×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The World's Most Dangerous Password

timothy posted more than 9 years ago | from the harsh-consequences dept.

Security 696

NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

696 comments

First "boomboom" post!! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#9286961)

I'm your first BOOMBOOM password stealing poster! Muhahahahaha

WTF! (-1, Troll)

flyingember (555991) | more than 9 years ago | (#9286962)

what the fuck, I am not impressed by this action. The government must not really care for me after all. (sarcastic)

Someone's gotta say it (5, Funny)

Roland Piquepaille (780675) | more than 9 years ago | (#9286965)

What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it?

Stupid David played with the WOPR again!

Article is Slashdotted. Record time? (0, Offtopic)

Fecal Troll Matter (445929) | more than 9 years ago | (#9286980)

FAQ

1. What makes asphyxia or breath control different from other autoerotic practices?

The short answer is the "fantasy" is the difference. I think it involves an aspect of "control". A big part of the fantasy is the person's control over their own death. It's a bit "self-sacrificial", a death fantasy, if you will. Not a wish to die, but a fantasy of death. Like a daredevil cheating death. Not far apart, in my opinion. Make sense?

I'll take this opportunity to espouse my opinion on AEA vs. "Breath Control Play" (BCP). AEA is not the same as BCP. Many people confuse the two. AEA is a solo sexual practice with many unique characteristics that go beyond the euphoria of hypoxia. BCP is something that is mostly done among sexual partners to increase sexual pleasure with hypoxia. Enough said.

2. Why do you think people engage in breath control? How do you think they come to this practice?

(I'll assume you mean AEA). This is a long, complicated and elusive answer. People engage in AEA because they quite simply have to. It becomes, for most, the only way they can "get off". Even those that have sex with a partner most likely fantasize about AEA while engaging in normal sex. How they start, is a question that can't be answered directly because it is a product of many variables in sexual development. My best guess from speaking to practicing AEA'ers is that they stumble onto hypoxia by accident or experiment and associate that with sexual arousal. Most in their early teens or pre-teen years. About half had experiences with other adult males in their lives. Not sexual experiences, but innocent games that become sexualized by the young one. Physiology plays an important role in this. Priapism is what happens when someone gets choked to hypoxia.

Here's a scenario. A kid is playing cowboys and Indians with his uncle. The kid wants to be the bad guy and gets caught and tied up by the good guy. Kid gets and erection, likes it and wants to do it again. It gets elaborated over time and viola, AEA.

3. Do you think autoerotic breath control can be engaged in safely? What about breath control play with a partner?

Safety is a relative term. My answer is NO. BCP is safest, with a partner. AEA is solo and more dangerous. Even the most elaborate escape mechanism relies on the user's judgment. Most are impaired by alcohol, which effects their judgment. It's a fine line of consciousness. Lose it and you're dead. The irony of this is that many have told me that the harder it is to escape, the better the fantasy is. **See death fantasy above.

All that is one aspect of safety. Then we get into physiological aspects. If you lose consciousness at the right phase of the sinus rhythm, your heart stops and can't be restarted by CPR. This is the cause of many deaths when couples are engaging in BCP or when police use the choke hold and the suspect dies. Read the article on the internet called "The Medical Realities of Breath Control Play" for more detailed information. Written by a MD. I have it if you can't find it.

4. What are the differences between adults who practice autoerotic asphyxia and adolescents who practice autoerotic asphyxia?

Elaboration. Kids experiment with it. Choking games. Most likely with a friend small group of friends. If it gets linked with sexual arousal and the personality is right, it gets elaborated over time. It becomes AEA, ritualistic and necessary for the practitioner. As adults progress with AEA, their appetite increases for more intense fantasies. This is where you may get clustering of paraphilias....bondage, cross-dressing. Things get complicated from there.

5. Why do you think more men engage in autoerotic asphyxia than women?

It's biology. Simple? (Generally speaking, knowing there are exceptions) Men are visual in their stimulation. Women are emotional in their stimulation. AEA is a visualization of a scenario which brings sexual gratification. That's why when a woman dies from AEA there are not always the tell-tale (Read: visual) signs of AEA behavior. It's more in their head than on physical objects.

