Back to news

November 20, 2024 | International, C4ISR, Security

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Critical Ubuntu needrestart flaws allow local root privilege escalation; update immediately to safeguard systems.

https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html

On the same subject

  • Too many cooks in the DoD: New policy may suppress rapid acquisition

    January 2, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

    Too many cooks in the DoD: New policy may suppress rapid acquisition

    By: Eric Lofgren In 2015, Congress passed middle tier acquisition, or MTA, authorities for rapid prototyping and rapid fielding. Lawmakers expected detailed guidance to follow shortly after. By June 2019, the Government Accountability Office found little clarity on documentation and authority. Congress reacted by threatening to withhold 75 percent of MTA funding in 2020 until the Pentagon released guidance. Dangle the purse strings and compliance follows. The undersecretary for acquisition and sustainment, or USD(A&S), released Department of Defense Instruction 5000.80 on Dec. 30, 2019. The MTA guidance, however, is more likely to pump the brakes on rapid acquisition than propel it forward. Programs designated “middle tier” do not have to follow regulatory processes for requirements and milestone reviews. That can shave years off a program schedule. In return, the prototype must be completed — or system fully fielded — within five years. As of March 2019, there were 35 middle tier programs. The term “middle tier” is perhaps misleading considering nearly half of them exceed the cost thresholds for major weapon systems — roughly $200 million for prototyping or $1 billion for fielding. Many questions remained unanswered until the new policy. How big was a middle tier? What documentation does it require? What is the role of oversight and USD(A&S)? Authority For several years, acquisition authority had been delegated down to the services. While the services only managed 48 percent of major programs in 2014, the figure grew to 90 percent in 2019. DoDI 5000.80 reverses the trend. While the services can approve MTA for non-major programs, only USD(A&S) may approve major programs. Moreover, major programs have far more entrance documentation than non-majors, including approved requirements, an acquisition strategy and a cost estimate. The services may avoid some documentation by disaggregating major systems into multiple MTA programs. For example, two of the Navy's non-major programs are components to Standard Missile-6 Block 1B. The same is true of the Air Force's Airborne Warning and Control System. USD(A&S), however, can still disapprove any MTA program, whether major or non-major. With advisers from all around the Office of the Secretary of Defense, there will be will numerous potential veto points. Each official may extract concessions from MTA programs managed by the services. Even though 31 out of 35 MTA programs are rapid prototyping efforts, the undersecretary for research and engineering, or USD(R&E), has been relegated to a secondary position. All MTA authority rests with USD(A&S). Almost as an affront to USD(R&E), he was given control over a rapid prototyping fund that Congress stopped funding. The outcome reflects a broader weakening of USD(R&E). Congress has reacted negatively to the undersecretary's effort to move fast and reallocate funds to higher value uses. USD(R&E) may lose control of the Missile Defense Agency to USD(A&S). Documentation While MTA exempts programs from traditional requirements and milestone processes, documentation abounds. Each service must create its own requirements process with approval in six months. Joint service requirements are discouraged from using MTA pathways. MTA requirements, however, must still meet the needs determined by four-star generals in the Joint Chiefs of Staff and combatant commands. This may in effect bring the same approvals from the Joint Capabilities Integration and Development System process back into MTA. Many of the DoDI 5000.02 processes also apply. Still required are system analyses, sustainment plans, test strategies, cybersecurity, risk assessments, cost estimates and more. Contractors performing on MTA programs must still report cost data. No exemption was made for earned value management systems. Sidestepping many contract regulations — for example, with other transactions authorities — remains a separate process. Most importantly, Congress requires detailed justification in the budget for every MTA program. That means the services must start justifying MTAs at least two years in advance of funding receipt. Many of today's MTA programs spun off existing, budgeted line items. New programs may find a hard time finding funds. The present situation is reminiscent of the time David Packard attempted rapid acquisition between 1969 and 1971. A couple years later, new layers of bureaucracy descended. Similarly, MTA has built within it the seeds of another slow-paced bureaucratic order. Adm. Hyman Rickover's skepticism to the reforms nearly 50 years ago rings true today. As Rickover wrote to Packard in a memo: “My experience has been that when a directive such as the one you propose is issued, most of the effort goes into the creation of additional management systems and reports and the preparation of large numbers of documents within the Service to ‘prove' that the requirements of the directive are being met in order to justify funds for the Service. “So long as the bureaucracy consists of a large number of people who consider that they are properly performing their function of approval and evaluation by requiring detailed information to be submitted through the bureaucracy, program managers will never be found who can in fact effectively manage their jobs.” https://www.defensenews.com/opinion/commentary/2020/01/02/too-many-cooks-in-the-dod-new-policy-may-suppress-rapid-acquisition/

  • US F-35 fighter jet poised for combat debut

    September 26, 2018 | International, Aerospace

    US F-35 fighter jet poised for combat debut

    By Barbara Starr and Zachary Cohen, CNN Washington (CNN)The US Marine Corps' stealth F-35B Lightning fighter jet could fly its first combat mission within days, according to several US defense officials, who told CNN that the fifth-generation aircraft are currently aboard the USS Essex amphibious assault ship and should soon be in a position to conduct airstrikes over Afghanistan. The USS Essex has already sailed from the Gulf of Aden into the North Arabian Sea and is expected to move into the Persian Gulf in coming days, one official said. F-35 pilots have been conducting intelligence and surveillance missions in Somalia while on standby to conduct air support for US troops on the ground there if needed. While available for support, the advanced fighter jet was not used in an airstrike over Somalia on Saturday that killed 18 militants after US and local forces came under attack. In May, Israel Defense Forces said they were using their version of the F-35 in operational missions, striking at least two unspecified targets in the region. Full article: https://www.cnn.com/2018/09/25/politics/us-f-35-combat-missions

  • Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

    May 1, 2024 | International, Security

    Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

    Former NSA employee sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia.

All news