Slashdot Mirror
Microsoft Worms Crash Ohio Nuke Plant, MD Trains
stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
...should be fired. Why was the safety monitoring system on a nuclear power plant exposed, even indirectly, to the internet?
I can't say that I don't give a fuck. I've just run out of fuck to give.
Sysadmins of such networks really should block all ports except for the ones they really need. I don't even think they realise what the consequences of their lack of security can be! Shame on them!
This post could trigger a train of events, leading to NUCULEAR(sic) WAR, and the EXTERMINATION OF THE HUMAN RACE.
Then again, it probably won't.
I live in a giant bucket.
Somebody needs to make a "Clean up virus" that turns the power back on and makes the trains go.
This could be big.
Sig it.
they discovered that 30 square inch hole and the plant was shut down anyways...
CSX decided that train engineers and systems engineers are the same thing. Look how much money they saved...
I think the fault here is with the moron that managed and accepted the software in the first place. One of the first disclaimers all software companies make is that they do not gauruntee that they are suitable for life threatening situations. Who accepted this software? Who speced it? Who supervised their work and ensured that they were competent people to manage this type of work?
It is horrifying that critical systems such as Nuclear (or Nucular as W. says) power plant safety systems have been compromized by rampant known issues with Microsoft Security I believe that it is worse that such critical systems are not better administered. Heads should roll in the IT department. This is also an indicator of how this Nuclear power plant has treated Homeland Security in general. Having such systems exposed to the internet is just plain negligent.
Pfft!
;)
Call me when that train is on a direct head on course with said power plant!
Now that is bad!
..that there are retards in the world who keep me employed through there inability to do the job for which they were hired.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
...before someone really is killed due to M$'s negligence. Sure, one could argue that they should have applied patches and that it isn't M$'s fault but tell that to the jury. When surviving relatives see the potential for a profitable liability suit they are going to go after the biggest pockets and that is M$.
OK, what exactly IS it going to take before legislation is put in place that makes Microsoft particularly, and any other guilty parties, liable (indirectly is good enough for me) for the sh*t quality of their software?
How many people have to indirectly die as a result of MS crap products?
Answers on a postcard to your local Congressman...
You are REALLY telling me a nuclear power plants internal network is connected to the internet without a firewall?
Or even worse, a employee can plug in his notebook and access mission citical systems?
What happened to access restrictions?
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Maybe this will cause some pressure to be put on Microsoft to make sure thier products are secure.
is why anybody still thinks that Windows is suitable for a production control environment. I can understand the pretty gui for someone's desktop, but (and I'm serious when I ask this) what kind of utter cretin would think to put Windows, or any Microsoft product, in a fucking nuclear power plant, completely un-fucking-protected from this sort of stuff?
It doesn't make sense. Use a Unix/Linux machine, make sure it has only the access level needed from the outside (maybe sshd running, maybe), and keep the thing patched.
Why is this rocket science? Why do people who are building nuke plants and rail lines not know any better?
Sorry for going off on a rant, but damn it, somebody needs to say it.
Do you have ESP?
I cant believe that tit took so long for this virus to infiltrate these networks...you think the sysadmins would have known the had dodged the bullet, at least for a while, and patched the hole.
This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.
Actually, I suspect that someone unwittingly plugged an infected laptop into the network inside of the firewall.
It's nice to know my computer is a lot more secure than some nuclear power plants?
If everyone would pay just 10% more each month, we would not have had this problem.
Personally I think the benefits of cheap electricity greatly outruns the downside with only a possibility for some hundred deaths each ten year.
Proud patriot and republican voter.
I was under the impression that the Microsoft terms of use specifically state that Windows isn't to be used in things like critical systems in nuclear plants, planes, etc.
... but Microsoft would probably agree! Someone in charge of instrumentation at that plant needs to be downsized right quick.
I think that a monitoring system would definitely apply here.
Everyone on Slashdot would say that Windows was a bad idea for this
That reactor had been down since February of 2002 due to a 6" hole in the reactor head.
I know that my company was brought down by one careless user on the VPN. The user in question was working from home and had not followed the company instructions/policy for installing zonealarm pro. The result was that they were infected while working at home over the cable modem and the infection then spread rapidly through the company via the VPN.
-aelfweld
I just submitted the same story, it will probably get rejected, so here's some more links:
The Washington Post is reporting that the Slammer worm crashed the computerized display panel which monitors the most crucial safety indicators (coolant systems, core temperature sensors, and external radiation sensors) at Ohio's Davis-Besse nuclear power plant in January. No serious problems occured, primarily because the plant has been offline for more than 1-1/2 years.
Davis-Besse is run by FirstEnergy, which many people feel may bear much of the responsibility for last weeks power blackout.
1. Worms infect Internet taking control of nuclear power stations and public transport
/. story is about someone inventing 2 million sunblock or we're all going to have a really bad day.
2. Japan announces 30 year program to build intelligent robots
3. New Scientist reports self-healing robots a reality, can survive battle damage
4. Arnold announces "I will go to Sacramento and I will clean house".
All I can say is that I hope the next
John.
There is a good chance that the worm also disabled systems normally used to switch power, or route around surges. Just a thought.
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
... and people will stop using Windows in critical systems where failure can have catastrophic results. The only thing Windows does reliably is fail. Whoever decides to run a nuclear plant's safety monitoring system or a civil rail's monitoring and safety system on a Windows platform should be dragged into the street, shot, burned, pissed on, disemboweled and then hanged.
People are morons.
The heat from below can burn your eyes out
Funny you should mention the Blackout. The timing DOES seem interesting. I wonder just what functions inside the electric utilities depend on Microsoft Windows. If it's good enough for the nuclear industry, would anyone be surprised if failure of a critical set of Windows systems were responsible for the Blackout?
It's all fun and games until private computer networks at nuclear power plants have their safety monitoring systems disabled for nearly five hours.
Support the First Amendment. Read at -1
http://slashdot.org/comments.pl?sid=74840&cid=6705 456
/me/ down will you. I sure showed you!
mod
Err... Wait, was that just an admission of guilt? Crap.
In Soviet Russia...michael would be rotting in Siberia!
I've seen networks with effective firewalls still just down by worms. Laptops are a very effective way to breach firewalls -- if a laptop user connects at home, or on the road without a firewall, and gets the worm, it is trivial to bring that same computer into work, and start spreading it behind the firewall.
Perhaps the network admins should have a chat to Ernie Ball, and ask him how this worm is affecting his business/reactor core.
Something needs to be done, to hold someone accountable. This can't keep happening. Microsoft can't keep saying "Oh, we're concentrating on security *snigger*." Either that or the worm writers need to be held accountable.
I find it incredible that people just seem to think there's no way of solving the situation, so just leave it as it is.
Oh well, at least I have my linux box, though I'm sure as many people say, if linux was more predominant, then we'd have our fair share of worms.
But assume it will protect them from everything. Security is more then a firewall.
If a laptop user gets infected he can easily infect the coporate network.
Most networks I have seen have a firewall at the edge to protect from internet traffic but nothing to keep internal users from infecting internal production systems.
That is the error really. What made these people think MS servers are trustworthy and reliable enough to take care or mission-critical systems?
Good thing the plant had analog backups. I think this is a good indication why total reliance upon computers in some cases would be very bad. I wonder how "l33t" the person who wrote the virus would have felt if instead of hurting MS with a DOS attack, they killed hundreds of people in a train collision.
There have already been numerous security and maintenance problems with the David-Besse Nuclear Plant...the plant has come much closer to melting down before this stupid event. See http://www.ohiocitizen.org/campaigns/electric/nucf ront.html.
So any conspiracy theorists out there want to come up with a theory about how hackers were able to kill the electrical grid in the northeast by tampering with one or a few power plants and causing the massive chain reaction???
I live to gib...
Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters.
Thats why trains have human engineers and brakes. It's why people should use good judgement and observation. If you approach an intersection, and see that the traffic lights in all directions are green, use your head and stop, because something's wrong. Of course this is impossible, theres a mechanical failsafe that will make all lights blink red if that happened - making a 4 way stop, similar mechanical fallbacks are employed in the railroads. This is all besides the point.
Techies tend to overestimate the role of technology in day to day life. MARC was shut down more because the clerks were having a hard time selling tickets, since they cant do simple math in their heads.
I don't need no instructions to know how to rock!!!!
Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters.
:)
Will Microsoft's new 'Indemnification push' cover the legal costs for something like this, I wonder?
The operative word is *a* safety system. I can't think of a single plant that relies 100% on 'computer' based monitoring and control. All have *multiple* redundant analog and manual measurement and control systems. What would really be cause for concern is if one of them announces to go 100% to computer-controlled monitoring/control/measurement.
A nuclear plant...
Wonderful!
Hope this REALLY scares the fuck out of people and makes them REALLY start taking notice.
At the same time, when I start thinking of "nuclear plant", "worm", and "system crash" in the same vein, I get a very nasty chill running down my spine.
*Checks to make sure tinfoil-lined jock-strap is in place to protect the "heirlooms".
Chas - The one, the only.
THANK GOD!!!
but the 120 mile crater in Ohio speaks for itself.
Perhaps an accessory system was involved, but rail signalling involves quite proprietary and LOW-SPEED networking (on the order of 30 baud) on TOTALLY private wires.
Rail signalling was gradually developped over the last 150 years, and the earliest remote-control and automatic operations were developped almost 100 years ago.
From the onset, reduntancy and feedback was employed (for example, whenever a switch is automated, a separate sensor arm is attached to the switch points, as to monitor the exact switch position, as opposed as the switch motor actuating arm position), and the technology is extremely conservative (gravity-actuated relays with extremely big coils to pick-up the heavy armatures, contacts made out of special alloys that are guaranteed not to stick in case of arcing - why would they, they are overwhelmingly oversized for the current they carry- and the whole thing is mounted on heavy coil-springs to insure immunity to vibrations).
For compatibility purposes, whenever solid-state components are used, they are absolutely electrically compatible (and opto-isolated) with the older electromechanical relays.
And finally, everything runs on #8 gauge wire and the nominal voltage is 10 volts.
Such an overdesigned system can withstand quite a lot of punishment. So the idea of a worm bringing down signalling is laughable at best.
But if the suits insist on using a paperwork system that is vulnerable to worms, then, such lunacy can explain the outages...
No. Taken to the extreme, this exploitation could cause the train system to stop. Which is what it did.
Ever since the Victorian era, trains are designed to stop if there's a failure. That's what "fail safe" means, not that it is "safe from failure" but that "when it fails, it is safe".
For a simple example, take a look at the _mechanical_ switching gear on the tracks behind my office. More modern electronic or computerised equipment is exactly the same in terms of how it reacts to failures.
Slashdot monitor for your Mozilla sidebar or Active Desktop.
From the submission: "This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked."
As most people who had to fight this worm already know, a firewall doesn't do you a whole lot of good if you have users with laptops who plug in at home, then bring in their infected PCs and plug them into your internal network.
I'm not saying there aren't still ways to prevent the spread of worms, but an internal infection is in no way proof that there's no firewall. In many cases, it's just a clueless PHB who refuses to let the IT department lock down his laptop or install a personal firewall on it.
in an environment like a nuclear power plant, why aren't there firewalls on all clients? i mean, network security in such an installation is about as important as it gets.
it's possible the vulnerability arose through someone accessing internet e-mail. but wall street firms regularly blacklist internet e-mail sites. they do that b/c they're regulated to ensure that proprieties are kept and people aren't defrauded. a nuke though--we're talking more than just dollars and cents here.
it may not be fully the fault of the admins.
ed
Jim Davis, director of operations at the Nuclear Energy Institute, an industry association, says those concerns are overblown. "If you break all the connections and allow no data to pass from anywhere to anywhere, you've got great security - but why'd you put the digital systems in the first place?," says Davis.
