Some times, late at night, I just go with a stream of conscious Google Search to see where it takes me.
Well, last night – it definitely was a trip down a Rabbit Hole.
As some of you may know, I worked with Project Trojan as a Defense Contractor, specializing in Satellite Communications. During that time, we fielded a specialized system called TATERS.
I LOVE IT.
So what is TATERS you may ask?
AN/TSQ-191 TROJAN Air Transportable Electronic Reconnaissance System (TATERS)
The TROJAN Air Transportable Electronic Reconnaissance System (TATERS) program draws heavily on the technology previously fielded in the TROJAN program and as such relies on Non-Developmental Items (NDI) equipment for integration into its subsystems. The equipment used in the TATERS system is commercial off-the-shelf and build to print. TATERS has a modular design consisting of four subsystems, and each subsystem resides in a separate shelter.
The four subsystems are:
- Common Hardware Intelligence Processing Subsystem (CHIPS); Receiver Group, OR-366/TSQ-191(V).
- Satellite Communications INTELSAT/DSCS Nodal Subsystem (SCINS); Communications Subsystem, OZ-73/TSQ-191(V).
- Primary Electrical Equipment Life Support (PEELS); Power Plant, Electric, PU-812/TSQ-191(V).
- Temporary Occupancy Troop Shelter (TOTS); Shelter, Non-expandable, S-792/TSQ-191(V).
In June 1990, HQDA tasked the SIFO to develop the TATERS system, nomenclatured AN/TSQ-191(V), Acquisition System, Signal Data, which would provide a worldwide, forward-deployed configuration capable of a quick-reaction response to low-to-high intensity conflicts and counternarcotics applications. To minimize training requirements, TATERS would utilize the monitoring and detection technology already proven in the TROJAN system, and be compatible with the present TROJAN communications architecture. Mission requirements may dictate TATERS deployment to remote locations such as mountain tops in order to achieve line-of-sight positioning. Consequently, TATERS must operate in harsh environments and must be self-sufficient for extended periods of time. TATERS is air transportable on the C-130 and can be slingloaded on the CH-47.
What makes this particularly cool – With all my exhaustive searching, I have never found any pictures of this system…..other than the ones that I took of the SKINS portion.
Microsoft released seven security bulletins today to address 24 vulnerabilities, including critical updates for Internet Explorer, Windows and Microsoft Office.
The Internet Explorer bulletin, MS14-080, has the broadest scope, and contains 14 CVEs – none of which are known to be under attack, said Ross Barrett, senior manager of security engineering at Rapid7. The IE bulletin also shares a CVE with MS14-084, the critical Windows update.
“The shared CVE with MS14-084 presents a patching and detection challenge because exactly which patch you get will depend on the configuration of your system and the version of IE,” he said. “Systems without IE will only be offered the MS14-084 patch. Systems with IE 8 and older will be offered the MS14-080 AND the MS14-084 patch. Systems with IE 9 or later will not be offered the MS14-084 patch because the issue is addressed by the MS14-080 patch. Clear as mud, right?”
MS14-084 resolves a vulnerability in the VBScript scripting engine that could enable an attacker to remotely execute code if a user visits a specially-crafted website. MS14-081 is the final critical bulletin, and is aimed at vulnerabilities in Microsoft Word and Microsoft Office Web Apps. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software.
“In most cases this type of issue would only be important, because typically a document format use-after-free issue requires user interaction to exploit, but in this case because of the potential for exploitation through Sharepoint Web Apps the risk is greater,” Barrett said, who said that MS14-80 and MS14-084 should be the top patching priorities.
Next on the list, he added, should be MS14-081 and MS14-075, the latter of which addresses four vulnerabilities in Microsoft Exchange Server and is ranked as ‘important’. MS14-075 was deferred last month. The remaining bulletins are also classified as ‘important’, and impact Microsoft Office, Excel and Windows.
In addition to the Microsoft fixes, Adobe released patches for Flash, Shockwave, Reader, Acrobat and ColdFusion. The Flash update fixes six vulnerabilities, one of which is currently being exploited in the wild (CVE-2014-9163), noted Chris Goettl, product manager with Shavlik Technologies.
“Along with Flash, admins will need to deploy the Internet Explorer Advisory and a new release for Google Chrome, both of which will allow the plug-in to be updated in the browsers,” he said. “Adobe also had another release since last Patch Tuesday, so if you haven¹t patched your system in a month, you will have two pending updates.”
“The Adobe Acrobat and Reader updates include resolution to 20 vulnerabilities,” Goettl added. “Adobe also rates this as a Priority 1 update. Some of the vulnerabilities being resolved could allow an attacker to take control of the system.”