Connect with us

Are Blue Origin missiles unsafe? Company employees complain about dire security situation

Published

on

Blue Origin is one of the youngest private space companies. She has launched her New Shepard spacecraft more than once, and is now actively working on the large New Glenn launch vehicle. And the company may have big problems.

A group of more than 20 former and current Blue Origin employees who wished to remain anonymous revealed that the company has a major security issue. And this is not about the security of objects or confidential data, but about security issues in the design and creation of missiles.

Unfortunately, no specific issues were listed, but employees said that the company has a recycling culture in which speed of work takes precedence over safety.

Blue Origin is lucky that nothing has happened so far. Many of us have dreamed throughout our careers to help launch a manned rocket into space and see it land safely on Earth. But when Jeff Bezos flew into space in July of this year, we did not share his delight. Instead, many of us watched with an overwhelming sense of unease. Some of us couldn’t watch at all

For example, in 2019, the team assigned to operate and maintain one of New Shepard’s subsystems included only a few engineers working overtime. Their responsibilities went far beyond what would be feasible for a group twice the size, from investigating root causes of failures to regular preventive maintenance of rocket systems. Inquiries from executives and employees for additional engineers, staff, or costs were often turned down despite Blue Origin having one of the largest private funding sources in the world. Employees are often told to “be careful with Jeff’s money,” “not ask for more,” and “be grateful.” In weekly meetings, employees were often seen as Bezos and CEO Smith frequently expanded the scope of existing projects, sometimes even adding more programs, but without authorizing the necessary budget or staffing increases.

We have seen a decision-making model that often prioritizes speed and cost reduction rather than allocating the right resources to ensure quality. In 2018, when one executive came to power, the team documented over 1,000 reports of Blue Origin rocket engine problems that were never addressed.

It is also worth noting that the other day the company’s employees confirmed the culture of sexism and suppression of dissent in the company. Up to the point that they tried to forbid employees to ask questions at the only existing event for this event.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Scientists have learned to track gadgets using BLE signals

Published

on

Devices can be tracked by prints of their physical characteristics.

In the past few years, mobile devices have become more likely to use the Bluetooth Low Energy (BLE) protocol to transfer messages, which can pose a significant privacy risk, experts at UC San Diego warn.

Within the framework of research they examined the implementation of BLE in a number of popular models of smartphones, laptops and gadgets and found that devices can be traced back to their physical characteristics. The bottom line is that devices can have a unique fingerprint that can be used to determine where they were and when.

BLE messaging has become more common in phones, laptops, smartwatches and other gadgets due to the support of operating devices for functions such as Apple Continuity or Find My, which imply the use of the BLE standard.

Typically, applications using this protocol try to hide identifiable data by encrypting the device’s MAC address, but this does not help to hide the built-in hardware characteristics of the device, based on which it can be identified.

Experts have tested their theory on several devices, including the iPhone 10, Thinkpad X1 Carbon (Windows), MacBook Pro 2016 (macOS), Apple Watch 4 (watchOS), Google Pixel 5 (Android), and Bose QuietComfort 35. In most cases, they were able to get a fingerprint of the physical BLE chip and distinguish one device from another.

In the course of the study, the scientists faced some difficulties, for example, it turned out to be more difficult to distinguish devices operating on the same chipset model than to distinguish gadgets based on different chips. The device’s ability to identify was also influenced by its temperature and signal transmission power.

Using special equipment, the researchers intercepted BLE signals from 162 devices in public places and were able to identify 40% of them. In addition, the group recorded BLE signals from bystanders’ devices with COVID-19 tracking apps from Apple and Google for two days for 10 hours. Scientists managed to “uniquely identify” 47.1% of 647 MAC addresses.

In theory, the method can be used to track the Apple AirTag and Samsung SmartTag Plus Bluetooth trackers, the researchers noted.

Continue Reading

Security

Vulnerability in WinRAR allows code to run without the user’s knowledge

Published

on

To carry out an attack, you need to create a malicious Wi-Fi access point, hack a router, and spoof DNS.

Positive Technologies Igor Sak-Sakovsky discovered a dangerous vulnerability in the WinRAR file archiver. An issue identified as CVE-2021-35052 exists in the WinRAR web notifier, which is used to display trial period expiration messages. The vulnerability affects WinRAR versions prior to 6.02 beta 1.

To display a message about the expiration of the trial period, the web component redirects to HHPS: //notifier.win-rar.com/. The vulnerability allows a remote unauthorized person to intercept requests sent to them and thereby carry out a man-in-the-middle (MITM) attack, create a backdoor, and even remotely execute code.

As explained by the researcher, the vulnerability exists due to the use of the incorrectly configured webbrowser module by the web notifier component.

According to Sak-Sakovsky, in order to carry out an MITM attack through this vulnerability, an attacker needs to create a malicious Wi-Fi access point, hack a router and spoof DNS, or be on the same network with the victim.

An attacker can use an SMB server to execute code remotely, but there are restrictions on the black list of executable file extensions. So, when you run files with the bat, vbs, exe and msi extensions, a message about the malicious file will appear, suggesting possible actions with them. However, since WinRAR does not have an automatic update mechanism, and vulnerable versions are common, attackers can bypass the restrictions and hide the launch using old exploits for WinRAR or Microsoft Office.

Continue Reading

Security

Vodafone is suing the UK over a contract to develop a hacker-proof communication line

Published

on

The company considers it unfair that the contract was awarded to Fujitsu, although both bidders did not meet the requirements.

Mobile operator Vodafone filed in court against the UK government after losing a tender to develop a hacker-proof communications system, in which the Japanese company Fujitsu also took part.

Although both bidders were found to have failed to meet the government’s minimum requirements, Vodafone believes Fujitsu was unfairly awarded a £ 184m ($ 254m) contract to improve the communications system used by 532 British embassies and other agencies.

The Echo 2 project aims to provide secure communications for the UK Foreign and Commonwealth Office, employees and agents in over 170 countries.

According to the government, the current communications system operated by Vodafone is “outdated” and poses a risk to national security.

Vodafone went to court after Cable & Wireless, acquired by the operator in 2012, lost its long-term contract for the Echo 1.

“We do not believe that the procurement process was carried out correctly. The contracting authority itself admitted that the Fujitsu Solution was ‘not fit for purpose,’ said a Vodafone spokesman.

According to foreign ministry lawyers, Fujitsu’s proposal had problems with two requirements, but generally met the terms of the tender. Fujitsu representatives did not comment on the situation.

The trial in this case is scheduled for January 2022. The court allowed the UK government to enter into a “conditional contract” with Fujitsu. The details of the contract were not disclosed due to security concerns.

Continue Reading

Most Popular