4, you just need an electric charge, right? Just get the phone's ringer or vibration motor and cut the wires.
Maybe it's more difficult, but many of the people who have used it where not electrical engineers by any means, so it must not be terrible difficult.

We all get spam phone calls. One call offering you a free trip to Disney ruins the whole plan.

Oh, that I know how to solve.
1) Get a cheap Nokia.
2) Configure default ringtone to silent
3) Create new contact group
4) Set that contact group's ringtone to anything else
5) Add the number(s) who are supposed to control the detonation to the group
6) Profit?

Re:That would mean... (1)

JWSmythe (446288) | more than 4 years ago | (#33093892)

    Actually, if I know C4 and it's detonators right, the electrical charge goes to the small primer explosive, which detonates the whole package. I'd assume the vibrator motor could provide sufficient power, but it may need to trigger a relay to provide power from a larger power source (like a pack of D cell batteries). It makes "what wire do I cut" a lot easier. :)

so we know who the 7 key holders are... (0)

Adult film producer (866485) | more than 4 years ago | (#33093028)

wouldn't it be easy enough to just kill each of them and then launch an attack? I dont suppose these card holders wander around wearing body armor and drive in armored limos.

If all seven get together do they become Voltron? (2, Funny)

Pezbian (1641885) | more than 4 years ago | (#33093076)

Or do they summon Captain Planet? ...or Wilford Brimley?

Re:If all seven get together do they become Voltro (1)

Megahard (1053072) | more than 4 years ago | (#33093302)

Maybe the seven combine to form the soul of Lord Voldemort.

Re:If all seven get together do they become Voltro (1)

CharlyFoxtrot (1607527) | more than 4 years ago | (#33093930)

Or do they summon Captain Planet? ...or Wilford Brimley?

Gozer of course. "Are you the keymaster ?"

This reminds me of something. (1)

Adaeniel (1315637) | more than 4 years ago | (#33093086)

When your powers combine, I am Captain Internet!
Wait. That's not right.
Also, a question, which key holder is Ma-Ti?

seven? nine? three? (5, Funny)

chub_mackerel (911522) | more than 4 years ago | (#33093102)

Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions).

I thought the dwarves got seven cards. And, the humans got nine... and the elves three. Or, am I mixing something up?

Re:seven? nine? three? (1)

ducomputergeek (595742) | more than 4 years ago | (#33093218)

And Al Gore got one to rule them all? Hmmm....whiskey and slashdot don't mix well....

Re:seven? nine? three? (1)

frosty_tsm (933163) | more than 4 years ago | (#33093780)

I came to post something like this. I'm glad someone did it already (and did it well).

Re:seven? nine? three? (0)

Anonymous Coward | more than 4 years ago | (#33093944)

We are the dwarves

You might want to look up Dan Kaminsky (1, Interesting)

gearloos (816828) | more than 4 years ago | (#33093136)

I just heard a pretty good talk on DNSSEC at Blackhat and it wasn't quite like this... I'll leave it at that.

007 (2, Funny)

tsa (15680) | more than 4 years ago | (#33093140)

I see a new James Bond movie in the making here...

Hey! (0)

Anonymous Coward | more than 4 years ago | (#33093142)

I have that same combination on my luggage!

Condescending (0)

Anonymous Coward | more than 4 years ago | (#33093152)

Really tired of these summaries which assume we're morons and don't know what DNS/DNSSEC are.

Re:Condescending (1)

Lord Kano (13027) | more than 4 years ago | (#33093482)

You may know. I may know. Most of us may know. There are still a lot of people out there who don't understand how any of this works. To them it's just like magic.

LK

Re:Condescending (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33093568)

Except this is Slashdot, as low as the standard is if you look at other articles (such as the Science ones) there is this expectation that the reader isn't an idiot and knows something about the field already. If we wanted watered down crap we'd go to Digg.

Trust (1)

countertrolling (1585477) | more than 4 years ago | (#33093160)

I sure hope these guys have a good reputation [slashdot.org]

I'm sorry.... (1)

ducomputergeek (595742) | more than 4 years ago | (#33093168)

but this reads like an intro to a bad cyberpunk novel/movie....

Seven Individuals (1)

slater86 (1154729) | more than 4 years ago | (#33093186)

Haven't I seen this before somewhere?

http://www.zeldawiki.org/Sage [zeldawiki.org]

Seven, heh ? (5, Funny)

zzyzyx (1382375) | more than 4 years ago | (#33093200)

One Card to rule them all, One Card to find them,
One Card to bring them all and in the darkness bind them

Article Omega (2, Funny)

Da Cheez (1069822) | more than 4 years ago | (#33093202)

The truth is, these keys are really just a safe guard in case /. ever posts Article Omega, bringing about the systematic slashdotting of the ENTIRE INTERNET!!!

Wait, wut? (0)

Anonymous Coward | more than 4 years ago | (#33093314)

I thought the whole point of the Internet was that there was no "there", there.

Forget this high tech stuff, I am gonna order some cheap knives and canned goods while the Internet still works.

