Slashdot Mirror
Microsoft Worms Crash Ohio Nuke Plant, MD Trains
stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
This post could trigger a train of events, leading to NUCULEAR(sic) WAR, and the EXTERMINATION OF THE HUMAN RACE.
Then again, it probably won't.
I live in a giant bucket.
Somebody needs to make a "Clean up virus" that turns the power back on and makes the trains go.
This could be big.
Sig it.
they discovered that 30 square inch hole and the plant was shut down anyways...
CSX decided that train engineers and systems engineers are the same thing. Look how much money they saved...
Pfft!
;)
Call me when that train is on a direct head on course with said power plant!
Now that is bad!
1. Worms infect Internet taking control of nuclear power stations and public transport
/. story is about someone inventing 2 million sunblock or we're all going to have a really bad day.
2. Japan announces 30 year program to build intelligent robots
3. New Scientist reports self-healing robots a reality, can survive battle damage
4. Arnold announces "I will go to Sacramento and I will clean house".
All I can say is that I hope the next
John.
The MARC network admin should be tied to the tracks a la dudly doright (sp?). Hope that signal to switch the tracks gets though...damn... That'll learn ya for hooking an operational network to the 'net'.
Same with the power plant. Your office is now located in side the containment building. Do you think they would pay more attention to the network security?
Fired??? Nah, just put him in charge of hand-polishing the fuel rods or something...
Stop by my site where I write about ERP systems & more
but the 120 mile crater in Ohio speaks for itself.
Most likely the laptop belonging to the guy who drops by every week to make sure the firewall is up and running.
No, OpenBSD. Running on a ZX81, I recall Clive Sinclair saying that you could use ZX81s to run Nuclear Power plants...
Microsoft announced today that they are in talks to use Homer Simpson as a spokes person.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
You are absolutely right. It's a symptom of a heavily regulated industry (electricity, railroads) that they end up with a dumbass sysadmin.
Full and total deregulation would have likely prevented this from happening.
Amazing magic tricks
Is a "rouge" patch available at the next Mary Kay party? Is that similar to wearing cucumbers over your eyes when you go to sleep at night? Maybe is it a "rogue" patch after all...
"Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
I think that's a little far-fetched, and almost amounts to fear-mongering. At best, it displays ignorance of how modern rail systems work. When the signals fail, the trains simply stop - engineers don't look at a broken signal and say "well, gee, I hope there's nobody in front of me, full speed ahead!" In fact, on most modern equipment the braking is automatic when signals fail. I don't know exactly how modern the system is in Maryland, but at the very least there would be a regulation that all trains come to a halt in the event of signal failure. They certainly would not go speeding around without knowing if there's another train occupying the same block.
Collisions can and do occur even when the signals are working properly - it takes time to stop a speeding train. But assuming positioning is all correct to begin with and everybody's following proper speed limits before the signals go out, there should be no problem stopping a train in time once the signals do fail.
Doh!
Where do you want to glow today?
Please hand in your geek membership card and secret decoder ring. You are no longer welcome here.
Yeah, 'cause Linux could never be compromised in such a way.
I just love the way apologists try to compare the subversion of a single server compromised by a malicious insider via a local exploit to hundreds of thousands of computers infected by a (still spreading) worm that requires no human intervention whatsoever to aid its spread.
Apple meet orange.
This is an ex-parrot!
All that is required is people who know what they're doing.
You expect far too much from humanity my friend.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
I can't say that I don't give a fuck. I've just run out of fuck to give.
Naaah. You are thinking of the warning that comes with Java(tm)
meh.
New Meaning to Blue Screen of Death
Had to be said.
Sometimes that's not enough. At my university, the departmental firewall did just fine in blocking the virus, until somebody got their Windows laptop infected at home and brought it to work, behind the firewall. Once again proving that great network security can be easily defeated by poor physical security.
Hard on the outside, soft & crunchy in the middle? The safety monitoring computer for a power system should be accessible only by floppy disk through a terminal in a locked room with pressure sensitive floors, a sound monitor, body heat detectors *AND* laser trip wires on all the ventilation grates. (The floppy disk should be run through a demagnitizer before and after each use.)
-a
I checked my Solaris, AIX and Linux machines and couldnt find any worms or virus. Where is everyone find these things?
People get paid to polish rods? Don't I feel like a sucker for doing it for free.
According to Windows Update, Microsoft renamed "the MS-Blaster worm" to "The Blaster worm".
Now that is pretty lame behaviour from Microsoft, don't you think. And it really shows us why they really do not give us real input on what's going on while you boot that windows xp. They just renamed every error to "Windows is now starting up..."
Filling the room with concrete after unplugging the machine adds another reasonably secure layer.
Is there a Springfield in Ohio?
Simpson promoted
August 10, 2003
Springfield, Ohio
Springfield's own Homer Simpson was promoted to IT manager of Springfield's nuclear power plant today. Simpson promised that his first act would be to remove Unix from all of the power plant's computers. "Whoever heard of Unix anyway? I run Windows at home as do most Springfield residents. If it's good enough for playing games, it's good enough to run our nuclear power plant!", Simpson declared.
I saw a documentary on that once. Apparently that's EXACTLY how the CIA headquarters mainframe at Langley is setup! OH wait, no, that was Mission Impossible. Forget it.
Can we afford dual laptops, one with sanitary protection?
For when the laptop has that not so fresh feeling?
What part of "shall not be infringed" is so hard to understand?
Because a fault-tolerant, real-time system is EXPENSIVE. Plus, they wanted clippy.
"It looks like you are trying to prevent a meltdown!"
ASCII stupid question, get a stupid ANSI
I believe that snippet is from the Java license which is tacked on to the end of the Microsoft license. It may not be there anymore; I haven't read the MS EULA in a while. It says don't use Java for mission-critical apps such as life support equipment in hospitals, nuclear power plants, air traffic control, and so on.
Interstingly enough, back in the day I was running trouble tickets at mitre.org. One of their projects is a thing called CAASD, which will network together air traffic control systems from around the globe. One memorable call was to help some uber-geek who was too much of a coder to figure out how to use Eudora on his Mac... anyway, he was busily typing away, coding some part of this CAASD project...in Java.
How else are you suposed to use the monitoring server as a Quake lan party host?
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Thank goodness there really was no danger! If the monitoring software had crashed while the plant was operational there could have been a serious breach in... wait a minute! Did you say "a 6-inch hole in the plant's reactor head"???
Yeah - the end of the world is near enough. Just give more control of the nuke systems over to windows systems, and behold soon there will be no more windows to worry about. MS Windows:' This world has caused a fatal error. Everything will be terminated'. Press 'OK'.
"Microsoft Worms Crash MD Trains into Ohio Nuke Plant"