6. In what I have read, there seems to be a lot of mixed responses about families preferring to know that their son/daughter died in an autoerotic accident as opposed to suicide -- that in some respects it is comforting to know they didn't commit suicide. But, on the other hand some families seem to be ashamed that their son/daughter engaged in autoerotic behavior, and would rather inform outsiders that they committed suicide. What do you think about this split response?

I'll give our experience as an example. We thought that is was easier to tell people that Bob committed suicide. That was because it was easier for others to understand. Think about it. We soon came to the conclusion that suicide made it easier for others to understand, however, it was not fair to Bob, nor was it fair to our family. He did not wish to die. He loved life and lived it fully. Ultimately, we placed Bob and family in front of other people's "comforts of understanding". The way it should be. Those that wanted to know, close family and select friends, we told them what happened. We tried to explain AEA as best we could. Most often, it was not important if they understood, only that they knew the truth. In the long run, our family decisions were the best.

7. In the case of an autoerotic death -- if the death is ruled as such, as opposed to suicide, does and will insurance companies compensate surviving family members?

They should, but some don't. They put up a fight. It all stems from the police report and the coroner (ME) report. In our case there was no question and the insurance benefit was paid. I know the police detectives wrote the report so there was no question. I am thankful for that.

8. Do you think that people who currently practice asphyxia, either alone or with a partner, should be encouraged to stop? If so, how do you propose that they are encouraged to stop?

AEA is dangerous (see above) and those doing it should stop. Different therapies have been used to varying degrees of success. Saratonin replacement, behavioral modifications and others have been tried. The bottom line is that AEA'ers may always have the fantasies but they may not always act on them. It's a behavior that can be controlled if the desire is strong enough. Last point being key....they have to want to stop. Most really don't.

9. What do you think can be done to prevent people from engaging in asphyxia?

Educating people on the dangers of hypoxia and ligature strangulation. Death is a strong deterrent, right?

10. What advice would you give to family members who discover that their brother/sister/son/daughter is regularly engaging in autoerotic asphyxia -- they aren't sure how to handle the situation and they have solicited your advice?

Seek professional help and be supportive. Learn about AEA so they can identify with what the person is going through.

markc63@aol.com

Re:Someone's gotta say it (0)

Anonymous Coward | more than 9 years ago | (#9286996)

Hello moderator? David? WOPR? SAC? ICBMs? does that ring a bell?

It's not offtopic, it's right on topic, but you just didn't see the movie.

WOPR's 'guesses' (4, Informative)

The Monster (227884) | more than 9 years ago | (#9287044)

I remember watching WOPR 'cracking' the launch codes - each time it 'found a match' that character in the launch code would lock, while the others would continue to change in seemingly random fashion. I thought at the tima that it was incredibly stupid to have a system that would disclose which characters were correct - if you're using upper-case alpha and digits, that would require no more than 36 guesses to get any code.

Now I realize that the movie wasn't nearly as stupid as reality.

jews (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#9286967)

maybe they could have used this to finally take out israel and eliminate the jews brent is an oaf

fp (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9286969)

fp

At least they're default routers... (5, Funny)

Anonymous Coward | more than 9 years ago | (#9286970)

Username: cisco

password: cisco

'nuff said.

trust (4, Insightful)

Doc Ruby (173196) | more than 9 years ago | (#9286971)

This is why we trust politicians, ridiculous as they are, with our lives, and make the warriors answer to them. Because incompetent politics generally inhibits war, while incompetent warriors encourage it. And they're all incompetent - nobody knows the right way to do it.

Re:trust (3, Insightful)

geeber (520231) | more than 9 years ago | (#9286982)

"Because incompetent politics generally inhibits war"

As has been clearly demonstrated recently in Iraq...

Oh wait, nevermind.

Re:trust (3, Interesting)

TheGavster (774657) | more than 9 years ago | (#9287094)

I think that the general case is mostly correct ... you have to allow for some deviation from the norm, especially with a politician as ... unique ... as the one in question.

