[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

RE: Any Risk ?

> > In short: what security does the satellite have against unauthorised
> > stations issuing commands? It is a matter of security by obscurity
> > (control uplink and modulation format not published), or are there
> > passwords, or what?
> Duh, If you are concerned about security, demanding detail 
> disclosure of
> how it is done on the AMSAT-BB is not such a bright idea...  
> I dont want
> to know and I dont want to see it published on the AMSAT-BB either.

Normally, I'd disagree, Bob, as history has shown "closed" systems to be as
insecure (often more so) as systems which have open specifications and code
for people to review.  Also, the resolution times happen to be shorter.

However, I think AMSAT is in a slightly different position.  Unlike the
computer security industry, any code is less likely to be subject to review
as a result of public disclosure (most people wouldn't have a clue what the
whole purpose was), so there's less to be gained that way.

Perhaps peer review by people within AMSAT who are qualified to do so
("qualified" is being used in the broadest sense here). might be a better
way of evaluating security than on an open list like this.  

Like you, I don't feel a need to know _how_ it's being done, just that there
are reasonable security measures in the first place. 

Anyway, I think we've done this one to the death.

P.S.  I've noticed a sharp increase in port scans for remote control Trojan
Horses (NetBus, if my memory serves me right) in the last week or so,
getting several emails from the IDS every day.  Be very careful of files
other people send you.
Via the amsat-bb mailing list at AMSAT.ORG courtesy of AMSAT-NA.
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org