Yes, why are you putting digital systems in in the first place, if the price is laxer security?
It should be illegal to say that freedom of speech should be limited.
I don't care if you're running MS, Linux, or FreeBSD. That damn port should've been firewalled and the software should've been patched. What's scary is imagining what could've happened if someone intentionally tried to hack the power plant. Some terrorist cell could cause a nuclear meltdown without ever setting foot in the US.
-- Political fascism requires a Fuhrer.
That is a silly conclusion to come to. Presumably they're also implying the same about the power grid.
I have first-hand experience with Ontario Hydro's IT nework (now Hydro One's IT network ;) and I gotta say - they have firewalls up the wazoo. And this is the problem. They rely on border security. However, on networks as large as the ones being discussed, border security doesn't cut it. There are too many entry vectors. People reading email, people browsing the web, and oh my god people with laptops - the pain the pain.
So before you go thinking "they aren't even taking precautions that would have saved them! Fire them!" understand that it's *exactly* that attitude which caused the networks to go down in the first place - the common misconception the a firewall is a magic wand that will solve all their ills.
Border security does NOT cut it when you run insecure software on the inside, boys and girls. And you can take that to the bank.
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Most likely the laptop belonging to the guy who drops by every week to make sure the firewall is up and running.
Kind of gives "Blue Screen of Death" a whole new spin, eh?
Platform independent bug tracking software
Microsoft announced today that they are in talks to use Homer Simpson as a spokes person.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
I was in Ontario during the blackout, and it was pretty miserable. Everything was closed, and all we had for light in my hotel room was a small candle and my GBA worm light. If the blackout is ever traced back to M$ is any way, that will probably be all I need to permanently switch to Linux (I dual boot Gentoo and XP right now).
ok first why the hell is this system on the 'net! this is totally uncalled for, and no it shouldnt even be behind a firewall, thouse can be hacked 2! and if they need to transfer statistics it should be on a private network.
2) why isnt this running a custom linear os thats designed to just do one thing, and thats check vital signs..
and i bet most of you linux-loving slashdot readers will read this story and think that microsoft are the bad guys here.
think again.
---
Never send a man where you can send a bullet.
here. Surprised this hasn't shown up on Slashdot yet.
Carousel is a lie!
not some zit-stain who just graduated from a 6-month MCSE course
not some fat, smelly dweeb who thinks Linux is epitome of operating system evolution
not some idiotic bigot who starts ranting about how everything from Redmond sucks anytime somebody mentions the word Microsoft
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
It is impossible to overstate the stupidity of engineers who would use _any_ version of the Windows operating system to monitor operations at a nuclear power plant.
I would love to hear that Microsoft's little craphole on port 135 caused the big blackout of 2003, and that this plant was the key infectee.
stuff |
So why on earth did the designers of the powerplant's safety systems specify Windows in the first place? Perhaps paying for a big radioactive hole in the ground is all in a day's work for them.
The residents of the US are lucky that the plant was shut down and there was aparently a backup system, but that was too close for comfort.
Oxford Dictionaries Online
Perhaps the silliest quote from the article:
CSXT has confronted increasingly sophisticated computer viruses, like ones that have penetrated some of the most secure sites in the country in recent days.
Sorry, but they're obviously not "some of the most secure sites in the country". If they were, they wouldn't have been penetrated like this. How can I say this? Because my company didn't get penetrated.
I'm afraid of sounding like a broken record here, because if anyone looks at my past posting history they'll see I've said exactly the same thing. However, the fact is we have mission-critical 24/7/365 servers running Windows (as well as Linux) that simply can not be vulnerable. So we secure them, and we protect them, and put in safeguards, and work together as a team if there is a particularly nasty threat out there...and we keep running. Funny, that.
Sod it; plenty of other posters will argue the point about patching, firewalling, etc., and a myriad of rabid MS-bashers will refute and insult. Let my small voice add merely this to the fray -- it doesn't have to be this way, even if you use Windows. All that is required is people who know what they're doing.
Filter at the switch. Get LAN traffic between workstations and servers, as well as external traffic.
One client of mine is actually considering moving all network drops used by laptops to a seperate switch and putting a firewall between that switch and the rest of the LAN.
I know I'm probably going to get moderated down for this, but the question must be asked.
What if linux got a critical security hole. Because the code is open its easy to send in a rouge patch. Don't tell me it will get caught because it only takes an obsfucated code to make things go wrong. Look at the GNU ftp server for an example. If you think that linux is immune to secuity holes you got another thing coming, What if the debian apt respitrpities got hacked, and a critcal package was hacked by clever hacker that could spoof the md5 sum (its not hard). Those software packages in debian may be stable, but they are probably filled with undiscovered holes that are only fixed in the first version.
Nero-burning ROM for Linux!
With news like this, those initials should stand for "Total Cost of being 0\/\/n3d"
I don't know about anyone else but it seems that keeping such systems safe and secure would be a TREMENDOUS amount of responsibility. It's one thing for a corporate office to be affected and another to have human lives endangered because of negligence.
Maybe I was too naive to think that such systems had more security than they actually do. I thought maybe those "Cyber Terrorist" reports were totally exaggerated, thinking "yeah, they'll break into traffic systems and mess with the lights...riiiight." I suppose now I'm more open to the possibility of such things happening because people with great responsibility are not following through to protect against it.
Why would you expect people who can't keep holes from forming in their reactor vessel to plug holes in their firewall?
One of my my first thoughts after my lights went out (well, not really first) was "I wonder if that worm had anything to do with this." But at the time I doubted that they ran power plants on Windows so it seemed like a very idle thought -- until I found out that the problem started with FirstEnergy, that they owned Davis-Besse, and that they had already had problems because of Slammer! That got me really scared and mad at the people who are running our important systems.
With Blaster, spyware, etc. that seems to be spreading, I've wondered about using SSH only on a machine. Everything has to tunnel through the SSH connection (web, email, X11, etc.) using SSH port forwarding. That way, every machine on the local network would only accept SSH traffic. Any worm that gets installed and runs would try infecting other machines behind the firewall, only to find that those machines won't listen to the worm. Would something like this work?
P.S. Obviously, using this in a Windows environment would be difficult. Maybe this would be another good justification for migrating to a *nix platform.
Overrated / Underrated : Moderation
I mean, they engineer virus vulnerability into their software!
The only thing Windows does reliably is fail. Whoever decides to run a nuclear plant's safety monitoring system or a civil rail's monitoring and safety system on a Windows platform should be dragged into the street, shot, burned, pissed on, disemboweled and then hanged.
You are far too kind.
The Future of Human Evolution: Autonomy
Train control has this luxury. Computer systems onboard airplanes do not... simply turning off jet engines in case of computer failure is not an appealing possibility.
when in worked as a contractor at Virginia Power in 1999, all the temps had internet access. So it was just a matter of time before viruses found their way into Source Safe. When I checked out a project, there goes my hard drive. Guess who checked in the infected file? You got it, a member of the HELP DESK SUPPORT TEAM. Three cheers for the idiots. Oh yah, if you are wondering, the plants reactors were made by Westinghouse in the early 70s, so no computer control there. There are so many layers of mgmt to go through to do anything close to throwing a switch. anyways, no firewalls at virginia power. lots of internal lans and servers accessible by anyone too..
for calling them what they are, Microsoft worms. The mass media likes to call them "Internet worms" or "Internet viruses" But they run on Microsoft IE, IIS, Outlook and Microsoft Windows, therefore they are Microsoft worms.
You're not just connecting to your business partners, you're connecting to everyone they've ever connected to.
The Register article says "It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse's corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network that completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread".
I'd never let a client do that. From a business risk management point of view, you *might* allow a direct connection by a vendor, *if* you had a good contract requiring them to keep good security and be responsible for breaches, and *if* you had secured everything sensitive in your internal network. From a theoretical or technical point of view, you should never trust something you don't control.
Monitoring systems are just as safety-critical as control systems. After all, the feedback loop is part of a control system. Imagine an intruder changing the readings to show that reactivity was decreasing, core temperature was dropping, and coolant pressure was so high that relief valves should be opened. You'd have a Three Mile Island rerun. That system should never, NEVER have been exposed even indirectly to the Internet.
But then, Davis-Besse is the plant where someone thought the way to check for an air leak was to poke around with a lit candle near flammable insulation wrapping critical control cables (1975).
...as energy or transportation but you can't imagine how many poorly secured Windows boxes we receive from vendors to run our broadcasts. Not a week goes by where something isn't missing from a newscast because of some new worm or blank passwords on the administrator account. Why we continue buying from vendors who insist on no anti-virus software installed on their boxes, or whose apps are set up to run under an auto logged on admin account is beyond me. Many of these machines are in unsecured areas where any visitor can walk up to the machine and have instant admin access. Pathetic.
The meme police, They live inside of my head
In actual practice, that may be what happened. The critical control system network itself should be (have been) inaccessible from the desktop/laptop network (aside from known secure methods, a la ssh) with the appropriate firewalls on *that* network (at a gateway, and maybe on each host/node). I can only wonder if the submitter/commentator meant/implied this when they asked why such ports were not blocked.
Yeah... I would suspect this as well (but you never know... they really could be that stupid).
It does bring up however, that one of the biggest risks to networks that are secured is people using laptops that move around to unsecured networks. If there are no measures to firewall laptops off from the rest of the network then its just about as bad as not having a firewall at all.
"indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. "
This *should* state port 4444 where the trojan lives.
*reality* if you don't NEED a port open, don't open it.
Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters.
MICRO$OFT KILLS HUNDREDS! BILL GATES IS FOUND PERSONALLY RESPONSIBLE BY A TRIBUNAL LED BY ALAN COX AND IS SENTENCED TO A GRIZILLION YEARS IN HELL. MICRO$OFT WILL BE IMMEDIATELY LIQUIDATED AND WILL NEVER BE ALLOWED TO PERFORM BUSINESS AGAIN ON PLANET EARTH. LINUX WILL HENCEFORTH REPLACE ALL EXISTING WINDOWS INSTALLATIONS.
But then michael woke up....
I have encountered the lameness filter. I will continue to add garbage to this otherwise extraordinary post because I will not let the Man tell me when I can and cannot use capital letters. Ah, there we go...
So long, michael. Don't let the door hit you...
"Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
I think that's a little far-fetched, and almost amounts to fear-mongering. At best, it displays ignorance of how modern rail systems work. When the signals fail, the trains simply stop - engineers don't look at a broken signal and say "well, gee, I hope there's nobody in front of me, full speed ahead!" In fact, on most modern equipment the braking is automatic when signals fail. I don't know exactly how modern the system is in Maryland, but at the very least there would be a regulation that all trains come to a halt in the event of signal failure. They certainly would not go speeding around without knowing if there's another train occupying the same block.
Collisions can and do occur even when the signals are working properly - it takes time to stop a speeding train. But assuming positioning is all correct to begin with and everybody's following proper speed limits before the signals go out, there should be no problem stopping a train in time once the signals do fail.
Here is a section of the Microsoft Java EULA
7. note on java support. the software product may contain support for programs written in java. java technology is not fault tolerant and is not designed, manufactured, or intended for use or resale as on-line control equipment in hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapons systems, in which the failure of java technology could lead directly to death, personal injury, or severe physical or environmental damage.
Maybe they should replace Java with Windows !!
Am I the only one who thinks all these recent events are eerily like T3?
Next thing you know, the Dept. of Homeland Sec. will issue a regulation requiring the use of Palladium or similar tech. on all computers. After all it is for our 'safety.'