This, Jen, is the internet (4, Funny)

dangitman (862676) | more than 4 years ago | (#33093322)

Jen: What is it?
Moss: This, Jen, is the Internet.
Jen: What?
Moss: That's right.
Jen: This is the Internet?
[Moss is nodding his head]
Jen: (suspiciously) The whole Internet?
Moss: (agreeably) Yep. I asked for a loan of it, so that you could use it in your speech.
[Roy enters the room.]
Roy: (irritated) Hey! What is Jen doing with the Internet?
Jen: Moss said I could use it for my speech.
[Roy speaks to Moss in an edgy way.]
Roy: Are you insane? What if she drops it?
Jen: I won't drop it, I'll look after it.
Roy: No. No, no, no, no, Jen. [Takes the box back from Jen.] No, this needs to go straight back to Big Ben.
Jen: Big Ben?
Moss: Yep. It goes on top of Big Ben. That's where you get the best reception.
Jen: I promise I won't let anything happen to it.
Roy: No, Jen, I'm sorry. [Jen becomes woeful.] The elders of the Internet would never stand for it.

Re:This, Jen, is the internet (1)

buchner.johannes (1139593) | more than 4 years ago | (#33093642)

The elders of the Internet would never stand for it.
--
... and then they built the supercollider.

Your signature actually makes sense here.

Re:I don't care if you are from Iran (2, Informative)

AfroTrance (984230) | more than 4 years ago | (#33093668)

The key holders are the Elders of the Internet.

Al Gore? (0, Offtopic)

antdude (79039) | more than 4 years ago | (#33093328)

So Al Gore has a key! :D

Sensei (1)

lawnboy5-O (772026) | more than 4 years ago | (#33093368)

Look eye Daniel-son, Look eye!

Sure, there are seven of them now... (1)

Angst Badger (8636) | more than 4 years ago | (#33093372)

...but there can be only one.

And where are the mexicans? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33093398)

Why didn't they choose a Mexican as a TCR (Trusted Community Representative).

That exclusion is highly discriminative...

Re:And where are the mexicans? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33093456)

Where is he supposed to keep his flash memory? On the back of his goat?

Seven (1)

fahrbot-bot (874524) | more than 4 years ago | (#33093560)

The one authenticated map of the Internet.
Were it to be lost ... it could be recreated by seven individuals spread around the globe.

Here are the first three things I though after reading this. None are good...

Why the fuck are we being told this? (-1, Troll)

Fantastic Lad (198284) | more than 4 years ago | (#33093644)

I've been seeing this idiotic story floating around now for a couple of days.

What kind of retarded system is this? They don't have tape back-ups? Why would it have to be a "Everybody turn your super-secret key on five, four, three. . ."

Fuck this.

I'm REALLY getting tired of having the fear button punched in my brain. Fuck off. The internet is vulnerable. The planet is vulnerable. Everything is vulnerable. Oooooh. I'm really scared now. I'll let you scan my retinas at airports and x-ray my kidneys and I won't complain when you blow 1.4 billion dollars on police for a fake burning cop-car G20 bullshit summit. Just fuck off already.

Key cards to re-boot the internet? FUCK OFF!!! That's the dumbest TV movie plot device I've ever heard. It's as fucking retarded as that Lone-Gunmen plot where they flew planes into the world trade center. You know? The one with Bruce Willis. Do they think we're all trailer-park retards who can't tell reality from bad scripting?

So please, for the love of all that is good, FUCK OFFFFFFFF!

-FL

Re:Why the fuck are we being told this? (1)

TheVelvetFlamebait (986083) | more than 4 years ago | (#33093994)

Why the fuck are we being told this?

Some of us like to remain informed.

East & West coasts only (1)

jmcvetta (153563) | more than 4 years ago | (#33093662)

One secure sight in Culpeper, VA; the other site in El Segundo, CA. These sites both seem rather exposed to attack, compared to the vast interior of America. Why no secure site in the empty, hard-to-bomb middle of the country?

Also, check out the googlemap of El Segundo [google.com] -- it's right next door to a buttload of chemical (gasoline?) storage tanks. I've heard there's a risk of those things going "boom" in a real real nasty way, if some smallish explosion sets them off. Seems like a kinda shitty spot to locate critical internet infrastructure.

Re:East & West coasts only (1)

Dahan (130247) | more than 4 years ago | (#33093778)

Also, check out the googlemap of El Segundo [google.com] -- it's right next door to a buttload of chemical (gasoline?) storage tanks.

Well, I don't think ICANN is running their operations out of a Good Stuff restaurant. Try this map [google.com] instead.

Re:East & West coasts only (1)

jmcvetta (153563) | more than 4 years ago | (#33093924)

Okay, so that's about a mile away from the storage tanks. Any idea what the blast radius on one of those things is, should it get ignited?

My basic point is: c'mon, put this stuff somewhere isolated & easy to protect. At least the Culpeper site looks to be in the middle of BFE, which has to be kinda useful from a security perspective.

The real question.... (0)

Anonymous Coward | more than 4 years ago | (#33093682)

The real question is why we would trust a dirty Canadian with a key! They don't even lock their doors! All the more evidence that Canadians are really giant mutated beavers bent on world domination.

A power so great... (0)

Anonymous Coward | more than 4 years ago | (#33093742)

It rivals even that of the Sword of a Thousand Truths. Did Salzman in Accounting also foretell this prophecy? Is this person in fact his heir?

Seven to the Canadians in their Halls of Snow (4, Funny)

Arancaytar (966377) | more than 4 years ago | (#33093966)

(But in secret, another smart-card was made - one that could rule all the others...)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?