Slashdot Mirror
Microsoft Worms Crash Ohio Nuke Plant, MD Trains
stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
...before someone really is killed due to M$'s negligence. Sure, one could argue that they should have applied patches and that it isn't M$'s fault but tell that to the jury. When surviving relatives see the potential for a profitable liability suit they are going to go after the biggest pockets and that is M$.
Funny you should mention the Blackout. The timing DOES seem interesting. I wonder just what functions inside the electric utilities depend on Microsoft Windows. If it's good enough for the nuclear industry, would anyone be surprised if failure of a critical set of Windows systems were responsible for the Blackout?
No. Taken to the extreme, this exploitation could cause the train system to stop. Which is what it did.
Ever since the Victorian era, trains are designed to stop if there's a failure. That's what "fail safe" means, not that it is "safe from failure" but that "when it fails, it is safe".
For a simple example, take a look at the _mechanical_ switching gear on the tracks behind my office. More modern electronic or computerised equipment is exactly the same in terms of how it reacts to failures.
Slashdot monitor for your Mozilla sidebar or Active Desktop.
I was under the impression that Microsoft didnt encourage the use of its products in applications such as these. We are talking about systems that cannot fail - if they do, people could die.
I thought Microsoft had the sense to accually say 'this is not what our product is for - get something custom'. If I worked at Microsoft, the last place I'd want our 'it-does-everything' operationg system doing would be managing the safety systems at a nuclear plant.
Does anyone know if Microsoft accually encourages this type of a deployment - if they dont, what moron decided to use it?
.
Don't forget, had the administrator followed proper MS testing to see if his machines were patched, they still may or may not have been.
There's plenty of blame to go around here boys. Make sure everyone gets some.
when in worked as a contractor at Virginia Power in 1999, all the temps had internet access. So it was just a matter of time before viruses found their way into Source Safe. When I checked out a project, there goes my hard drive. Guess who checked in the infected file? You got it, a member of the HELP DESK SUPPORT TEAM. Three cheers for the idiots. Oh yah, if you are wondering, the plants reactors were made by Westinghouse in the early 70s, so no computer control there. There are so many layers of mgmt to go through to do anything close to throwing a switch. anyways, no firewalls at virginia power. lots of internal lans and servers accessible by anyone too..
Reactor control systems and monitoring systems should be as simple as possible. Problem is analog meters human operators and knobs and rocker switches aren't sexy.
-- $G
I am amazed that the infection of the Halifax Bank ATM machines in the UK -- reported by someone here on Slashdot a few days ago -- did not reach the mainstream press in the UK.
I find it hard to believe that one of the best known banks in the UK has ATM machines that are exposed to the Internet in some way and can get infected by worms. Any UK journalists reading this - I'm sure your readers would be interested to know how insecure the Halifax computer network is.
Why in heavens name are critical systems running consumer-grade software...and worse, why are they connected to the public internet?
And then there are VPNs...fine for offices, but not critical infrastructure - critical systems should be on totally separate, dedicated private networks, period!
Among my biggest fears in regards to computer worms, etc somehow getting into a nuclear weapons system and causing nuclear missiles being launched - in particular nuclear based ICBMs which are less protected; Windows is used on some nuclear subs from what I've read - frightening!
The /. crowd has VASTLY inflated ideas about how secure, reliable, and well-designed the control and monitoring systems are at nuclear plants and other big, dangerous facilties. Insecure computer networks are just the latest version of the old story.
To wit: At the Three Mile Island plant, the control room was a nightmare. Horrible human-factors engineering to save a few bucks. For example, a control knob might be on the opposite side of the room from the meter you'd need to watch to see if you were doing the right thing.
In the most amusing example, the operator console in the center of the room had a forest of absolutely identical black levers crammed together, where it would be a Bad Thing if the wrong one were pulled. To tell them apart, the operators did a bit of machining and installed beer tap handles on them -- e.g., "Michelob" for the water feed pump, "Bud Light" for the steam generator, whatever. Yes, it was that bad. And TMI was not much of an exception.
In another example, there was almost a catastrophic fire at the Browns Ferry plant because the official method of searching for air leaks in some electrical vaults was to hold a candle near the junction and see if the flame flickered. Too bad the insulation was flammable....
Yeah, I think it's terrible too, but doing things the dangerous way to save a few bucks is nothing new.
The infection resulted in a slowdown of major applications, including dispatching and signal systems. As a result, passenger and freight train traffic was halted immediately, including the morning commuter train service in the metropolitan Washington, D.C., area. Contrary to initial reports, the signal system for train operations was not the source of the problem. Rather, the virus disrupted the CSXT telecommunications network upon which certain systems rely, including signal, dispatching and other operating systems.
So what are they using to manage their network? They're using InCharge "Service Assurance Manager".
-
CSX will implement InCharge(TM) Service Assurance Manager and InCharge(TM) Availability Manager to ensure the reliability of its Next Generation Dispatch Network, the core IP-based infrastructure that controls the dispatch and timely operation of 1,700 trains and over 20,000 carloads per day. More than 2,000 routers back this complex CSX network, each with multiple points of connectivity and multiple layers of redundancy.
InCharge IP Availability screenshots make it clear what platform it runs on.Any questions?
What a blanket statement. So it's impossible (or too difficult) to use floating point numbers correctly? You know this... how?
IANAM(athematician), but....
Using floats introduces innacuracy because there is rounding and because of the fundamental limit in accuracy of floats in terms of how many decimal places are represented on a computer. For some applications the number of possible significant digits is unacceptable because it is not accurate enough.
It is fairly common to represent units as integers either by using smaller numbers or by representing a decimal number as integers in the program and using integer math to do all teh calculations. This way you do not lose digits or have unnecessary rounding.
The funny thing is I remember reading about this technique being used in DOOM because for this critical application the innacuracy of floating point was unacceptable and the performance was unacceptably degraded by the floating point processors of the day. Now that we have multiGhz CPUs and more video ram than we know what to do with and deicated video processors I regularly hear about floating point performance being important which to me implies floats are being used in games now.
However I would not be surprosed if programs written for NASA and such where they need billions of decimal places and being off at all means people die or are lost in space forever some pretty sophisticated techniques are required in programs. I think the poster was implying that the calculations for the engine of a Naval ship might need similar treatment. It is certain that the programmers designing the software handling calculations used for the armaments (trajectories of shells and navigation systems for the missiles, etc) would do well to excercise such care. After all, what is more mission critical? DOOM? or a ship with hundreds of people on it in enemy terrirtory?