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
First of all, this kind of service should never be connected to the public network, or even better, never to a non-dumb terminal.
Secondly, Microsoft CLEARLY spells out that their software is never to be used in this kind of implementation. Most software manufacturers do -- Sun, Apple, and most Linux distros IIRC.
Now, if this is a case of a critical service being overflowed from a remote location simply because it's connected to a public network, that's bad enough. To be running a consumer operating system on those critical services is simply unacceptable and probably worthy of execution. I don't care if the system was offline at the time -- this kind of thing should be definitely ringing warning bells. I hope whatever moron implemented this system gets fired.
From reading the article the services that went down had analog backups, but it's still unacceptable. Don't connect critical services to the fucking Internet.
That was pure luck.
Why do they have W2k or XP in controlling a nuke plant in the first place. I'm quite certain that I would not even want Linux in there. A realttime or standard unix would make lots of sense, but newer untested OS's... No F****** way.
Sounds like the NRC (nuclear regulatory commission) has recently lost its' mind for allowing something like this.
I prefer the "u" in honour as it seems to be missing these days.
It wasn't one of the carbon blobs from sector 7-G was it?
If Firestone can be held liable why isnt MS ? sure they say in their EULA that they are not but as no-one has bothered to test this (even multi million dollar corps who have lost billions) surely it would be cheaper to sue MS under a class action than continually mop up their failings
they can just carry on making pots of money with no incentive to fix any of their products and goverment/biz continue to hand them cash in effect sponsoring MS to continue
MS stock price actually went UP when slammer/msblast/sobig cost industries billions globally , keep banging your head against the wall because its not hurting the wall
And its 445, not 444. 135,139, 445, and 593 are the four ports you most need to worry about.
Doh!
I'm shocked.
1) That they allowed an infected computer to connect to their network
2) That they're using windows for something as crucial as monitoring nuclear safety at all
Reactor control systems and monitoring systems should be as simple as possible. Problem is analog meters human operators and knobs and rocker switches aren't sexy.
-- $G
I mean seriously, how do they get away with this crap? Yes, I understand that campaign funding allows MS to sneak in their OS to the military, etc... but to actually put this nightmare in critical systems?
What the hell does it take, MS-inducted Chernobyl to make them realize that such an OS HAS NO PLACE in a nuclear reactor? Or how about NT crashing a critical system in a battleship?
Have we REALLY become so pampered that we need a bloody GUI for every frickin thing we do? I don't advocate running X in linux either, it's stupid.
If there were ever a case for a specialized proprietary system, this would be it. Just do something that does the job, and does it well. No fancy GUI crap, no million-other-f***ing-functions that can cause it to break down. Linux is a bit better than windows because you can trim it to be very specific... so something linux-based could be OK (just not a whole RedHat install, or anything else).
I mean hell, it's security monitoring. You could work this with a few text screens, some big red lights, sirens, maybe a nice voice that says "Red Alert" a-la-startrek or something.
We don't need a windows installation, with a million doodads and AOL messenger stating "You've got Meltdown" for a nuclear reactor. We don't need a GUI. We need something that does the job (well), and is secure. Cut out the extra crap... and with MS there is more and more crap you can't cut out ('nix has source, you can trim all you like, but in-house is still better).
Makes you wonder exactly how many systems like this you are trusting your life too. Wonder if we'll find out tomorrow that the power-outage was caused by a virus.
Where do you want to glow today?
Block out the sun completely... thus depriving any insane machines of their primary source of power.
Erm... wait... I think that scenario had a bad ending too...
I seem to remember a while back that the license agreement for windows stated that it couldn't be used in life critical applications, like nuclear power plants, and such. Has Microsoft recinded that clause? Maybe they should put it back in.
-- Thou hast strayed far from the path of the Avatar.
I offered this article about how the Navy/Marine network was brought down by the recent spat of worms the other day but was rejected.
There are a number of other articles our there that give info on this and the reports of other nuke plants being affected on the fateful day last Thursday.
700 m4ny 53cr375....
kn0w wh47 1 m34n?
533 5n34k3r5...
To bad the EULA states that you absolve MS of all liability.
this crap is infiltrating critical systems throughout the Federation
try { do() || do_not(); } catch (JediException err) { yoda(err); }
SOFTWARE crashes YOU!
Sorry, couldn't resist...
Hack your mind out of its sandbox.
Is that nobody gives a shit about (relative to the numbers of Windows machines out there) _either_ Linux machine in the world enough to write a virus for it.
If they did, it would be very easy, there are plenty of Linux/Unix based exploits out there that go unpatched for ages.
Not really, but that seems to be what happens when anything bad happens concerning any other consumer product, a la ephedrine and the baseball player, and coricidin C&C and kids 'tripping on cough syrup.' Microsoft is now like a bad drug, and needs to at the very least, have a 'use at your own risk' warning stuck on the side of it, if not be available only behind the counter at walmart ;)
Speak for yourself.
Isn't there something in the microsoft TOS that says stuff like "This product is not to be used in nuclear power plants" [and anywhere a system failure will put people's lives in danger]?? I recall reading that from microsoft, but i can't recall when.
Seriously, people say, nothing should ever touch the network from outside, but it should be patches as soon as a new patch comes out. Catch-22.
Here is some more information on the vulnerability actually used to crash the train signalling network in Maryland.
I am amazed that the infection of the Halifax Bank ATM machines in the UK -- reported by someone here on Slashdot a few days ago -- did not reach the mainstream press in the UK.
I find it hard to believe that one of the best known banks in the UK has ATM machines that are exposed to the Internet in some way and can get infected by worms. Any UK journalists reading this - I'm sure your readers would be interested to know how insecure the Halifax computer network is.
Cringely made this same mistake the first part of his weekly article http://www.pbs.org/cringely/pulpit/pulpit20030814. html. It's not always the "network" guys that are responsible for system patches and client firewall. Especially not in large companies.
"Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
Not really, the systems that control the signals themselves do not rely on the computers. The are fail safe systems that default to safe conditions when a part of the system fails. Worst case the conductors of the trains would see a wrong or non existant signal and stop.
It's the holy grail of remote administration!
Belief is the currency of delusion.
To think that some of the engineers didn't even know a patch existed ... anyway, why are they running it on Windows? Quite dangerous to be on such an unstable system.
On another note...interesting that newspapers cited MARC issue as signal related; an invasion of the network is much more dangerous and the public couldn't hear this, could they?
It's like Mama said! "Never go sticking your laptop into some dirty...." Oh wait, firewalls and laptops.
Never mind.
Why was Windows running the network? Why was monitor systems near office systems? Monitor systems should be seperate from rest of the system. Like physically, no wires should cross between the two and plugging into the other one requires SysAdmin wiring the port live and handing you an IP.
Gives new meaning to "the blue screen of death"
---
Lousy rotten karmic retribution.
In the end, the previous Cyber Security dude in the Whitehouse, Richard Clarke, noted that if something big were to happen due to lax, specifically, M$ security, that the gov wouldn't hesitate to regulate.
A nuke plant and public transit system seem, in my book, to be pretty big time. Although, the admins are responsible for locking down those systems (shame on them!), M$ still is somewhat responsible for shotty coding.
The whole program is viewable online here.
I actually read a comment on slashdot a while ago, which I can't seem to dig it out right now, that comment made fun of the idea of using windows in mission critical situaltions because of its vulnrabilities and non stablity. Why the heck are they using windows anyways?
The IT section color scheme sucks.
I haven't seen anyone mention this, but Davis Besse has much bigger issues right now. They've been shut down for awhile due to boric acid eating through a containment vessel. There's even a federal investigation on the incompetence of the FirstEnergy Corporation that runs the plant.
9 to pnews.html
http://www.forbes.com/home/2003/08/19/cx_da_081
The worm is just another symptom of some major problems with the running of that plant.
New Meaning to Blue Screen of Death
Had to be said.
With MS systems it's not just a matter of loading a patch, quite often they break something especially third party apps, fail to fix the problem they claim to fix, or open a new vulnerability.
If a model of car were found to be so defective -- bolts breaking, carbonmonixide in the passenger compartment, split drive shaft when you change gears, works with only one brand of gas, plays only approved radio stations, etc. -- no one would think to blame the user.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
What probably happened is that the outside firewall was set up to block access to that port. However, some employee went home, plugged in their company laptop into the DSL line and got infected. Then they came into work, plugged into the corporate network and suddenly the nuclear sysytems are hosed.
Given the advent of laptops, broadband, and wireless networks, it seems that network administrator, increasingly, cannot put faith in the integrity of their own internal networks. The odds are probably much higher that such worms will infect through a company laptop than somehow work their way through a company's external security.
This sig has been temporarily disconnected or is no longer in service
... and I thought your name was John Connor... ah I see! Hiding from the Terminators are ya!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Homer Simpson is alive and active at a real Nuclear Power Plant in Ohio. Only the name of the city has been changed to preserve it's identity...
Silly me, I was thinking the whole Simpson's drama was just a fiction...
Achille Talon
Hop!
As Ann Landers would say, "Wake up and smell the coffee!"
As Homer Simpson would say, "D'oh!"
As O.J. Simpson's lawyers would say, "If the software ain't fit, you can't acquit!"
DT
Is this thing on? Hello?
The infected systems were 'only' in the higher level of the control hierachy. Control systems in all plants like this (chemical, power etc) are built on multiple levels. You start at level 0, which is pretty much mechanical - safety valves, burst plates, simple thermostats. Those ensure that even if every control layer above that goes haywire and tries to make the plant blow up, you still remain safe.
:)
I discovered the usefulness of this after setting a digital pressure control on a pilot plant wrong - nitrogen vented everywhere (which makes an incredibly loud noise), my supervisor went mad, but nothing broke
Here is a news bite I found thru Tom's Hardware . It talks about Microsoft using a Linux device to protect its domain. Rather interesting...
Most software I've seen that uses Java (For a specific instance, if you've got Mechwarrior 4..), has a nice little note in the EULA.
Something about how you shouldn't use Java for mission-critical things like, say, nuclear power plants. *snicker*
Not to bash Java or Sun or anyone; indeed, I find it applaudable that they point that out. But I wonder if such a clause shouldn't be attached to all Microsoft software as well?
If there's an argument against nuclear power, Microsoft is feeding the opposition. Come on, safety systems disabled because of their shoddy products?
This, my friends, is why we're all going to die.
Davis-Besse is run by FirstEnergy, or was until it was shutdown in Feb 2002. It seems they found a hole in a cap covering the plant's reactor vessel. In case you missed it, FirstEnergy is the same company that is being blamed for the blackout.
I'd be more worried if New York City were replaced by a 120 mile crater. Ohio can get fucked; it's part of the Bible Belt.
You know, the person/people that wrote the worm.
Without them none of this mess would happen, they should be caught and punished severely. Proving a point that MS software sucks is one thing but causing potential disaster is another.
"The Internet is a fad" -WB
A clever person solves a problem. A wise person avoids it. -- Einstein
As everyone should know this by now, and I'm sure it was just a typo... but its not 444, its 445.
http://windows.scares.us
Ok, pardon my french.. What the hell are systems in charge of nuclear power plant safety controls doing running Windows? Not to mention having enough connectivity to the outside world to allow something like this.
I don't understand how the safety of an entire city can be maintained by such networks and computer systems. I'd much prefer to see a commercial unix system or some BSD flavored system with NO external connectivity, STRICT firewall rules to not allow it to talk to anything it doesn't have to, only on specific ports, etc. It's not so hard, I've set up pretty good sized networks this way before and I'm borderline redneck.