Re:trust (1, Funny)

James Lewis (641198) | more than 9 years ago | (#9286987)

Ahh, but is there really a "right" way to do war?

Heh... just had to say that.

Re:trust (0)

Anonymous Coward | more than 9 years ago | (#9287071)

"intresting game, seems the only winning move is not to play."

The Worlds Most Homosexual Website (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9286975)

www.slashdot.com

That's a really good password! (4, Funny)

rice_burners_suck (243660) | more than 9 years ago | (#9286976)

And here I thought that password would be something like, "password" or "login"... Instead, they chose the kind of code an idiot would put on his luggage.

Re:That's a really good password! (0)

Anonymous Coward | more than 9 years ago | (#9286986)

1234. i opened up a store in my younger days and the GM himself said he couldn't change the security code, and that's what i had to enter every morning to open up. he even quoted the spaceballs line.

Re:That's a really good password! (0)

Anonymous Coward | more than 9 years ago | (#9287041)

Don't you mean 12345?

Hilarious (5, Funny)

sam0ht (46606) | more than 9 years ago | (#9286977)


Funniest thing I've read all day. Makes lots of seemingly 'implausible' films about unauthorised nuke launches and hacking, a lot less implausible.

'Hmm.. it's asking for a password ? Try zero zero zero'

Does it really matter? (3, Insightful)

EdMcMan (70171) | more than 9 years ago | (#9286983)

As long as everyone outside the department thought it had a good password on it, no one would bother trying to steal one.

So, the passwords were surprisingly effective. FUD at its finest ;)

Re:Does it really matter? (1)

danharan (714822) | more than 9 years ago | (#9287048)

General 1: "We had a serious breach. A group of terrorists managed to infiltrate our base and get past the first level of security into the missile silos. We should consider adding an extra layer of physical security"

General 2: "They should never have gotten that far, but we caught them so we know the system is working."

General 1: "Well, had there been just 2 more of them, they could have broken through the last level of physical security"

General 2: "Even if they did, they would still need the secret password to launch the missiles. We don't need to worry"

At least it wasn't... (5, Funny)

Draconix (653959) | more than 9 years ago | (#9286984)

12345 Though now we know the President's suitcase combination. :)

Re:At least it wasn't... (2, Funny)

cybrchld (229583) | more than 9 years ago | (#9287016)

So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

DarkHelmet - Spaceballs

Re:At least it wasn't... (5, Informative)

sik0fewl (561285) | more than 9 years ago | (#9287092)

Damn, beat me to it. Here it is anyway since you left out Skroob's quote :)

ROLAND: No, wait, wait. I'll tell. I'll tell.

HELMET: I knew it would work. All right, give to me.

ROLAND: The combination is one.

HELMET: One.

SANDURZ: One.

ROLAND: Two.

HELMET: Two.

SANDURZ: Two.

ROLAND: Three.

HELMET: Three.

SANDURZ: Three

ROLAND: Four.

HELMET: Four.

SANDURZ: Four.

ROLAND: Five.

HELMET: Five.

SANDURZ: Five.

HELMET: So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

----

HELMET: We have the combination.

SKROOB: Great. Now we can take every last breath fresh air from planet Druidia. What's the combination?

SANDURZ: One, two, three, four, five.

SKROOB: One, two, three, four, five? That's amazing. I've got the same combination on my luggage.

Re:At least it wasn't... (1)

matth (22742) | more than 9 years ago | (#9287114)

DUP! This comment seems to somehow keep appearing in story comments the last few days over and over. I think someone's computer is stuck posting the same page over and over.

I Don't See The Problem (1, Troll)

tealover (187148) | more than 9 years ago | (#9286989)

In the event of a preemptive attack by the USSR or China on the U.S., the knowledge by everyone of the passwords would have allowed the U.S. to destroy them as well.

Seems like good policy to me.

I can just picture world war 3 starting. (5, Funny)

m0rphin3 (461197) | more than 9 years ago | (#9286991)

Airman 1: Hey, Jeff, what do you think the secret password is?
Airman 2: Dunno. Try P-A-S-S-W-O-R-D or something.
Airman 1: Nah, it's just numerals. And it's not like the secret code could be 0000000. Nobody would be _that_ stupid.

