This is clearly not the first time such “security errors” have led to images accidentally falling into the hands of others. In 1959 the operators of the telescope at Jodrell Bank, near Manchester in England, intercepted transmissions of the first photographs of the far side of the moon taken by the Russian satellite Luna 3 because the pictures were transmitted using a simple fax protocol to encode the images. The photographs were forwarded to The Times of London and published. It’s another case of deja vu all over again. You’d think we would have learned something after 50 years. You can see a brief report of this incident at www.shatters.net/forum/viewtopic.php?f=8&t=10478
The obvious question that these and a number of commercial breaches raise is how systems with such obviously simple flaws can be deployed in high security situations. I believe that much of the problem arises from a gap in the testing of systems. Testers spend huge amounts of time ensuring that systems function as they should. And information security professionals increasingly look to do their best to have security built into applications and to subject those applications to frequent security testing during development and operation. What is not done to any significant degree is to test for systems not doing, or not allowing, activities that are not supposed to be done.
I first became aware of the need for such testing about 15 years when I was asked to develop “security scripts” to be used to test a major new online system. At that time the field of software security assurance was in its infancy. Static and dynamic security testing (design and architecture security reviews, code reviews, penetration testing, etc.) were not common, if in fact anyone was using them other than for high-security situations. So I interpreted the request as testing all possible entries and combinations of entries that a user might invoke. As I have related a number of times, I came up with 10,000 scripts in addition to the 600 scripts that had been designed for functional testing.
Popularity: 4%