It's just amazing... Right when I think mankind isn't totally doomed, I read this.
the part where the CIO saves the company a bunch of money, leaves to join another company for more pay, and the old company is completely screwed because of his past policies.
Think it can't happen? Check out the single person responsible for putting HP and SGI and IIRC DEC on the road to Windows, only to end up at Microsoft after his decisions killed the others.
It doesn't mean much now, it's built for the future.
I checked my Solaris, AIX and Linux machines and couldnt find any worms or virus. Where is everyone find these things?
I know this has been said before but why would you have a system in place that runs millions possibly billions of dollars worth of equipment and could cost thousands of lives would you allow some one hook up a laptop from home or any where for that matter to said network. Adding any new piece of equipment should be severely limited. I am constantly amazed by the lack of thought by the people running these systems.
Keep in mind that Blaster was the only one of these DCOM worms that only exploited the DCOM hole. The newer variants, esp. Nachi, also tried to exploit the even-older IIS WebDAV hole. If the infected boxes were on the Internet and serving Web pages, no amount of firewalling will help.
Patch, patch, patch should be the mantra of every company that runs their business on MS software.
Sounds to me like they have BIGGER problems than netwrok security if they have a hole in the reactor head that you can stick both your hands through.
Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
railroad signaling systems being what they are, I'm certain that this could not have caused a collision. Railroad signal systems run on proprietary, failsafe software. Getting trains to bump into each other, in most systems, takes a computer glitch in code, or a specific series of commands to the signal system, plus a human overriding signal indications in the field.
in every signal system i've ever seen (quite a few across the country), the only thing that MS software/OS relates to is supervisory remote control and monitoring. The local signal logic (software or relay based) will not allow for unsafe train movements, even if accidentally commanded to do so, unless very specific conditions are met. Again, an Engineer passing a stop signal, for example, is usually one of the requirements.
It's COTS, it's cheap, it has a pretty GUI, it has all the latest bells and whistles, it can be easily integrated with existing desktop computers.
Mea navis aericumbens anguillis abundat
We had a breakin in my old company from within. Then the network admins and IT folks REALLY ramped up security internally.
The result was a nasty secureID method which changed passwords every 30 seconds. Your password would synchronize against some solar server etc etc. The number of times you need that 2 lb. keychain to log into the unix systems drove people crazy. Eventually people just didn't log out.... leading to ANOTHER security hazard.
>or Nucular as W. says
I thought he spelled it "Nuke-you-ler"
...the membership and the various personnel who manage the site could be relied upon to at least be a little objective; however, in the past 2 years, the mere mention of the word Microsoft signifies evil. Of course, I don't care if people don't like Microsoft, I don't much care for them myself, but it pisses me off to see how stupid a headline the managers of this site will allow to be posted. Do you wish to be known as a *nix only website rather than a *geek website? FFS, "Microsoft worms CRASH OHIO NUKE PLANT, MD TRAINS."
Does Slashdot really want to become a sensationalist news source (ergo, not a news source)?
CowboyNeal will probably say, "heh, we didn't pick the title, we want to give people a chance to exercise those 1st amendment rights, especially opinion", well, if so, you should post everyone's submissions otherwise you are advocating a particular viewpoint (unless the same story is submitted by other people.) I know for a fact that Slashdot's managers prune articles they subjectively dislike and label them 'duplicates or redundant' even though they are not.
Loading...
According to Windows Update, Microsoft renamed "the MS-Blaster worm" to "The Blaster worm".
Now that is pretty lame behaviour from Microsoft, don't you think. And it really shows us why they really do not give us real input on what's going on while you boot that windows xp. They just renamed every error to "Windows is now starting up..."
Why is the saftey monitoring system of a nuclear power plant running Windows?
How is this any different from;
Use a Windows 2000 machine, make sure it has only the access level needed from the outside (maybe sshd or something similar running, maybe), and keep the thing patched."
And it's not MARC's problem... they only run on CSX's tracks.
Dairy Queen let alone a nuclear plant...
f ront.html
Check out http://www.ohiocitizen.org/campaigns/electric/nuc
At least Microsoft can't be held accountable for any of this!
As an Anonymous Coward has said previously, the Java license does have a nuke provision: 3.RESTRICTIONS. Software is confidential and copyrighted. Title to Software and all associated intellectual property rights is retained by Sun and/or its licensors. Unless enforcement is prohibited by applicable law, you may not modify, decompile, or reverse engineer Software. Licensee acknowledges that Licensed Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility. Sun Microsystems, Inc. disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name of Sun or its licensors is granted under this Agreement. Additional restrictions for developers and/or publishers licenses are set forth in the Supplemental License Terms. (emphasis added) That's excerpted from my Java 2 SDK, 1.4.2
All it requires is that someone VPN in with their home machine. You don't need the delay of physically transporting the virus so long as you deliberately open holes in your firewall for people you "trust". (which may keep out script kiddies, but not worms)
As it turns out, this was essentially what happened in this case (it got in through a contractor's T1 line; how the contractor's office was infected isn't known, but I'm willing to bet that the contractor has machines directly connected to the internet).
News coverage from yesterday (8-20-2003) claims that Michigan's Secretary of State offices were down due to a computer virus. The network is back up today and transactions are being processed, according to an S/S press release. Not much detail unfortunately, but I'm guessing excessive network traffic from one of the Big News Story(TM) worms bouncing around.
Who in hell uses windows in nuclear power plant!!????
Who are the retarded idiots that let Microsoft within five miles of nuclear safety equipment? Microsoft's software is not quality controlled to any standard suitable for risking human life, and they even admit that in their EULA (no warranty, no liability).
Healthcare article at Kuro5hin
According to the reports, plant computer engineers hadn't installed the patch for the MS-SQL vulnerability that Slammer exploited. In fact, they didn't know there was a patch, which Microsoft released six months before Slammer struck.
How could they not know about this? All it takes is a simple subscription to MS's security updates and it gets e-mailed to them every wednesday (patch day) that new patches have been released and for what MS OS/Application they are for.
This will probably get me flamed to no end but think about it..
One life and death critical systems they should use proprietary hardware, OS and software.
Not any version of Windows, not any version of Linux, not Intel, not AMD, but something totally alien. Something that is designed from the ground up to be DIFFERENT and CLOSED that can not communicate with the outside world and the system that the outside world run on.
I'm talking about Air Traffic Control systems, Nuke plant controls, railroad traffic systems, hospitial systems, military systems, power systems, public utilities.
I mean NEW CPU's and a NEW OS and NEW software that is so different and so tightly closed that nothing can communicate with it but other systems of the same design.
With every other little dickweed with a Wally World emachine typing "1337" into google and downloading DIY virus labs, and these same little punks having access to the same networks that all the above mission critical systems communicate on, well, it's a disaster waiting to happen.
And when some script kiddie crashes a 747 full of people from his Wally World emachine on his mommies AOL account, what then? Or the same kiddie opens the floodgates on a dam and kills 200,000 people. Or a million people. Or makes a nuke plant go Chernobyl?
When burglars keep breaking into your safe every week and robbing you blind you would assume that it's time to get a better safe..
Before the world went insane and computerized every friggin thing from toasters to pay toilets to the power grid, this sort of thing was IMPOSSIBLE. Time to fix it folks..
Flame away..
Does this mean that if we find the guy who made this virus we can charge him with terrorist acts? Thats a lot of people to put in danger. I dont care what OS had the hole in it.
"I have great faith in fools: Self confidence my friends call it." ~Edgar Allan Poe
It's official...ohio sucks.
Yes, my girlfriend is a BitchX
Is there a Springfield in Ohio?
Simpson promoted
August 10, 2003
Springfield, Ohio
Springfield's own Homer Simpson was promoted to IT manager of Springfield's nuclear power plant today. Simpson promised that his first act would be to remove Unix from all of the power plant's computers. "Whoever heard of Unix anyway? I run Windows at home as do most Springfield residents. If it's good enough for playing games, it's good enough to run our nuclear power plant!", Simpson declared.
Do a google search on "navy yorktown microsoft"
h tml
Yes, and find a lot of crap written by people who repeat a web myth. Now as far as people who were on the ship at the time or who actually wrote the software involved we get a different story. WinNT was not at fault. The truth is that a server app corrupted it's data, a client app tried to use that bad data, and the client app failed to control equipment. Can happen with any OS. Add to this the fact that the ship was a test platform not an operational ship and they were trying to break things.
"Others insist that NT was not the culprit. According to Lieutenant Commander Roderick Fraser, who was the chief engineer on board the ship at the time of the incident, the fault was with certain applications that were developed by CAE Electronics in Leesburg, Va. As Harvey McKelvey, former director of navy programs for CAE, admits, "If you want to put a stick in anybody's eye, it should be in ours." But McKelvey adds that the crash would not have happened if the navy had been using a production version of the CAE software, which he asserts has safeguards to prevent the type of failure that occurred."
http://www.sciam.com/1998/1198issue/1198techbus2.
"McKelvey writes that the failure, "was not the result of any system software or design deficiency but rather a decision to allow the ship to manipulate the software to stimulate [sic] machinery casualties for training purposes and the 'tuning' of propulsion machinery operating parameters. In the usual shipboard installation, this capability is not allowed.""
http://catless.ncl.ac.uk/Risks/20.37.html#subj1
How about applying security patches to all Laptops first? They're surely not mission critical servers and it would easily reduce this kind of problems by a large amount.
Not that it's very important, but I belive the port it spawns the shell on is 4444, not 444 as stated in the post.
Well if it did MS would certainly be in real big shit. Microsoft have started to have way to much leverage getting away with this kind of shit! Any other company in America would be getting raked over the coals by now.
OH THE SHAME I fell off the wagon and use sigs again!
Why in heavens name are critical systems running consumer-grade software...and worse, why are they connected to the public internet?
And then there are VPNs...fine for offices, but not critical infrastructure - critical systems should be on totally separate, dedicated private networks, period!
Among my biggest fears in regards to computer worms, etc somehow getting into a nuclear weapons system and causing nuclear missiles being launched - in particular nuclear based ICBMs which are less protected; Windows is used on some nuclear subs from what I've read - frightening!
Windows is all well and good for the kind of stuff that it's made for...word processing, e-mail, web client, gaming, and the like. However, there should NEVER be any kind of connection between a Windows box and the mission-critical systems of a power plant. Heck, as far as I'm concerned, Windows shouldn't REALLY be used for Web servers, because that's a Unix job, and I'd suggest HP-UX, Linux, *BSD, or Mac OS X. Some operating systems (Windows, Mac Classic, BeOS, probably certain graphics-etc-oriented Unices) just aren't suited to high-demand or mission-critical servers.
Wow, I'm actually getting upset over all this. Why are critical equipment residing on the same segment as client machines. You can have client machines connecting to servers without opening up unneccesary ports. So that the servers still run. If the client starts blowing up then you know that everything is still going to run.
Anyone who allows a laptop and stops all services from running is asking to booted.
The frustation is great..... Can't fight it.... Turning green....
Morons.. Absolute morons. Heads should roll.
People should mod your post to "Score 6, Debunking". You have hit the nail on the head. The article's line "taken to the extreme..." is a classic example of slashdot sensationalism.
Not necessarily! The worm could have gotten in because someone brought in a laptop with the worm and plugged it into the internal network.
Either way, I'm surprised that network isn't locked down tight! My DSL network at home sounds safer than theirs, and all I've got is a $99 LinkSys router/NATer/Firewall box that blocks all incoming connections!