*ATTENTION - PREPARE FOR GLOBAL THERMONUCLEAR WAR*

Airman 1: What you say!

Re:I can just picture world war 3 starting. (1)

wronskyMan (676763) | more than 9 years ago | (#9287075)

You forgot:

Airman 2: W00t! All your missile bases are belong to us!
Airman 1(as security guards come down stairs): We have no chance to survive! Make some time.
Airman 2: For great justi@#$@#$NO CARRIER

Also, the AF uses officers not enlisted(Airmen/sergeants) as missile crews (minor correction)

Re:I can just picture world war 3 starting. (1)

m0rphin3 (461197) | more than 9 years ago | (#9287101)

From the article:

"a mentally deranged airman, or any other mishap could trigger a Russo-American nuclear exchange."

See, no mention of officers!

This version of the article brought to you by Fox News

Re:I can just picture world war 3 starting. (5, Funny)

ktheory (64289) | more than 9 years ago | (#9287163)

"OMG! Why are the missiles launching?!" says the guy resting his elbow on the '0' key.

If a hacker (5, Funny)

NIK282000 (737852) | more than 9 years ago | (#9286992)

If a hacker tried to brute force that, I think it would have been the fastest hack on record.

Re:If a hacker (2, Funny)

Johnathon_Dough (719310) | more than 9 years ago | (#9287128)

unless of course said hacker's software was written by some one who thought no one could be that dumb...and started at 0000001.

Its only a bad password (3, Interesting)

MajorDick (735308) | more than 9 years ago | (#9286993)

If it gets cracked. I cant imagine anyone who had ACCCESS to ust this password having used it, the fact that were all still here shows it was perfectly secure, dont forget its not like some script kiddie could hop on the "Net" and use this password. There were some SERIOUS layers of physical security.

Re:Its only a bad password (3, Interesting)

Anonymous Coward | more than 9 years ago | (#9287067)

There are fewer layers than you think. These missiles would have had to be launched within minutes in response to an attack. How many layers of security can you pack into 15 minutes? This was probably one of the reasons for choosing a braindead password in the first place.

Re:Its only a bad password (1)

EvanED (569694) | more than 9 years ago | (#9287124)

It was, actually, at least according to the article I read, which may or may not be the same one linked in this story. President said there should be some kind of lock on an accidental launch, but the military brass were worried that'd delay the launch too long so they made it something that took no time to enter.

Re:Its only a bad password (4, Informative)

Penguinshit (591885) | more than 9 years ago | (#9287142)


The physical security refers to someone trying to get in from the outside. The two guys inside the silo launch center would be able to get the launch off in time.

Insofar as a single deranged person trying to launch the missiles, both launch keys have to be turned at the same time. The keylocks are separated by a distance making it impossible for a single human being to turn both simultaneously.

Crews are rotated such that the same two are not on duty on any but one shift (to prevent conspiracy), and the crewmen are subjected to some excruciatingly serious background and psychological tests before, during, and after their tours of duty in the silos.

Great care was taken in designing a fail-safe mechanism, where if the protection mechanism fails, it fails into a safe mode (like a default-deny in IPTables).

It was determined that it was better that a few missiles not leave the silos during a nuclear exchange than a few leave a silo during peace-time.

Remember Spaceballs? (-1, Redundant)

Jotaigna (749859) | more than 9 years ago | (#9286995)

when the combination to the Atmosphere door was 12345? "thats the password that an idiot would put in their luggage"!!

Space Balls anybody? (3, Funny)

lordrich (647355) | more than 9 years ago | (#9286998)


ROLAND: No, wait, wait. I'll tell. I'll tell.

HELMET: I knew it would work. All right, give to me.

ROLAND: The combination is one.

HELMET: One.

SANDURZ: One.

ROLAND: Two.

HELMET: Two.

SANDURZ: Two.

ROLAND: Three.

HELMET: Three.

SANDURZ: Three

ROLAND: Four.

