Actually the US did conduct such tests back in the 70's and 80's. Look up the LOCA (Loss Of Coolent Accident) test program done by the NRC. If memory serves, they scaled it up to 10% reactor capacity. Note: I believe these were what was assumed to be worse case accidents: reactor going full power and suffering a double gullotine cooling pipe failure. I don't know if they ever tested a reactor that has been SCRAM'ed, but still generating heat from short lived isotopes. That is what happened in Japan.

If you have a large place, go with WPA2-Enterprise instead of WPA2-PSK. In enterprise mode, there is no PSK. Every client gets their own PMK when they authenticate. Granted, it assumes all users have ids and passwords, but that should be the case for any large installation. Some clients will have problems when the user password changes. You may need to delete the WLAN entry and then let it be discovered again.

From what I remember, PMK is all that is needed for WPA2. I don't have my SANS617 books handy, but from what recall, the PMK is built from the SSID, length SSID, AP MAC, Client MAC and PSK and then hashed 4096 times to deter dictionary attacks. On connection request, the PTK is built from the PMK, AP nonce and client nonce.

I remember someone saying that MS does not store the PSK, but stores the PMK. Assuming neither NIC gets changed, that should be enough. Note: I have not had an opportunity to check this.

Um, not quite. assuming your taking about WPA or WPA2, the PSK is only needed to build the PMK (Pairwise Master Key). After that is no longer needed. But, if you change the access point or the NIC, you need to build it again. If your worried, go to enterprise mode.

WPA2 with enterprise mode and AES transport is pretty secure, assuming the NSA hasn't FUBAR'ed AES. WEP and TKIP I would definitely put out to pasture.

If you are using the WPA with PSK (Pre Shared Key), you need the plain text pre shared key to generate the PMK (Pairwise Master Key). Once you have the PMK, you really don't need the pre shared key. But if you change the access point or change the NIC on your machine you will need it to generate the PMK over again. If you are concerned, go to WPA enterprise mode with the Radius challenge response.

Speaking of PSK security, you are using the mimimal PSK length of 20 (or was it 22?) characters to ensure security, right?

Gee, if we could put permanent police in every home in the USA we would reduce crime, but I think there is something unconstitutional about that. There are many options:

• You have a list of suspects, tap those. And those around them, And maybe those around them. A heck of a lot less intrusive than taping the planet.
• Pay the telecom people to store the data, and only get the data with a court order. This is similar to how the armed forces pay the airlines to have planes capable of being used by the military in a surge role, but normally run by the airlines.
• Establish an outside entity. Outside entity will take real phone numbers and give back a unique hash. Telephone companies will send meta data to NSA, but will substitute these hash values for all telephone numbers. On court order, the outside entity will say "john terrorist has has 3141592". NSA will then do the proper searches, and say "we need the user for hash 12345, the outside firm will say its King Roland (spaceballs)". In this way, no single entity is able to abuse the system. They could collude, but it sets the bar higher.

Now, will any of these solve the problem? No. Will it make everyone happy? No. Like always, security, like liberty. is a compromise.

That is, ....interesting. Great way to wake everyone up monday morning :-).

From memory, all the satellites are in the same orbital inclination, so shifting the apparent constellation in time could work. However, I am not a GPS expert, so there may be other factors at stake. Also, there is a simple counter measure, at least for planes and missiles: shield the antenna from receiving from the ground.

What they don't say is whether he is spoofing the CA signal, which is publically known and documented, the P signal, which is encrypted, and best I can recall, is not publically known, or the WAIS signal, which I have no bleeping idea.

To decrypt, don't they just need the private key for the CA? From there I believe its all down hill to eventually get the session keys.

To be honest, no, my expertise is technical, computer and information security.

Thousands of dollars? Lets take the examples I gave. If you are an expert with Oracle, you can probably pick up MSSQL without too much trouble. If you are an expert with one version of Exchange, you can probably pick up another version without too much difficulty. As a perspective employee, t would be dishonest to say I had the experience. If there were a human with a technical background, they should know this. But if it is someone in HR using a pattern matching program, how are they supposed to know this?

I hope your not lumping me into those Occupy people who believe the world owes them everything on a plate. Actually I *DO* pass the cost to myself. *I* paid for my CISSP certification. *I* paid for several high end technical training courses. And I still had problems getting call backs.

I rank free will as being able to determine individual particle outcomes. Quantum is taking a poll of many particles and saying that X percentage will do Y. Which of us is right, who knows? My guess is neither of us.

Inserting Babylon 5 Reference: What do you want?