The worm I got and the reaction I got from the mail administrators was very disturbing. The thing exploded out of Outlook's preview window, spawened multiple porn browsers and did God knows what else. I turned the computer off hard. The IIS people at corporate cenrtal did not believe me, executed to completion the thing by remote control without realizing it, recomended that I simply not use the preview screen and said that they got stuff like that all the time and it was "a normal part of advertising." It made me sick. They thought I was worried about being shit canned for looking at porn and were oblivious to the implications of rooting a desktop that could remote into any other desktop in the company. STUPID FUCKING MICROSOFT CERTIFIED ASSES. Whew, I really was angry and I still am.
My plant's server was also a pain. It was some goofey overpriced Dell "server" that collected information from plant systems and made it available. It failed often and required many late nights for the people in charge of it. There were many such system but the newest one had the most information. It also had the least abiltity to do real damage. For all it's faults, it was an improvement over what was there but was not required for the safe operation of the plant. It could have been done much better had Microsoft not had anything to do with it.
The answer is not to dissconect the "business" network from the plant information systems, it's to fix the network in a fundamental way. First, the network needed to be split into an Engineering section and an Adnministrative section, with Engineers only having partial access to the Administrative network and Administration haveing NO access to plant data systems. Data systems already have NO access to control systems, and this is a good thing. These architectual changes are valid regardless of software used but Microsoft must be eliminated from all of it. From a pure business perspective, having your information available to sabotage is unacceptable and that's what Microsoft's poor security record yields. Free software is superior from a security, and functionality standpoint and is now equal in ease of use. If running Microsoft keeps engineers from viewing plant data, while giving competitors and sabatours full access to such data, the costs of Microsoft is obviouly too high. Seperating engineers from their data, as Security Focus's write up implies, would be a costly mistake. I have every confidence that power plant operators will make the right choice soon.
Hell yes, I'm mad. I just about screemed this at the top of my lungs while I was there and was ignored. When the business comes, I'm more than happy to work for someone getting it done.
Friends don't help friends install M$ junk.
CIO : I'd like you to connect the monitor server up to the LAN please
NA : No
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The /. crowd has VASTLY inflated ideas about how secure, reliable, and well-designed the control and monitoring systems are at nuclear plants and other big, dangerous facilties. Insecure computer networks are just the latest version of the old story.
To wit: At the Three Mile Island plant, the control room was a nightmare. Horrible human-factors engineering to save a few bucks. For example, a control knob might be on the opposite side of the room from the meter you'd need to watch to see if you were doing the right thing.
In the most amusing example, the operator console in the center of the room had a forest of absolutely identical black levers crammed together, where it would be a Bad Thing if the wrong one were pulled. To tell them apart, the operators did a bit of machining and installed beer tap handles on them -- e.g., "Michelob" for the water feed pump, "Bud Light" for the steam generator, whatever. Yes, it was that bad. And TMI was not much of an exception.
In another example, there was almost a catastrophic fire at the Browns Ferry plant because the official method of searching for air leaks in some electrical vaults was to hold a candle near the junction and see if the flame flickered. Too bad the insulation was flammable....
Yeah, I think it's terrible too, but doing things the dangerous way to save a few bucks is nothing new.
...Microsoft sued for killing people. We all knew this was true, now the courts have a chance to prove it to the world.
-- Liberalism is a mental disorder.
I work on a military network that has the policy "one path in; one path out"... and let me say that policy has nothing to do with reality. What was very interesting about the most recent worm was that the communications infrastructure organization (whom we will refere to as CS) got a very vivid lesson in network security... or lack there of.
The base I'm on is well firewalled (sidewinder) and the ports that the initial variants of Blaster used were blocked. e-mail is virus scanned and the desktops/servers are all patched via SMS (remember, everyone had a full week to patch before the exploit code started showing up).
Despite all these measures (including MS SMS patching), the worm still got on the network and infected a sizable number of desktops (let's just put the number in the low 5 digit area).
So, how did the worm get there if the firewall blocked it's propagation from the outside and e-mail was scanned and desktops were (supposedly) patched?
two words: user entropy.
How many people within any given org are on laptops? (you know, the people who take their work home with them and connect to the internet via an ISP that doesn't have a firewall) How many rouge modems are there? (and remember, with the advent of NAT and dialing appliacnes, one doesn't have to have administative access to a PC to establish and unauthorized path) How many GoToMyPc enabled desktops are floating around? Haven't run across GoToMyPc yet? You will... and it will traverse your firewall and web proxy quite easily. Think you have all your bases covered? Ask yourself this question: If a users plugs something requesting a DHCP address into a RJ-45 wall plug, will it get a usable address? Probably. Ok, there's 802.3x, but how many laser printers actually have this capability?
Admins try to make things work. In complex environments with dumb end-users, this means making things simple. Lots of simple systems (remember with the first S in most of the TCP/IP protocols stands for) interacting with one another leaves a lot of room for, well, "Slack".
The only real way to contol security is to have a closed system with tight control (satellites, power grids, etc.) Then you only move the security threat to insiders (who should be opt-ed in so deeply it's not psychologically possible for them to be a threat).
What's disturbing is that important systems seem to be going the commoditization route with respect ot IT infrastructure. Whatever happened to completely physically seperate networks (but, oh, you have to get your patches from somewhere and waiting for the technet CD isn't an option)?
...that was fucking funny.
"If you're thinking what I'm thinking, you're right." -
Laptop? That should be the least of your concerns. Worms get in through IE exploits on port 80 and email. They require no user action. A firewall won't protect your soft monoculture underbelly. Once the worm is in, it's off and external control can be established through alowed ports.
Microsoft has had more than a year to fix their goofey browser and mail clients but have dicked around with other unimportant things instead. DRM, WMP spyware, IM "fixes" to block other clients are all massive wastes of resources at a company with so many security problems. The only fix for those idiots is replacement.
Friends don't help friends install M$ junk.
The war on terror that is. If a nuke plant melted or trains actually crashed, the damage goes beyond just blue-screening some stupid Win PC. I would expect at that point the search would be on, no borders considered, for the authors. That should give food for thought to the next teen squirt who thinks its cool to modify a virus/worm and release it as his own.
Friends don't help friends install M$ junk.
The infection resulted in a slowdown of major applications, including dispatching and signal systems. As a result, passenger and freight train traffic was halted immediately, including the morning commuter train service in the metropolitan Washington, D.C., area. Contrary to initial reports, the signal system for train operations was not the source of the problem. Rather, the virus disrupted the CSXT telecommunications network upon which certain systems rely, including signal, dispatching and other operating systems.
So what are they using to manage their network? They're using InCharge "Service Assurance Manager".
-
CSX will implement InCharge(TM) Service Assurance Manager and InCharge(TM) Availability Manager to ensure the reliability of its Next Generation Dispatch Network, the core IP-based infrastructure that controls the dispatch and timely operation of 1,700 trains and over 20,000 carloads per day. More than 2,000 routers back this complex CSX network, each with multiple points of connectivity and multiple layers of redundancy.
InCharge IP Availability screenshots make it clear what platform it runs on.Any questions?
Dumbasses at nuclear power plant allow systems to be brought down by a bug microsoft and the IT security industry warned people about weeks ago. Management unaccountable for making their lazy IT employees do their job.
ever open email on a pc behind a firewall?
viruses don't care about firewalls other systems that do not work..
Remember most email filtering is done on Unix/Linux machines...
not that windows adms are stupid..but they still believe MS bullshit about being secure..
Don't Tread on OpenSource
From Your CIO
What! I read in CIO magazine that MS operating systems were "ROBUST" and "simple to manage".
The low-level "reflexes" of reactors - the systems that actually run things minute-to-minute - are certified out the wazoo, and have received scrutiny at a level similar to the software that flies the Shuttle or commercial airliners.
As such, those systems are typically many years out of date relative to current hardware and software - if they were upgraded, they'd have to be recertified, and certification is so expensive that keeping thirty-year-old hardware running is cheaper. There are reactors in the US that are still controlled by PDP-8s (4K of 12-bit core memory, folks).
As others in this thread have said, the system that got hosed at this reactor was a modern status display added well after the reactor was signed off on and running. If it crashes, the operators get harder-to-understand information from the simpler systems in the control room, but the basic safety systems are still in place.
Homer Simpson to the contrary, the people who run nukes aren't completely stupid.
To a Lisp hacker, XML is S-expressions in drag.
We were all lucky the blaster worm really wasn't destructive..
Sure it was annoying, and a DDOS isn't good, but it COULD have been really malicious and MUCH worse...
The ability to run arbitrary code on a server opens up your entire infrastructure. But the moron had machines reboot to announce they were infected.. what was he thinking?
Or was this just a distraction from a much larer and sinister plan?
---- Booth was a patriot ----
For what it's worth, I remember an accident on the D.C. Metro in Bethesda when I was living there, sometime through 94 and 97. I couldn't find anything in my admitedly short search, but essentially it was on a shared part of the track during slightly wet weather. The Metro slammed into the read of a slower freight train, and the only death was the driver. An investigation showed that the train was being controlled remotely. He had radioed in they were travelling too fast, but couldn't stop it. I think he may have warned the travellers to move to rear cars, but he had no door into the cabin for security reasons.
Sudden inspiration to use WashingtonPost.com and not Google
Well, I did a search of WashingtonPost archives for 95-98. It was January 7th of 1996, the tracks were icy, and the control was by a central computer. It kept it at 75mph and when it did brake for the station it slid into a parked train. Other than later articles discussing various probes into whether the possibility of the problem was known and ignored, I can't give much more info. The full text in the archives is only available for a fee, but the relevant facts were in each's first two paragraphs.
I guess my point is even the brakes didn't help, once the train was doing 75mph. Don't assume that human intervention will overcome computer error. a) They can make the errors a lot more quickly than humans can compensate. b) Sometimes we misread the errors.
If interested, archive search. I used Metro, Train, accident, from Jan 96 - Mar 96. If you expand to later dates you will see the followups.
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
Or it could mean that someone ran an executable email attachment inside the firewall.
I subjected this story on monday??? And someone else submits it LATER and this gets accepted?
This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.
It means no such thing. It is perfectly possible to have machine (such as a laptop) infected on the outside, then brought in and connected to the inter LAN, where it starts infecting machines it can reach.
And sicne when does port 444 have anything to do with it? Once exploited, the victim is running a command shell on port 4444.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Who would run nuclear safety equipment on windows? Does Homer Simpson really work at our nuclear plants?
CIO : I'd like you to connect the monitor server up to the LAN please
NA : No
CIO : Would you like to choose your replacement or should I? I have almost 100 resumes to pick from!
We have absolute rules against plugging YOUR laptop into OUR network, and it's enforced against men.
Women, however, just go crying (sometimes literally) and he makes an exception for them. The boss had an alcoholic mom and has other issues. It also has the side effect of whenever something really stupid happens, it was a woman who caused it.
There's always going to be software holes and idiots who don't patch them. Some people need to remove the stick from their ass and come down to earth a little bit. We can't just wish that everyone will run a perfect setup (there's no such thing anyway). It'll never happen.
When are we going to start treating the techno-terrorists like the criminals that they are?
Thank goodness there really was no danger! If the monitoring software had crashed while the plant was operational there could have been a serious breach in... wait a minute! Did you say "a 6-inch hole in the plant's reactor head"???
8-bit processors still dominate the CPU market in terms of volume, and very nearly in terms of profitability. They are virtually never used as general-purpose computers anymore, but due to low cost of development, deployment and testing, they are ubiquitous in the control systems industry.
Companies like Atmel and Microchip are constantly devising new and better 8-bit microcontroller chips for this market. A lot of them are available in hardened grades for just these uses. A modern one will often bundle the entire machine onto a single chip, with as much IO and analog interfacing as you could ask for.
Reading the ENTIRE assembly dump of a 32K program is rather simple. A team of a dozen engineers can verify it in a matter of a couple months (I mean formal verification here, like you would do for a truly critical system, not just "give it a look over").
