So my next iteration of fun reading on security, logging and other topics.

• Security and fraud: different worlds, same people?  To me this story was pretty shocking; now I guess I should accept that for some people security business is just another scam.
• ROI Again? The paper goes like "Darn the terms and definitions, it is a good thing." But what "it" is? If you never define it, how can one claim that it is a good thing? Amrit then comes and drop kicks it. Thanks buddy, what "a paradigm shit"!
• A really good read (and I mean it!) about security evolution comes from Gunnar. Check the table he has and weep, really weep.
• "Fifty years of DARPA: Hits, misses and ones to watch" (past history) and "Fifty years of DARPA: Hits, misses and ones to watch, part II"  (current project to watch) - extreme fun!
• An [ex-] TJX employee explains that TJX security is still horribly broken, yes, even after the breach and all the hoopla.
• Finally, one intelligent comment about Google "Indiagate" (warning: Slashdot link). This story reminds us that Internet + different countries, culture, laws =  big problem that will only grow bigger.
• Third Annual Movie-Plot Threat Contest ends (winner, finalists, all entries)
• Read "State of Affairs" from RSnake, then "the nature of things" from Jeremiah, then  "grossman and rsnake lay eggs" from LonerVamp. Welcome to the world where everybody is 0wned and nobody is talking! Think a little. Stop when you get to "... so it sounds like a good idea to be a blackhat today. should I switch sides?"
• Along the same line, Emergent Chaos on Blackhat Tax. Will it finally make security "a cost of doing business"? When I read stuff like I pray that a set of useful security metrics will be sent to us by the gods.
• Can security be "built-in" and "transparent to users?" Sorry, but no; read this, this and this.  Security is about humans, not bad OSs and weak network protocols.
• Interesting discussion on ISO2700x and ISO17799, sparked by my blog post. So, why not ISO? People seem to insist on doing compliance regulation by regulation despite all the known inefficiencies of it...
• Finally, Richard Bejtlich's gem - no, GEM: "Security": Whose Responsibility?" Read it NOW! BTW, C-I-A is dead.

Enough for now!

In development for more than 30 years, the research is beginning to bear fruit, and may soon spawn more powerful bombs, warheads that tear apart stone and concrete, mines that can be set to stun or kill, and grenades that can swat rockets or mortar rounds out of the sky like flies.

"You can get effects that are more precisely tailored to a particular target," says John Pike, director of Washington military research group GlobalSecurity.org. "And you're able to get a greater effect out of a smaller munition."

Reactive materials are combinations of materials that are normally stable, but, when subjected to sudden shock -- such as striking a target -- release a large amount of energy. Depending on the composition and warhead design, the energy can be released as heat, a blast or a combination of the two. Unlike conventional explosives, RMs cannot be set off by fuses. Technically, they are classified as flammable solids, and they are less hazardous to transport and store than explosives.

While they're more energetic than explosives, RMs are not intended to be a substitute. Instead, they will replace warhead components normally made of metal.

An analysis of U.S. military procurement papers and defense contractor presentations, as well as interviews with companies working on the technology, suggests that a wave of munitions using reactive materials may be headed for a battlefield near you.

The material can dramatically magnify the yield of conventional bombs, and do away with the waste embodied by a bomb's inert metal skin. The U.S. Air Force's 5,000 BLU-122 bunker buster, for example, contains just 780 pounds of explosives; the other 80 percent is the bomb's thick steel casing. DARPA's Reactive Munition program (.doc) aims to replace that steel with RMs, to create a bomb with a blast four times as powerful. Alternatively, a new bomb could be half the size of existing weapons but twice as powerful.

Conventional warheads could also benefit from an RM makeover. For centuries, shells have blasted out steel shrapnel, small pieces of metal that cause damage with their high speed. Defense contractor Alliant Techsystems is developing a warhead called BattleAxe for the Air Force that uses fragments made of RM instead of metal. Those fragments will explode on impact, making the warhead far more effective against soft targets like trucks.