HELMET: Four.

SANDURZ: Four.

ROLAND: Five.

HELMET: Five.

SANDURZ: Five.

HELMET: So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

HELMET: We have the combination.

SKROOB: Great. Now we can take every last breath fresh air from planet Druidia. What's the combination?

SANDURZ: One, two, three, four, five.

SKROOB: One, two, three, four, five? That's amazing. I've got the same combination on my luggage.

Re:Space Balls anybody? (1)

DarkHelmet (120004) | more than 9 years ago | (#9287087)

I think any post about somebody having a stupid password is just begging for a spaceballs quote on Slashdot. Immediate Karma.

Of course, I, with a name of DarkHelmet on Slashdot, should be the last one to complain.

Re:Space Balls anybody? (0)

Anonymous Coward | more than 9 years ago | (#9287127)

Of course, I, with a name of DarkHelmet on Slashdot, should be the last one to complain.

Yeah, and your user id is stupid, too.

Reminds me ... (5, Interesting)

shadowkoder (707230) | more than 9 years ago | (#9286999)

of some of Microsoft's choices for authentication passwords. For example: 1111111111111111 (dont remember how many, but a good guess) for activating a MS Visual studio package. Nice protection for a $1500 license.

Re:Reminds me ... (-1)

Anonymous Coward | more than 9 years ago | (#9287030)

of some of Microsoft's choices for authentication passwords. For example: 1111111111111111 (dont remember how many, but a good guess) for activating a MS Visual studio package. Nice protection for a $1500 license.

Based on your post history, you seem to be new here. I'm sorry to inform you that we are no longer accepting applications for the anti-MS troll or linux-zealot positions. Feel free to apply again at a later time.

Re:Reminds me ... (1)

Haydn Fenton (752330) | more than 9 years ago | (#9287033)

funny enough, all zeros work too..

Re:Reminds me ... (0)

Anonymous Coward | more than 9 years ago | (#9287073)

Well, that is understandable, since those who made the software are great zeroes as well.

Re:Reminds me ... (0, Troll)

polecat_redux (779887) | more than 9 years ago | (#9287038)

Um, obviously, that is simply an example of MS taking steps to ensure that the key doesn't confound its many customers who can type with only two fingers. Because, you know, they're like... stupid, and Bill Gates is the devil.

Ugh, I feel dirty....

Re:Reminds me ... (0)

Anonymous Coward | more than 9 years ago | (#9287040)

That one works for ANYTHING from MS with the serial that is in this arrangment: 111-1111111

Re:Reminds me ... (4, Funny)

EvanED (569694) | more than 9 years ago | (#9287134)

Oh, I always used 123-1234567.

No wait... no I didn't...

Re:Reminds me ... (1, Informative)

Anonymous Coward | more than 9 years ago | (#9287149)

That's a valid key

1+2+3 = 6 mod 3 = 0
1+2+3+4+5+6+7 = 28 mod 7 = 0

Both = 0, valid key.. Microsofts most gay key algorithm ever!

Re:Reminds me ... (2, Informative)

Anonymous Coward | more than 9 years ago | (#9287115)

It was in the format of XXX-XXXXXXX. 111-1111111 worked, so did 222-2222222, and 333-3333333. The key validation was you take the first 3 digits, add their values.. so 1+1+1=3, then mod 3 = 0.. then take the last 7 digits, add them, 1+1+1+1+1+1+1=7, mod 7 = 0.. its a valid key, so is 222-2222222... 2+2+2=6 mod 3 = 0, 2+2+2+2+2+2+2=14 mod 7 = 0... valid key, but take something like 222-2222223 and its invalid because 2+2+2=6 mod 3=0, 2+2+2+2+2+2+1 = 13 mod 7 = 6.. the mod value always has to be 0

So what microsoft should have done was not allow all the same numbers.. but even so, the algorithm is so simple it was easy to crack... i remember writing a little microsoft key generator when i was like 11 in VB (never released it though, was for personal use =P)

Re:Reminds me ... (5, Informative)

cipher uk (783998) | more than 9 years ago | (#9287118)

i believe it was 111-1111111. the sum of the digits of the second area had to equal 7.
so 111-1111111 aswell as 111-2020201 would work. the first 3 numbers could be anything.

this was on a lot of pre-98 microsoft cds.

more info on microsoft cd-keys [omnitechdesign.com]

Re:Reminds me ... (1)

MrP- (45616) | more than 9 years ago | (#9287133)

Nah, it's the sum of the first 3 digits mod 3 = 0, and the sum of the last 7 digits mod 7 = 0.. as long as they both equaled 0 it was a valid key.