While truly using a BBC micro is a little obsolescant, the ideals that caused them to do so are sound.
Hardware, software, and blinking lights!
Rules of IT:
1) Do not place a vulnerable system on a critical network unless absolutely necessary.
2) When configuring a computer/server, always assume that you are hooking up to a hostile, unfiltered network.
If they'd applied these two rules to their network, routers, servers, etc., this likely wouldn't have happened. These are pretty basic ideas, folks. If you have a Windows box on the same network as a computer controlling nuclear saftey checks, you better have a damn good reason and you better check for patches weekly.
~Dalcius
Rome wasn't burnt in a day.
Because Windows patches commonly turn services on even if they were explicityly off (or in some cases deleted), or add completely new functionality without documenting that they do.
Plus, even with sshd access, you have a hard time monitoring it remotely, much less patching it without rebooting it.
I know quite a few people like that who are gainfully employed. But then, I'm in aa. Lotsa weirdos around there...
Best Slashdot Co
Why no packet content filtering on the T1?
On the inernal network?
On each individual hosts?
Why no periodic antivirus scanning of all storage media in the facility
Why are the control systems on the same network as the business network?
Why not completely isolsate the control systems from any network connected to "the wild"?
Why is there no oversight of security masures that subcontractors use on connected networks?
Why no continuous security training of the network and system admins? (could be done on work time, in house, etc)
Why use the same OS for routers, firewalls, and control systems as you are using on the desktops?
Of course we know the answer, all of those things would take time and cost money, and why spend money on something that may not ever happen.
It seems that they were too busy thinking about "business" when they should have been thinking about minimum security requirements and what could go wrong, even if it as yet has not. I'm sure it was "more profitable" for them to do things this way.
Read, L
Completely pointless.
First off the sys admin should have been fired.
Subscribe to Cert or what not I learned about the patch as soon as it came out and I'm not being paid the big bucks to maintain a nuclear power plant.
Second, how the hell did you fools get "ANALOG BACKUP SYSTEM" mixed up with Microsoft?
I thought I was safe. I've been running Software Update Services for 3 or so months now. But some computers weren't set to use SUS, so they didn't get patched.
No problem though, the ports are blocked on the firewall.
Then one of the sales guys comes back from a sales trip, and plugs in his laptop that hasn't been talking with the SUS server for awile, and he's caught the worm and doesn't know it.
And before I know it, I have three machines infected!
Ok, only three isn't so bad. But it would have been far worse had I not had SUS up and running on 98% of my computers. But the point is: firewalls aren't enough to protect you!
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
this just brings us back to the age old question - should software companies be held responsible for monetary and possibly phsyical shortfalls that can arise from flawed code? Until there is some sweeping legislation introduced, MS's EULA will cover their pussy asses against anything. MS on the desktop is hardly acceptable, but it should not be used at all in mission critical systems/networks.
_+_+__+_+_+_+_+_+_+++
when i moo u moo - just like that
not knowing about this. Some of us like our blissful ignorance, thank you.
I predict that it will happen. As bad as it may seem, the computer (especially software) industry has major quality control problems. There aren't many other industries where you can ship a non-functioning system and then patch it (with the cost and the responsibility laid on the customer). This methodology isn't necessarily bad in itself. In fact, some customers may prefer it. BUT many companies have been taking advantage of it to the point that it is past the acceptable limit.
One reason causing problems is that the software industry (and I suspect the whole computer/tech industry) simply hires the lowest paid person for the job. Often, these people don't even have university degress (many learned it via some certification program or a few courses). Instead of spending the money and developing proper systems, companies literally hack together something and cut corners.
I think what will happen is that there will be a major crisis (perhaps millions of people severly impacted by some software bug) before this whole system collapses. I simply cannot see the world progressing as it is now. We are already at the point where people can lose all their sensitive information on their computer simply due to some virus they didn't patch (keep in mind that end-users and even companies often dont' keep up and patch everything). Once this catastrophe happens, the whole industry will be regulated. Costs will go up but quality will too.
The other engineering fields (civil, etc) went through something like that. There was a point (100 years ago) when anyone could build a bridge. Often many of these bridges were shoddy but people were willing to live with them since they were cheap and it was the norm. But when they started collapsing and killing a lot of people, things changed...
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
Our network was totally gone all wednesday, so I spent the afternoon down the pub :)
Now next time, could they make it a Friday so we can make a long weekend out of it!
I more or less accept that it is *possible* to generate nuclear power, and store the waste, 100% safely. But as stories like this illustrate, not everyone is doing it. Not even in the U.S.
(Yes, I know this particular plant was off-line at the time, yada yada, the point still stands.)
I think it is a less then wise approach to continually point and laugh at Microsfot like this. Yes, there software is buggy and flawed. Yes, they can be slow to react to problems/flaws within the operating systems and applications.
However it is worth noting that Linux and OSS in general is not without its flaws either. Its just that there is not so many exploits of it possible or even those that are, are not pounced on by the media. This is because of the (incorrect) perception of the media that Linux is not a major force in the marketplace. When a script kiddie is setting out to get attention and make a name for themselves which OS do you think they'll target? Linux is not that attractive to these guys as its not likely to make headline news around the world as Linux is not firmly embedded (by which I mean market penetration) in all aspects of business and home computing compared to Microsofts software YET.
At some point in the near future (and I hope its very soon) Linux's market penetration is all aspects of computing will become much larger and then thats when the virus writers will turn to it.
So instead of sitting here and slagging of how terrible Microsoft is at doing its job people involed need to be sure that when the time comes that Linux and OSS can do its job properly and not make headlines like this.
Basically, people can plugin their unprotected laptops into a network of unprotected machines. It would be a different story if laptops connected to a different segment that only allowed connecting to inside using safe protocols like ssh. But still not as good as running an OS that only exposes services that the user meant to provide to the network, with the default being none. No remote registry editing, thank you.
People do it because it is a lot cheaper. Also many people don't know much about Linux or its capabilities. Yes, that's no joke. I'm unemployed now but even a few years ago, I ran into many (apparently highly qualified people) who only had a Windows-centric view. I suspect things haven't changed.
:( )...
If I ran a software company providing a Linux-based monitoring solution, I highly doubt many would buy it. Windows on the other hand is widely accepted...
It's just like this: If you had to use a scripting language, why does everyone go with VisualBasic and don't even consider stuff like Python? Granted, VB is good at some stuff but Python is platform indepdent and can do things better (if scripting is all you need). Yet, if I ever utter Python I would be run out of the company (if I had a job that is
A lot of the people in the tech industry are ignorant. This is especially true for tech managers and CIOs. For these guys, the latest press release or published report (which is always from a large corporation) is all that matters. Microsoft or IBM or whatever could be selling the worst software and they would still buy it over one from a smaller company...
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
I know this is obvious and will be repeated here many, many times, but... What kind of people will run critical public-safety systems on Windows? Who in the Hell is that stupid and can still get into that kind of position of public trust? And then... And then... Connect it to the Internet? What?!! Wise the hell up, people!
I think he actually meant the backdoor 4444 port, which is stupid to block since there are already variants using different ports.
When will it end?
"Microsoft Worms Crash Ohio Nuke Plant"
Ummm...no, it clearly states in the body: disabled a safety monitoring system for nearly five hours.
100% of the blame for all of this damage rests on Bill Gates.
Bill Gates sets the standards for software development at Microsoft. Bill Gates decides what is, and is not, accpetable in the design, coding, and testing phases of Microsoft products. Over a year ago Bill Gates came up with the "trusted computing" fraud.
Microsoft makes much of its income by selling bug fixes for software they shipped knowing it was no damn good. What do you think new release is? Mostly just bug fixs plus new window dressing used to add more bugs. Bill Gates has made his fortune by deliberately selling inferior software.
If I owned a company that sold ladders that have the same failure rate as Windows does, it would have been sued into bankruptcy and I would most likely been put in jail the first time a ladder failure was linked to so much as a broken leg. Yet, Bill Gates is the wealthiest man in the world. Free to continue his crime spree.
The magnitude of the fraud that has been perpetrated by Bill Gates & company is so huge as to constitute a crime against humanity. He has done more damage than all the terrorists who ever attacked the US. It is beyond treason. He should be tried for his crimes. If one person has died as a result of known bugs in Windows then he, and the entire management chain below him should be hung.
The latest attacks on world infratructure facilitated by Windows must be the last. It is time to prosecute the man whose greed and disregard for humanity enabled all of this damage. The accumulated wealth of Bill Gates and Microsoft should be used to compensate the victims of his crimes.
Stonewolf
There is no way an exposed, critical system would ever get NRC approval.
he phrasing of the article, while not incorrect, is woefully incomplete, and thus irresponsibly misleading.
Nuclear plants have safety critical systems, which are hardwired and isolated. They also have duplicate, completely passive "monitoring" systems. These provide the same information as the critical systems, but are for reporting purposes (not control) only. These non-critical systems make their plant telemetry data available, via fiber for electrical isolation and then a leased land-line, to off-site facilities.
These facilities include the utility company, the NRC, the plant designer company and others. There is very little control over these systems because they are essentially "syndication feeds" where plant data can be stored, observed and so on. They have no influence back to the plant. The plant is, in effect, broadcasting status information out to these select interested parties.
What these parties do with the data, and how they treat it, is largely up to them. The systems receiving this data do not require the degree of isolation that plant systems themselves do. They're regular LANs, and don't need to be anything more sophisticated than that. But, since they are receiving and processing plant monitoring data, they can be considered part of the "safety monitoring system on a nuclear power plant".
What this sounds like is the failure of a second or third tier of monitoring and processing. Sort of like having a local office of Charles Schwab go down due to the virus, and having the article say that the "virus took out Charles Schwab's ability to function". Or, upon www.weather.com going down, stating that the virus caused the National Weather Forecasting system to fail.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
Mod the parent up, it's bang-on. I've worked on software for accessing PDP-8 nuclear files on a Windows platform... you haven't seen fun untill you've seen ASCII packed 3 characters to 2 12 bit words.
Anyway, I know from experience in other areas also (specifically heavy industry like steel) that the critical systems are not PCs (some old PDP 11's and such, but they're being phased out) but rather DCS or PLC systems that are hard real time and much more reliable in both software and hardware than any PC solution.
Do you think that the Debian packages maintain themselves? Do you think you can get away with just submitting a rogue patch, even if you had CVS commit access?
An interesting article then:
Toward self-diagnostic APIs for embedded systems
Did anyone read the headline and think of Robocop 2?
Fucking Laptop Users!
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
This may be true, but Osama's deputies can't push a physical override button from a laptop in Eastern Afghanistan, or turn a hand-valve with a targeted virus.
Free Software: Like love, it grows best when given away.
This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.
d com-faq.shtml
Shouldn't that probably be port 4444 ?
http://www.its.caltech.edu/its/security/users/rpc
check whether anything is listening on port 4444 on your machine; this would be a strong indication that the Blaster worm has installed its backdoor, or that your system has been broken into by an attacker who has installed a backdoor program similar to the one automatically installed by the Blaster worm. Note that 4444 is an arbitrary port and there is no reason that intruders or worm writers must continue to use it.
To-do List: Receive telemarketing call during a tornado warning. Check.
Kent Brockman here, with the weather report...what's the death count, Ted? Well, Kent, right now the death count is (scrolling numbers) ... zero! But it's ready to shoot right up there any minute now!
The corporate media makes money off terrifying us. What do you get?
Jeff
Good thing they've still not caught on to what happened at Black Mesa. Our secret is still safe.
So the virus writer is completely off the hook. 100% on Bill Gates? You really want to pin 100% of the blame on ONE man? That's assanine and very narrow sighted.
