21 August 2014

I misspoke in class today

When I discussed LTG Fred Franks and the US VII Corps in Desert Storm, I said an incorrect number when I described the number of troops under his command. The real numbers are:
Franks' command numbered more than 142,000 soldiers ... To keep his troops moving and fighting, Franks used more than 48,500 vehicles and aircraft, including 1,587 tanks, 1,502 Bradleys and armored personnel carriers, 669 artillery pieces, and 223 attack helicopters. For every day of offensive operations, the corps needed 5.6 million gallons of fuel, 3.3 million gallons of water, and 6,075 tons of ammunition.
And again, in another description:
In the Gulf War, VII Corps was probably the most powerful formation of its type ever to take to the battlefield. Normally, a corps commands three divisions when at full strength, along with other units such as artillery of various types, corps-level engineers and support units. However, VII Corps had far more firepower under its command.
Any way one looks at it, it was a complicated command responsibility, one that called for a lot of information, but even more it called for wisdom.

19 April 2014

more Heartbleed

This is what the IT staff at SILS had to tell us about Heartbleed.

You may have read about the recent discovery of a major security vulnerability in the OpenSSL cryptographic software library.

This particular vulnerability has received much attention because OpenSSL is so widely used to encrypt traffic on the internet.  Some estimates show that OpenSSL is used on 2/3 of internet websites.

I can confirm for you that SILS servers were upgraded to the patched version of OpenSSL Monday evening and early Tuesday morning. 

Most advisors are recommending that people change their passwords across their many online accounts.  However, this step would need to happen after service providers have implemented the patched version of Open SSL for this to be effective.  Some major online service providers have already issues password reset requirements or directives to their end users.

So far the exploit of this vulnerability is reported to leave no trace, so we will continue to monitor and take actions as necessary to keep our systems secure, and will be certain to share additional information or any wider announcements from the university.

Additional information on this vulnerability can be found here:

18 April 2014


Interestingly enough, I found a note from Norton about Heartbleed on the same day Johnathan spoke about it in class. It might be useful. You might also find this article from the New York Times also useful.

You’ve likely heard of Heartbleed over the past week. We wanted to share a bit about what it is, steps we have taken to protect our customers and steps you can take to protect yourself across the Web.

Some versions of Norton AntiVirus, Norton Internet Security and Norton 360 were impacted. On April 10th, we distributed updates to these impacted products to stop and block Heartbleed. Norton Accounts used to sign into Norton.com were not impacted. Please refer to our FAQ for more information on how we’re defending against this vulnerability.

Why Heartbleed affects everyone on the Internet

Heartbleed is a bug in some versions of OpenSSL, a set of software tools used widely across the Web for security. This bug may reveal your name, passwords and other private information.

If you visited a website that uses a vulnerable version of OpenSSL during the last two years, your personal information may be compromised. You can use this tool:http://safeweb.norton.com/heartbleed to check if a particular website is currently impacted.

How to protect yourself

Due of the complex nature of this vulnerability, changing your passwords before sites update their version of OpenSSL won’t fully protect you. Here are some simple steps you can take as a precaution:

Change your passwords on any website that contains sensitive information about you. You should first confirm that the site does not contain the Heartbleed vulnerability by using this tool.
If you’ve reused passwords on multiple sites, it’s especially important to change them. To change your Norton Account password, visit manage.norton.com and click Account Information.
Beware of phishing emails and type website addresses directly in your browser instead of clicking on a link through an email.
Monitor your bank and credit card accounts for unusual activity.

It may take an extended period of time for all the sites affected by Heartbleed to fix this vulnerability. To determine if a website is vulnerable to Heartbleed using this tool. We recommend you only exchange personal or sensitive information such as your credit card number if the site is not affected by Heartbleed.

You can learn more about Heartbleed and its impact to consumers by checking out our FAQ or by following the Norton Protection Blog.

Stay Safe Online