Re:Reminds me ... (1)

Valdukas (247053) | more than 9 years ago | (#9287132)

As far as I remember most of the older MS products would accept any key where key mod 7 == 0. So a code comprising of seven ones will do ;)

The world was different then (5, Insightful)

sloshr (608388) | more than 9 years ago | (#9287000)

Things have changed on the global level more than just a little bit, and I'd imagine a good deal of the security surrounding the prevention of launches centered around the PHYSICAL security. If the bad guy can't reach the keyboard to enter the codes - well, then, does it matter what the passwords set to?

For better or worse, the system seemed to have worked - there weren't any unauthorized missiles launched that I'm aware of.

Re:The world was different then (0)

Anonymous Coward | more than 9 years ago | (#9287154)

If the bad guy can't reach the keyboard to enter the codes - well, then, does it matter what the passwords set to?

What about someone cleaning the keyboards?

Reminds me of spaceballs (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#9287006)

Famous scene from Spaceballs:

President: "What's the code?"
Dark Helmet: "12345, sir."
President: "12345? Thats the code for my suitcase!"

Totally wrong. (4, Insightful)

ObiWonKanblomi (320618) | more than 9 years ago | (#9287008)

As with any mission critical systems, there is redundancy in every aspect of the ICBM system from the authentication to the verification of the target being neutralized. So what if there was a password set to 0000000? There still has to be a number of other things set by others in numerous locations in order to do this. One reason was so that the president could not launch a missile on a bad hair day or a mad general (or group, in fact) could not launch in order to lead a coup.

in addition, the passwords for the different sub-systems would vary as well as require a number of actual physical keys in order to get the nuclear war machine into motion.

If you really think it only takes one password to launch an american military nuke (even if we were in the 60s), you're totally mislead.

Re:Totally wrong. (2)

HBI (604924) | more than 9 years ago | (#9287068)

There were two personnel in each launch control room with keys which had to be turned simultaneously. They both had pistols. The pistols were to shoot the other one if he went insane.

This was depicted in 'Wargames'

The launch code sounds like some politician's idea of a safeguard. You'd think geeks like us would know better - a password is not security. Furthermore, if we DID have to fire the missile, it would suck if someone forgot the password.

Now we're getting into nuclear deterrence and the difference between the Soviet "first strike" and American "second strike" arsenals. Martin Van Creveld does a nice synopsis of this mode of thought in "Technology and War" if you are interested.

No - it's correct (1)

mccalli (323026) | more than 9 years ago | (#9287150)

As with any mission critical systems, there is redundancy in every aspect of the ICBM system from the authentication to the verification of the target being neutralized.

Yes, because that redundancy is necessary. By setting such a ridiculous password, you have effectively removed one layer of redundancy.

So what if there was a password set to 0000000?

So what? So you are operating one layer of redundancy lower than you expected to be operating at, that's what.

Cheers,
Ian

RT()A (4, Informative)

dachshund (300733) | more than 9 years ago | (#9287172)

So what if there was a password set to 0000000? There still has to be a number of other things set by others in numerous locations in order to do this.

There are five flights, hence five two-man LCCs, in a 50-missile squadron. Since all missiles and LCCs are electronically interconnected, the "normal" launch of any or all missiles in a squadron requires the cooperation of only two crews - no more, no less. ...

Located in each LCC are two launch keys, one for each member of the crew, and the codes needed to authenticate presidential launch directives. Only the launch keys, not the codes, are physical prerequisites for generating valid launch commands

The article goes on to explain that the time from launch command to launch was about eight seconds, if two separate launch control centers (ie, 4 people) chose to turn the keys. Also, visitors were often allowed into these sites after giving only a name and social security number-- backgrounds generally weren't checked.