The accumulated wealth of Bill Gates and Microsoft should be used to compensate the victims of his crimes
That's just a little communist don't you think?
The problem is that we are slowly upgrading these systems built on 1950's and 60's technology into 'todays' technology. A lot of the issues present in todays technology weren't known when the regulation was written. Look at what is being used to evaluate software as 'safe'
link
The bottom of page 17 (Adobe Acrobat count), section B.1. I find particularly interesting. The current method of review for these safety critical systems is to make sure all the documentation checks out, and if the vendor followed a good design practice, then the conclusion is that the product is safe. BS!
The document also states that software can't be modelled in a lab like, say a pipe or a concrete wall. That is showing the documents age. Maybe 6 yrs ago it wasn't feasible, but with the 2-3 GHz processors currently available, as well as the development of simulation tools that allow modelling of hardware and software together I believe it to be feasible to actually test these systems using fault injection techniques.
sysadmins kill people.
They are totally phasing out having ANY people running the trains at all. It's currently being done via wireless remote control here in the North East. Combine that with the worm and THEN think of the problems!!
This sounds like lucid, logical thinking. I am behind you 100%. As a first step I say we all stack our PC's in his front yard and have a bonfire.
Sincerely,
Ted Kaczynski
Why in the world are critical systems like nuclear saftey systems and railway saftey systems running Microsoft software? That's like playing Russian roulette with 5 bullets in the revolver. I can't wait until the next MS worm makes airplanes start dropping out of the sky.
Anyone see Terminator 3? I bet that worm spread using an MS exploit. That was really Microsoft's central offce they blew up in T2.
How come so many network administrators at critical facilities like DMV's, train companies *nuclear* power plants, etc. are such F***ING RETARDS? It is beyond unbelievable. Jail time should be mandatory for total negligence such as this.
For the first two years at my current job I told my supervisor (senior VP) things like:
- The server room should have a door on it. And a lock.
- The electrical/phone closet should have a door. And a lock.
- An IDS would be a good idea.
- Some company security policies would be a good idea.
- Some client firewalls would be good, especially for our remote/vpn users.
- Some backup hardware would be a smart idea for our main network components.
These were always greeted with responses such as "We don't have money for that" or "Don't waste your time on that." Finally I suggested that we hire an expert consultant to perform a security audit. Oooh, magic words. Consultant came in and gave same recommendations. Suddenly, not only do we have enough money for all our previous suggestions but for the consultant, too! I'm not complaining, though, really. I got what I wanted. You just wish that if the company had the confidence to hire you, they might accept that you have some expertise in the field.
This is the same power plant that was shut down due to a boric acid leak. And since the blackout was mentioned in passing, I'll go ahead and add that the plant is owned by FirstEnergy.
The closest windows gets to something importatnt on a Nuke Sub is "maybe" in the ship's office.... But submariners don't have much time or need to produce PowerPoint presentations. -- If it detects, classifies, or destroys; it ain't done in windows!!!!
"Hey look everyone! The screen's changing colors! Wait a minute, why's it melting? Why's my skin burning? Why is it so hot in here?"
The same nuclear power plants and train control stations that had been hit by viruses were subsequently slashdotted by geek resumes in email to replace the imbeciles that ran those places. The DDoS attacks prompted the FBI to enforce a no-geek-shall-send-his-resume-to-a-microsoft-based -crashed-company-no-matter-how-badly-they-need-a-r eplacement policy.
If we can build accounting software under GPL for free, we can fix up nuclear safety control systems using C/java on FreeBSD.. for free. Nah, if they're dumb enough to pay for MCSEs they should pay for real skill.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
I AM a doctor, and even some of us can't afford the malpractice insurance.
Talk to a Neurosurgeon... some of them pay more each year in malpractice than I make (and I'm talking about my gross, not my net).
It's extraordinarly bad for them because the things they are asked to fix are often bad from the start, and people have unrealistic expections. When they hear that their grandmother has a big intracranial bleed, and that the neurosurgeon is working on her, they think she's going to be good-as-new after the operation. The unfortunate truth is that almost everyone with a big head bleed has persistent deficits after it's over, even if the operation is successful. Unrealistic expections + high-dollar, deep-pocket target + resentment + litigious society = astronomical premiums.
More lawsuits are not the answer.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
the ticket counters at Air Canada all throughout Canada were shut down by a virus recently.
"You're on my side and the dark side, like Lando Calrissian?" --Gimpy, Undergrads
I'm an engineer at a safety switch company. We make Temperature and Pressure switches. Yes, the same ones that are used in nuclear power plants. Basically, as a purely mechanical switch, the entire computer systems can shut down and all our switches will do is turn off whatever is on. Or turn on whatever is off. ie: backup systems whatever. These systems are usually not computer controlled, only computer monitored. In essence you've lost all your remote ears to your nuclear power plant. The systems still works, all you need to do is walk around the plant to monitor it instead of sitting your lazy ass browsing eBay.
It's not a mission-critical safety system - it's a safety-monitoring system. It has a pretty display and graphics and charts that can be viewed in several different locations over a network. The actual safety system resides in a small controller that may or may not be connected with ethernet (serial links are very common) and it has a tiny processor, some flash memory, and it's total program size is probably less than the Sobig virus. The system will keep on running until you turn the power off to it (and its redundant backup system runs down as well). Mission-critical systems in industrial facilities are not vulnerable to Windows flaws. The most convenient interface to them may be, but that's not the same thing.
I think not. In his post he says that
That's the SLAMMER SQL WORM in JANUARY
Not the MSBlaster worm that's been going around for the last week or so. Blocking ports 135 or 139 or 445 would not affect the Slammer worm since it uses the 1433 MS SQL port.
Sig (appended to the end of comments you post, 120 chars)
"Nobody gets fired for installing Windows" now should read: Nobody used to get fired for installing windows... Heh!
Hello! I'm a disaster waiting to happen!
Do a search at www.google.com for evil empire :)
Guess which Redmond-based company is on the top
Covenient google link
Even more annoying, probably more common scenario: dumbass user on DSL connection, no firewall -->gets infected with msblast from the internet-->connects to company VPN -->virus spreads all over the company network.
red hat 7 shipped with the RPC port OPEN. ("mmm! hackers love noodles!") at least red hat gave me the capacity to close the port. so i rapidly learned admin basics, and locked my system down.
MS ships with DCOM (=RPC) open. windows DOESN'T allow me to close the port. instead it forces me to (1) wait a day for their server to be not bogged down (2) download a service pack, and spend 2 hours installing that. (3) download their patch. (4) hope that all this bullshit doesn't break my functional machine. (5) trust that they fixed the hole, but the port's still open (i just portscanned my patched machine-it's wide open).
so is MS chronically stupid, or is it leaving a deliberate backdoor on my system? how many users WANT a remote procedure call port open to any/every user on the whole friggin internet?
what did ms discuss with the "justice department," back in the day?
with Microsoft DCOM, port 135, your zipper's always down, and you have to trust bill gates that you're wearing underpants.
concerned? why not send him a letter?:
"DEAR BILL GATES,
AM I WEARING UNDERPANTS?
-SINCERELY YOURS,
A CONCERNED WINDOWS USER."
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
Fortunately, the plant was already offline as it failed a safety inspection months ago. They had a 5" hole that had been eaten through some surface or other, IIRC. So, at least there was no chance of the worm causing another 3 Mile or anything (at least, this time)
Yeah - the end of the world is near enough. Just give more control of the nuke systems over to windows systems, and behold soon there will be no more windows to worry about. MS Windows:' This world has caused a fatal error. Everything will be terminated'. Press 'OK'.
Is there a Springfield in Ohio?
Why yes, there is!
The truth about Scientology, Xenu, and you: Operation Clambake
Actually there is a very easy way to lock that port.
Start->Settings->Network Connections->Local Area Connection->Properties->TCP/IP Properties->Advanced->Options->TCP/IP Filtering
Then set it up how ever you want it
Sig (appended to the end of comments you post, 120 chars)
If I set up a safety critical system using out-of-the-box Redhat 6 with no firewall restrictions and no patches and get root'ed by SSL exploits, is Redhat 100% responsible for my stupidity? I think not.
It comes down to this, if you are administering a critical system, it must either be completely isolated from the internet and from any other machine that is ever connected to the internet, or you have to keep it patched. Either way, it is only common sense that you firewall the system and only allow access via ports necessary for the operation of the system. Ports necessary for maintenance operations should normally be disabled and only enabled during maintenance operations.
If you don't understand this, you should not be in charge of a mission critical system.
One place I think you can blame MS is their decision not to continue releasing patches for Windows NT 4.0. Many safety critical systems can't just be upgraded to a new operating system on a whim, there is a lot of testing that has to be done. In the current climate, many companies are unwilling to fund these upgrades for a "possible threat". While it costs MS money to build these patches, I suspect the bad PR associated with these events is even more expensive, and maybe (just maybe), it will help entice MS to actually code buffer overflow checks as a standard development practice.
Isn't it obvious that a system like this can't be open to the internet? Heck, there souldn't even be any physical connections to the internet or similar.
I wouldn't base my choice for a home OS on how it functions in large control systems such as these. If you did that you would probably end up running some form of real-time operating system or some mainframe system.
The two situations really have nothing to do with each other unless you are running a train traffic signal network, nuclear safety monitoring setup or large power grid on your home system.
"I have a porkchop, you have a porkchop. I have a veal, you have a veal".
sent these links over to matt drudge. maybe we'll get a WORM CRASHES NUKE SITE! headline. that would be fun..
that would depend on the job, wouldn't it. Sounds like a first rate sysadmin. The sort who applies larts without hesitation.
Best Slashdot Co
I said: 100% of the blame for all of this damage rests on Bill Gates.
And you replied: So the virus writer is completely off the hook. 100% on Bill Gates? You really want to pin 100% of the blame on ONE man? That's assanine and very narrow sighted.
I expected this response. Once, when I was in college I owned an old truck. After I had it for a while one of the door locks broke. This didn;t bother me because I didn't keep anything of value in the truck and the truck had so little resale value that no one was ever going to steal it.
One Saturday night someone found the broken lock, put the truck in gear and coasted it down the hill and onto someone's lawn. It caused some damage. No big deal. I figured it was a one time thing and did nothing.
A couple of weeks later that same thing happened. More damage was done to the neighbors yard. After the third time I fixed the lock. Even though I was not legally at fault, at some point I become responsible for the damage done. Without the broken lock, the damage would not have been done.
Over the last decade Bill Gates has authorized selling hundreds of millions of "broken" locks. Software with severe security problems. These are problems that any reasonable development or testing process would not have let out the door.
Good grief, I was warned about the dangers of buffer over runs in my first programming class in 1972. This isn't rocket science. It is criminal neglect.
The virus writer is like the idiot who kept parking my truck on the neighbors lawn. He could not have done it if I had take the reasonable action of fixing the lock.
I said: The accumulated wealth of Bill Gates and Microsoft should be used to compensate the victims of his crimes
Any you replied: That's just a little communist don't you think?
You really have no contact with reality do you? Read the US legal code on collecting damages for harm done. If I harm you or your property you are entitled to compensation. That legal principle predates communism by many thousands of years. The concept of an-eye-for-an-eye is pretty well understood and has been carried forward from the dawn of time and lives on in our current legal code.
Stonewolf
interesting. thanks, i'll play around with it. still got to wonder why it defaults to wide open.
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
I understand you and even agree with you on some points.
The difference is that if you are using Red Hat you know that reasonable precautions have been taken to make the OS secure against known threats. If you are using MS you have no such assurance.
