Welcome to
This week: The FAA’s NOTAM database gets corrupted, and Threema shows why DIY cryptography is bad.
First up this week: Why planes were grounded yesterday. Early reports say a database file got corrupted and the version on the standby failover system was also corrupt.
The FAA’s decades old NOTAM dissemination system solves a fairly simple problem set by today’s standards. However, it’s mission critical. That probably explains why the FAA daren’t modernize it: The agency is—understandably—highly risk averse.
Gregory Wallace and Pete Muntean: A corrupt file led to the FAA ground stoppage
“An example of aging infrastructure”
Officials are still trying to figure out exactly what led to the Federal Aviation Administration system outage on Wednesday but have traced it to a corrupt file: … “Our preliminary work has traced the outage to a damaged database file. At this time, there is no evidence of a cyberattack.”
…
[A] source familiar with the Federal Aviation Administration operation [said that] when air traffic control officials realized they had a computer issue late Tuesday, they came up with a plan … to reboot the system when it would least disrupt air travel, early on Wednesday morning. [This was] a significant decision, because the reboot can take about 90 minutes, according to the source. … The system, according to the source, “did come back up, but it wasn’t completely pushing out the pertinent information that it needed for safe flight.”
…
That’s when the FAA issued a nationwide ground stop at around 7:30 a.m. ET. … The source said the NOTAM system is an example of aging infrastructure due for an overhaul: … ”I assume now they’re going to actually find money to do it.”
Even so, that’s quite the over-reaction. huslage begs to differ:
You … think this is similar in value or operation to a web app? It is not. It is a safety-critical system that requires very stringent operational and development guidelines.
…
The idea that the FAA shouldn’t be risk averse in this system is absolutely ridiculous. The complexity of operating the airspace of an entire nation is nothing to scoff at and the importance of the NOTAM system should not be minimized in any way. … There are hundreds of thousands of lives at stake every day.
It’s still unclear what the problem really was. xevioso listens to a game of Telephone:
Entering something incorrectly into a database using some standard system the FAA would use to do so isn’t “corrupt.” Downloading or transferring data or a file, and having that transfer interrupted, resulting in the loss of or alteration of data, is “corrupt” in the technical sense.
…
Sometimes we are far far far removed from the description given from the IT folks involved to their superiors. I’m sure the issue would be pretty clear to us in technical terms, but a public-facing answer such as “a file got corrupted” is ****ing nonsense.
What does this NOTAM system look like? Yet Another Anonymous coward makes an edumacated guess:
I’m betting a 2000s era IBM mainframe emulating a 1980s IBM mainframe running an IBM mainframe OS from the 60s with an app written in System360 Assembly.
How to repay the technical debt? JCM9 waxes gung-ho:
The NOTAM system is something that a room full of decent engineers could easily build from scratch … in a short time. It’s essentially just a database of categorized posts with some APIs for sending entries and and returning them when requested.
…
That’s not speaking poor of the [FAA] engineers (which in my experience can be very good) but of the management and innovation culture. … They would say they are “risk averse,” but as yesterday highlights their poor approach to this creates a ton of risk.
Meanwhile, a change is as good as a rest for Brandon Vigliarolo:
A corrupted database makes a nice change from the usual suspects: DNS or BGP.
In other news, the Swiss answer to Signal and WhatsApp has been found full of flaws in its end-to-end encryption. Cryptography is hard, yo.
It’s proof—as if proof were needed—that rolling your own encryption is bad. Use standard libraries, as Threema did, but learn to use them properly. Or you might easily fall into the famous trap described by Messers Dunning and Kruger.
Jessica Lyons Hardcastle: Threema messaging app was full of holes
“Bespoke cryptographic protocols”
A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs – possibly for a long time – before an audit by [the] ETH Zurich … applied cryptography group. … The vulnerabilities, if exploited, could have allowed miscreants to clone accounts and read their messages, as well as steal private keys and contacts and even manufacture compromising material for blackmail.
…
The three researchers – computer science professor Kenneth Paterson and PhD students Matteo Scarlata and Kien Tuong Truong – noted “[We] believe that all of the vulnerabilities we discovered have been mitigated by Threema’s recent patches.” [But] their discovery still highlights the difficulty in assessing “security claims made by developers of applications that rely on bespoke cryptographic protocols.”
I can hear MMarsh’s eyes rolling from here:
People who know what they’re doing — like the team that built Signal, for example — take components and protocols that have already been through that testing, and glue them together in well-understood, well-documented ways. Sometimes, a few of these people will find a specific problem with existing protocols, and will then spend a truly insane amount of effort coming up with a new and better protocol, which then goes through all that testing.
…
People who say “I’m a gonna go build me some totally new unbreakable encryption from scratch and call it the cat’s pyjamas and put it right into the app store and it’ll make me a million euros,” generally have just enough knowledge to dig themselves into big holes, and pull a few others down with them.
Ah but it’s fine, says Threema GmbH, because they’ve replaced that old, busted codebase with a totally new, shiny one. Naturally, u/atoponce ain’t impressed:
What concerns me is the fact that while Threema used well-tested sound cryptographic libraries to build their protocol, they didn’t put the pieces together correctly. … Now that their ibex protocol has replaced the old, how do we know this new protocol doesn’t suffer from similar security concerns?
—Ashton Kutcher
You have been reading The Long View by Richi Jennings. You can contact him at @RiCHi or tlv@richi.uk.
Image: Anete Lūsiņa (via Unsplash; leveled and cropped)
Expect attacks on the open source software supply chain to accelerate, with attackers automating attacks in common open source software…
The emergence of low/no-code platforms is challenging traditional notions of coding expertise. Gone are the days when coding was an…
Datadog today published a State of DevSecOps report that finds 90% of Java services running in a production environment are…
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux…
We're going to send email messages that say, "Hope this finds you in a well" and see if anybody notices.
I am happy and proud to announce with Daniel Newman, CEO of Futurum Group, an agreement under which Futurum has…