So assuming the article's correct: a) there wasn't even one password in the launch process at the time, only physical keys, b) four people in the right place could launch nuclear missiles, and no countermeasures would have been able to stop them, and c) given the lack of stringent security in allowing visitors access to those sites, it's not inconceivable that outsiders could have seized the opportunity to take control of two launch centers.

00000000 (-1)

Anonymous Coward | more than 9 years ago | (#9287010)

That's the combination on my luggage. Have the combination on my luggage changed immediately.

hmm (1)

Fullmetal Edward (720590) | more than 9 years ago | (#9287013)

This may just be me here but I personally never would of thoughtof 000000~ was a password. It's like having 123 456 on a briefcase. It's just too stupid to be used right?

Well sometimes being an idiot can be so dumbthat people don't expect you to be that dumb hence it's smart. Difficult to explain but it works in a twisted sorta way.

So in short - some times the simplest password is the hardest to crack.

Re:hmm (1)

ObiWonKanblomi (320618) | more than 9 years ago | (#9287057)

Agreed.

In addition, let's keep in mind, there aren't many outside nodes, if at all, that can access this particular network. Also, the access to these nodes just to type in the password is like crazy. In fact, to get to one of the silos requires about 2 hours of unlocking PROPERLY. That is, if you were gonna use the blunt force method just to get into the silo, you'd be there for quite some time. Also remember there is some physical key work involved just to ignite the ICBM.

Re:hmm (2, Interesting)

FlipmodePlaya (719010) | more than 9 years ago | (#9287059)

I have to disagree with you here. If a hacker was guessing thousands of random combinations of numbers, why not all 0s? Is 98347283 any more likely than 00000000?

Wasn't there a Sherlock Holmes novel where the police ransack some guys apartment looking for a document, prying up floorboards and turning every page of every book, and whatnot? he document ended up being in a stack of letters on the guys desk, or something. Hiding stuff in the most obvious place _is_ a well used technique, but I don't think it applies to this.

Re:hmm (1)

Fullmetal Edward (720590) | more than 9 years ago | (#9287082)

by your logic you make it sound like nuclear silos are hooked up to Slashdot.

Hey next time theres an emergency we'll just tell old Bush to link to the site on Slashdot and fuck up the attempted infiltration by slaughtering the bandwith...

Re:hmm (1)

neurojab (15737) | more than 9 years ago | (#9287136)

>I personally never would of thought of 000000

What if you were using a brute force method? Wouldn't 000000 be a logical place to start?

I'd also wager to that if you were to poll a random sampling of individuals for their guess at the passcode, the passcodes involving all one digit would crop up more often. People enjoy patterns, particularly simple ones.

No worries (4, Funny)

spellraiser (764337) | more than 9 years ago | (#9287017)

Just enter the recall code. Mandrake has told us it's a variation of the letters POE, which probably stands for 'Purity Of Essence' or 'Peace On Earth'. Just try all the variations, and the launch will be aborted. Hooray!

Now stop fighting in the War Room!

I here have a scan of a manual (funny as hell) (5, Funny)

Lord Graga (696091) | more than 9 years ago | (#9287027)

I stumbled over THIS [leech.dk] manual about passwords one day, and I found it absolutely amusing!

B00000000M (2, Insightful)

OgTheBarbarian (778232) | more than 9 years ago | (#9287042)

Any password can be guessed given enough time. Far better to have had only the SAC commander and XO even know what measures were required to unlock the missiles for launch. Is it a password? Voice recording? Electronic Signal? 2 keys (turn simultaneously or with a time diferrence) and any combination of these and other measures in a set order. I thought military folk were supposed to be paranoid during the Cold War. Obviously not paranoid enough.

Parinoid (3, Insightful)

chamblah (774997) | more than 9 years ago | (#9287113)

I thought military folk were supposed to be paranoid during the Cold War. Obviously not paranoid enough.