I'm willing to hang the idiots who authorized using Windows for applications where life and limb are on the line. I'm willing to hang the virus writer too.
But, as you pointed out. MS refused to supply security patches for systems that could not be readily upgraded. So, they clearly put profit ahead of the public safety. Microsoft, and Bill Gates, are criminally liable for all damages that resulted from that decision. They must be prosecuted for those crimes.
Stonewolf
Hey Ted! It has been a long time since you nearly got me with that "package" up at the old UoU. I'm not surprised to see you working for Bill, but that is the kind of organization that would appreciate your special talents.
I was really hoping to never hear from you again. Now, where is the FBI's phone number...
Stonewolf
Wow! I bet Microsoft is happy that they hold no responsibility due to their lawyers' talent of writing a great EULA! Too bad their software developers can't have the same talent in software engineering...
That is all.
Fixed-point math loses accuracy as well, but in a well-defined way that is easy to account for in the algorithm design.
This may not be an enormous risk on a dataset that is calculated once and discarded (like a user display), but if the data is to be stored and manipulated, accumulated round-off errors can add up quickly.
The other real worry with floating-point numbers is that the range they express is such that some operations (like adding) will lose an operand entirely due to problems with the exponents being drastically mismatched.
Hardware, software, and blinking lights!
I haven't done anything as critical as SCADA, but I've done some PC/104 with QNX. It's a nice system, for what it does.
Hardware, software, and blinking lights!
You've got to be kidding me.
This can't be true! Please tell me it isn't.
Who the hell uses MS Windows to monitor a _nuclear__power__ plant_?
I would've never thought I'd be so happy to live in germany. At least our nuclear plants have their own, customized real time operating systems watching over what's going on.
Jebus Crickey, I'd suggest you'd get yourself a new set of plants right along with that new powergrid that's due.
We suffer more in our imagination than in reality. - Seneca
I don't know about the rest of the items stated, but I do know for sure that the Davis-Besse is off line and shut down, and has not operated for almost a year to replace a corroded steel dome on the containment building. The reason for the long shutdown is that the replacement dome has to be custom made, and imported from, of all places, France. Additionally, once the severe corrosion was found, the NRC was all over First Energy (owner and operator of Davis-Besse) like white on rice. Perhaps this is a bit of urban legend, or another case of the media blowing something all out of proportion (again).
The only reason there are no Linux worms is becuase nobody uses that crap!
Whilst I can see your points - to be fair, in MS's license agreement, it explicitly states that Windows is not to be used in the control of life support equipment, nuclear plants, or other situations where failure will cause a hazard with the risk of injury of death.
All the more reason to hang the idiots who deployed it, but the blame in this case is NOT will bill gates.
Hopefully this sort of thing is a bit of a wake up call for people that there are better alternatives out there, and that computer security is NOT something to be lax about.
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
This is as bad as any terrorist activity. I wouldn't mind seeing Microsoft execs and any sysadmins related to these problems brought up on charges of terrorist activities. Yeah, they would get off, but it might get the freakin point across.
. Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
"Microsoft Worms Crash MD Trains into Ohio Nuke Plant"
The fact that a worm disabled safety systems at a nuclear power plant, or the fact that the safety systems at a nuclear power plant are depending on windows.
----
All of whose base are belong to the what-now?
I think it's time to activate SkyNET. It will crush this virus in no time. And it will clean up all the systems....
.... why yes, of course we know the risks associated with SkyNET controlling all world nuclear/satellite arsenal. Yes, we're confident everything will work fine. After all, it was coded by the US goverment... running Windows.
"Microsoft Windows: the electronic version of the Hindenburg". I seriously suspect Microsoft of deliberately allowing their software to "burn" like this, to give todays internet a bad reputation. The establishment and corporate giants were really disturbed to wake up and find out in 1993/1994 that this thing called internet was no hoax. Even Bill Gates first reaction was that it better go away. Windows 95 was released and the game was started. Rulers and establishment today find them in uncomfortable positions. They have 2 options :
-
Take over the complete world, so then rule and control the complete internet.
-
Remove the internet, or severely restrict it by technology, which is not tied by the constitutional borders of countries. Think of Software Patents, DMCA and Palladium.
I don't know, but i reckon, also heard from other people, that the current rulers/establishment really hate internet, when they cannot totally control it. This is key point in the new world arena.Robert
Windows is a BUSINESS operating system - for desktops and servers running business and entertainment applications. I believe that anyone at Microsoft and especially, at their legal department would agree that using Windows to route trains or monitor nuclear reactions is just CRAZY!!! However engineered these system needs to pay. And pay BIG time. There are a disgrace to the industry. As well as the manager who allow this insanity.
This are CRITICAL SYSTEMS and no critical system should be running crap like Windows and even have a connection to the Internet - no connect AT ALL. They need to be secure. It was never designed for this!
Someone could have a brought an infected laptop from home. Of course, if these are life-critical they should be firewalled even from their own "internal" network as extra security precation (as often you can't just go rebooting these types of boxes once a week just because a new patch came out).
People with production systems are reluctant to alpha test microsoft's patches on their production machines. That's not happenstance, that's policy. Microsoft Senior Vice President Craig Mundie recently suggested that in the name of security, it may be appropriate to force you to install Microsoft patches or updates, and if that breaks your existing applications, well, it's for your own good.
If you think about it, if MS-Support keeps breaking third party apps and/or keeps recommending wiping the hard drive and doing a clean install, they get rid of all third party apps through attritition. It's by wearing down the flunky doing the install or using up all the flunky's time or the end user being unable to use the app until the flunky can fix it. Rather clever, I think, even when considering that Microsoft is more of a marketing company or pyramid scheme than a tech company.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Because we are better than that. Whould you like to be kicked while you are on the ground. What if you put yourself there?
Basically managers needing it cheaper trying to replace full engineers with coders.
It really is a recipe for eventual disaster
Have I completely missed something here ? In addition to the obvious port 135, I thought it attacked on the cifs port - tcp/445, not 444.
You weren't to blame in the truck scenario other than a little bit of negligence. I would venture to say at least 80% of people would've agreed with your assesment, that the truck wasn't worth the trouble of fixing the lock. Wouldn't you say that the person who put your truck in gear is the bad guy? After all, if he didn't put the truck in gear it wouldn't have ended up in a lawn. Sure, you could've prevented it, but that doesn't make the attacker right. Even if you had the lock fixed, the attacker still could have broken a window to get in.
.01% of the problem, and who knows, maybe Gates really WANTS to fix the software. Maybe it's just too damn big to be feasible.
We can't continue to just write off these bad people. It's time that cyber crimes be punished just like other crimes. There's no way software, buildings, or cars are 100% secure. The whole situation is a function of ease and reward. If ease of doing it is great or percepted reward is great, then immoral people will find a way to inflict damage for their own purposes. In the slammer case, the virus writer got a rush from causing what I'm sure is billions in damage. Maybe he'll be exalted in his little anarchist community.
I agree that Microsoft should fix their software. I don't think that's possible without a rewrite though... The software encompasses too much for one person to get their head around. If one person can't understand it, how can one person, or even a small group of people, hold others accountable? This is precisely why Bill Gates is not 100% to blame. Gates doesn't code the actual software. He has input on the strategic level, but he can't MAKE programmers code correctly. He can't double-check their work either - checking 1% of the code would be a full time job. So how can Gates be 100% accountable? He is only one person in management at the company. I wonder how many managers Microsoft has anyway...
At least Microsoft release patches. If the patches are applied then the problem is solved. Any good admin will keep up with the patches. Sure it's a royal pain in the ass, but that's why they call it a job.
So, all of this is why I believe Gates isn't 100% to blame. I think Gates is about
Things you learned in 1972 don't apply as much in the world of 2003. Good principles are still useful, I'm not saying preventing buffer over runs is bad, but the way of thinking in 1972 isn't the best way to be thinking.
I can see your eye for an eye argument, but it's too simplistic. NOTHING is that simple when it comes to companies such as Microsoft. Imagine the impact that Microsoft has on the world... You may be inclined to argue due to your selective bias, but I'm sure Microsoft software can be directly correlated to positive economic growth. Yeah, let's kick down the economy some more by putting Microsoft out of business - that's a sound plan. Quit trying to punish achievement. The whole problem here, is that people would rather blame Microsoft for the world's problems than fix them. Take some initiative or get out of the way. Don't just sit around and gripe - it's unproductive.
It makes not difference if you're running Red Hat. You've got to know how to use Red Hat to make it secure. Just like you have to know that applying patches is part of making Windows secure.
The very fact that you way you're willing to hang the virus writer too means that it's not 100% on Bill Gates. So what's your argument?
The problem here, is you've got haters... You've got so many people that hate Microsoft just for the sake of hating Microsoft. I guess hating Microsoft is sexy right now. Maybe it's because Windows is the ruling OS?
Linux is not one big cohesive product like Windows, and it's not backed by a single corporation like Microsoft. Why attack something that's decentralized? Not enough visibility or gain...
You said "The accumulated wealth of Bill Gates and Microsoft should be used to compensate the victims of his crimes." Your true colors showed a little bit before you took a step back into legal talk.
If you really want to get legal, there is no case. There is no malice, Microsoft doesn't purposefully try to harm it's customers. There is no intent. The best case would be negligence, but that can't be shown either. Microsoft may very well be doing everything in it's power to fix problems. They certainly release patches, usually well ahead of time. Microsoft can't be sued for lazy admins.
But then again, you weren't speaking literally were you? You just thought you would spew some idealistic garbage... I completely understand.
Admin: "Wow, that really sucked."
Employee: "Yeah."
Admin: "Wish we had something that could have prevented that."
Employee: "Linux systems weren't affected by it."
Admin: *pause* "Hey, how much does this Linux stuff cost?"
The rest of this conversation is left to the imagination of the reader.
-----------------------
You are what you think.
Of course what I said was simplistic. I have only a few paragraphs to make my point.
Let me concentrate on the power of Bill Gate to create buggy software. You say that one man cannot... You are correct, one man cannot do much at all. But, Gates commands an army. He sets the policies, he set the procedures, and he choses the commanders under him. When he decided that MS had to take on the Internet it took only a matter of months for MS to pivote and charge. Gates, order his commanders to go in a different direcetion. He got rid of the onces who balked and he hired new ones that understood what he wanted. The army moved.
The top commander in an army or a corporation has enourmous power because his decisions are carried out by thousands of people. If gates said to do a complete line by line code inspection of every bit of Windows code, it would be done. And, I bet it would only take a few month to do it.
It is the fact that Gates has always put quality and reliability as the lowest priority that Windows and the other MS apps are the way they are. He sets the standards so he gets the blame.
In any history book you will read of battles. You will read about the decisions of the Generals who won and the Generals who lost. No one mentions the decisions of the soldiers (except in truly heroic situations) because their decisions only affect a small part of the battle. The decisions of the general effect the entire battle. And, at the end. It is the commanding generals who get the credit and the blame.
It is the same in busines. The top guys make the broad stroke decisions and everyone else marches in step. The CEOs, Presidents, and BPs get the credit, the big bucks, and when they pull an ENRON, they get the blame and they go to jail.
Gates has been the top decision maker in MS since the beginning of the company. His decisions, his blame.
Many other people have taken criminal actions to exploit Gates' errors. They deserve punishment. But, there is a legal theory called "depraved indifference". It is a few step beyond negligence.
In my opinion releasing new versions of Windows with a complete code inspection is depraved indifference for the welfare of the entire world.
Stonewolf
i filtered all incoming tcp connections, but, from a port scan on that same machine, the port is still open.
whether it would look like that from the outside, i'm not sure.
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
- White Knight of the Order of Mihoshi Enthusiasts