RM shrapnel is also being touted as the ideal way of shooting down incoming rockets and mortar bombs (.pdf).

A radar-guided defense pod can automatically engage incoming rockets or other threats using RM-based grenades. Weapons designers suggest that RMs can be five to ten times as effective as the existing inert shrapnel for this task. Moreover, RM shrapnel can be engineered to burn out at a set distance, so there is no hazard to nearby friendly forces.

Bullets can even be made of RM. The Navy's new electromagnetic railgun has been criticized because it can only fire solid slugs, not the usual explosive shells. However, documents reveal that tungsten-based RM rounds are being developed for the weapon. These will explode on impact, making the railgun effective against buildings, ships and vehicles.

Shaped charges are another application where RMs can increase the effectiveness of existing designs. In a shaped charge, a hollow metal cone is surrounded by explosive material, which is then detonated, forcing the blast through the small end of the cone.

"The action is analogous to stamping on an open toothpaste tube, ejecting the liquid contents," says Douglas Millard of British defense contractors QinetiQ.

Replace the metal liner with RM, and the explosive power of that jet will increase dramatically.

"Such reactions are highly exothermic and therefore lead to the release of large amounts of energy, which is in addition to the kinetic energy within the jet," Millard says. "An increase in the energy coupled into the target occurs and this results in the creation of greater damage to the target."

QinetiQ is marketing an RM-based shaped charge called Connex for oil-well perforation in the civil market. Meanwhile, the U.S. Army is developing a demolition charge called Bam Bam that blasts a jet of RM deep into stone or concrete, producing massive damage

One version of the Bam Bam charge is intended for demolishing bridges and other structures. An alternative version blasts broader, shallower craters in roads or runways, making them useless.

RMs will also transform another mutation called the Explosively Formed Penetrator, a modified version of the shaped charge. Instead of producing a narrow, short-range jet, the Penetrator fires an aerodynamic slug of metal over a long distance. It's best known as a favored weapon of insurgents in Iraq. Again, replacing the metal with RM makes a much deadlier weapon -- after punching through armor, the slug releases energy like a grenade going off.

If you're a weapons designer, RMs also offer amazing flexibility. Alliant Techsystems is building a variable landmine (.pps) -- a so-called "dial-a-yield" weapon that can produce a range of different effects.

At the lowest setting, most of the output would be light -- a dazzling warning that would be impossible to miss. A higher setting would produce intense heat, creating a "discomfort zone" to drive off intruders. The third setting produces a nonlethal blast, like the concussion stun grenades used by Special Forces. If lethal force is called for, the mine could be set to produce either inert shrapnel or reactive shrapnel that explodes on impact.

RM munitions may face legal challenges. Under the St. Petersburg Declaration of 1868, the use of explosive projectiles with a weight of less than 400 grams is forbidden, as is using incendiary ammunition, like napalm, against personnel. But RMs are not technically explosive or incendiary, and although the effect on human targets might cause protests from some groups, they are likely to be accepted, human rights experts say.

"Like any weapon, it would have to go through a lengthy effectiveness and then legal review, " says Marc Garlasco, senior military analyst at Human Rights Watch. "If used in the open against military targets, it does not seem to have any obvious problems at first blush."

However, there may be technology issues too. Although the developers sound very upbeat in all their descriptions of RM munitions, producing material that will reliably release energy only when required is extremely challenging.

"The fact that they've been working on it so long and don't seem to have fielded anything yet suggests that there may be a problem with the technology," GlobalSecurity's Pike says.

Normally new weapons are fielded rapidly if there is a military demand -- assuming they work. So far, RMs have not made it into the field, and the technology may not be as mature as developers suggest.

But Pike also notes that there has been an unprecedented surge in munitions development over the last few years, with "all kinds of weird stuff" being developed.

So after decades of being kept very quiet, reactive materials may soon be making a lot of noise.

---

Check out Danger Room for more on reactive materials.