I think this shows how parinoid they were. By having everyone in the chain of command know the password(s) for launch they enabled the ability for a launch to happen even if the right people weren't around.

So that if there was a launch against the US and no one was able to react fast enough in the chain of command and order the launch, then Joe Anybody could still affect the launch.

I know it's flawed logic but I'm just trying to present a different side of the issue.

Why? (1, Funny)

Anonymous Coward | more than 9 years ago | (#9287052)

Why use the French standard for such an important function as defense when we have a perfectly good American-as-apple-pie NTSC?

Physical security not the problem (2, Insightful)

baomike (143457) | more than 9 years ago | (#9287060)

The real problem is some guy who got past the shrink, his girlfriend/wife runs off with the neighbor and he's suicidal . It only affects a few people when the guy shoots his wife and kids and then kills himself (this never happens of course) , think of the quality of the day if he decides that sending off a missle will get rid of every body who caused him grief. He's already probably not to happy about sitting in the ground in North Dakota.

It's even worse than you think... (4, Funny)

Viadd (173388) | more than 9 years ago | (#9287062)

00000000 was the name of Secretary of Defense McNamara's dog.

rm -Rf * (0)

lordrich (647355) | more than 9 years ago | (#9287076)

wouldn't 'rm -Rf *' be just as bad a choice of password? Enter it by force of habbit after having your login script changed - and ouch.

disentegration (0)

Anonymous Coward | more than 9 years ago | (#9287085)

don't worry, entering in "root" and "root" will have the same effect.

Not a great example? (0)

Anonymous Coward | more than 9 years ago | (#9287089)

Not exactly a great example for getting people to choose difficult passwords

Considering it never went wrong, this shows other issues apply.

On a pedantic point, I assume the article meant 0000000 and not OOOOOOOO as the article implies

Uh, not as easy as typing in the PW (2, Insightful)

unassimilatible (225662) | more than 9 years ago | (#9287100)

Don't you need launch keys, and oh yeah, physical access to a heavily gurded military installation?

The real world isn't like War Games pple. Can't just launch your modem into NORAD and play a game.

Verizon (3, Interesting)

Anonymous Coward | more than 9 years ago | (#9287110)

I work for an outsourcing group for telco (V something). We are non union, so they abuse us over the hourly union people.

This isn't a joke, after all the hacking, the passwords are still the same! Even after Palifornia passed the law about reporting security break ins, they still are not reported!

Here is a sample list of actual of passwords I've kept track.
lucent:lucent
nortel:nortel
nortel:etas
admin:setup
admin:admin
admin:config
setup:set up
root:toor

FOA WCDMA hardware that all you need to do is telnet too (no ssh) and run a simple password guessing program, and gain access.

IT's worse than you think.

maybe this is just the duress password (5, Interesting)

pedantic bore (740196) | more than 9 years ago | (#9287125)

Maybe this is a fake password. Only a few people know the real password, but "everyone" knows this one. Anyone foolish enough to try to use it would immediately find themselves in a world of trouble.

Re:maybe this is just the duress password (1)

m0rphin3 (461197) | more than 9 years ago | (#9287155)

Is that 'world of trouble' as opposed to..
entering the correct password?

In soviet russia, nukes launch YOU!

Re:maybe this is just the duress password (2, Funny)

cipher uk (783998) | more than 9 years ago | (#9287166)

you have inputed the correct password. please stand on the large X to proceed.

Biopreparat (1)

colonist (781404) | more than 9 years ago | (#9287143)

I'd be more worried about the password for this:

"Soviet defector Ken Alibek, who as Kanadjan Alibekov was a deputy director of Biopreparat, confirms that intercontinental ballistic missiles with warheads containing plague or anthrax were successfully developed and available for launch against North America."

Biological Warfare and Bioterrorism in the Modern Era [microbelibrary.org]

Well maybe if we* didn't have any... (1)

OgTheBarbarian (778232) | more than 9 years ago | (#9287171)

...in the first place, we wouldn't have to worry about setting them off all accidental like. * 'we' being the collective passengers on this twirling ball of dirt & water.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...