Lasers can stop a hypersonic missile, but the challenge is getting a beam on the target through the atmosphere. Some of the old SDI tests solved the problem by flying the laser above most of the atmosphere.
What is the math on how much additional heat a laser would deliver to a warhead which is presumably designed with some kind of ablative shielding that is pushing through air compressed into a plasma? It seems like the damage from a laser pointed from miles away through atmosphere wouldn't be enough to change anything.
A practical laser is unlikely to cut through ablative shielding. There are a couple of caveats to this though.
First, asymmetric ablation can destroy hypersonic vehicles extremely quickly. It is a major cause of failure in hypersonic vehicles even when no one is shooting lasers at it. A laser just needs to induce the ablation asymmetry; the physics of hypersonic vehicles will do the rest of the work.
Second, precision terminal guidance systems can't function behind ablative shielding. The terminal guidance system has no protection from high-power lasers.
The linked plane was supposed to destroy missiles directly after launch (presumably by destroying the less-protected missile body instead of the entry vehicle).
As noted in the Wiki, even with a megawatt class laser, you would need the aircraft to be operating inside the borders of Iran for it to be effective, and we do not have air superiority in Iran to be able to do that with a big slow 747. And to be operationally effective, we would need a fleet of twenty of them.
There was also the Adaptive Optics where the beam was shaped by lot of individual articulated mirrors that could be used to correct the beam from not only the atmospheric distortion but how the heat of the beam itself would then change the atmospheric distortion. Supposedly, that tech became DLP.
Some styles may work better in a uniformed military environment than they would in the real world.
In the military, there are strict guidelines on conduct, whereas in the private sector, it's almost anything goes, and workers are often pushing the limits of what they can get away with.
Also, in the military, rank and pecking order are clearly established. Regardless of whether or not the style is "Leader-Leader", everybody knows where they stand with regard to who they need to salute, and who they must obey.
> Regardless of whether or not the style is "Leader-Leader", everybody knows where they stand with regard to who they need to salute, and who they must obey.
Attacking the messenger is an age-old trend in the bug reporting arena.
Microsoft has the backing of many governments, and has access to the best legal teams possible, leaving this guy in a world of hurt.
Microsoft seems to have brought this on themselves by creating a complex and user-hostile bug reporting system. It seems to me that they could have offered this person a job or a contract, because Eclipse has been amazingly effective at uncovering high-severity exploits.
Also, Eclipse could have approached various governments offering the exploits for sale, because a lucrative market exists for such things, assuming they aren't already in the NSA portfolio. Lots of above-board companies do the same thing.
Quotes in this article blame Eclipse for the damage, but the blame should really rest with Microsoft. Eclipse is apparently just one person using an AI framework. Microsoft has vastly more resources to discover and fix problems with their products, but they never seem to do it themselves.
You don't even need to find a whole 0day, you can find step 3 of 14.
Just dump it anon or sell it, don't even try to claim a bounty or get a cve. Without elaborating, they will make sure you regret it
Same goes for games. If you find RCE, report it and move on. If it remains unfixed let a journalist know. Do NOT accept their invite to the studio, they want to have you arrested. Would have happened to me were it not for one dude with a conscience at the company warning me not to go
Do you have any evidence this is actually happening to good faith security researchers?
There are many examples of Microsoft and other large corporations treating security researchers well. Microsoft hosts BlueHat, where they invite external parties to talk about their findings. They thank researchers monthly who do contribute reports to MSRC. As I recall, they treated bunnie well, and I think they also treated “hoodie” (the original Xbox 360 hacker) well as well.
If you find a real iOS zero day that you think has a market value of 2 million, how do you (a) find a legit buyer for it, and (b) ensure you get paid, presumably in your own choice of cryptocurrency?
Even if you dont count obvious dark markets there is plenty of well known companies mostly from Israel buying exploits.
You can even reach them via Linkedin and even demonstrate and sell in person with all paperwork. No risk here because they will re-sell them for much more.
Having it both fully anonymous, safe and in crypto will be harder. You need to have a trusted friend with right connections in industry not to get scammed.
no, I'm making the rhetorical point that the sort of persons that might have 2 million laying around to pay for an iOS zero day for blackhat type purposes might not be the most honorable or likely to actually pay you. And what recourse would you have?
This depends on what you consider black hat. Israeli company that sells surveillance malware to dictatorships around the globe isnt exactly moral, but its legal business.
Unlike Apple or Microsoft buying and selling exploits is their only source of income so they have no motivation not to pay. Reputation is much more important. Also legal system does work in Israel.
I am really somehow happy about this feud as it really demasks Microsoft. The signal Microsoft sends to their costumers (also corporate and government) is IMHO as disasterous as it is to security researchers.
GIGO is an acronym I learned in the 1970s. Things haven't changed much since then.
We live an an era where people have "their own truth", so why not let the AIs have theirs too?
The AI companies have editorial privilege on the content they feed their LLMs, and on the prompts that the users never see. I don't know why they feel a need to interfere when their AI produces something that's politically incorrect. Perhaps it's because they have a fundamental credibility problem with their products...
Over 40 years ago I worked with a guy who had bought a ZX80, and had designed and built his own expansion systems for it. Eventually it reached the point where it consumed most of the space in one of the rooms of his house.
He kept the thing running for many years beyond the point where the technology was obsolete.
Twenty years ago, I bought two Wii consoles for my family when they first came out. Being concerned about the rough treatment my family gave the discs, I eventually modded both of the Wiis so they could read normal discs, and I purchased a HP 410125-200 drive, which I used to back up the more costly titles.
reply