Slashdot Mirror
Microsoft Worms Crash Ohio Nuke Plant, MD Trains
stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
...should be fired. Why was the safety monitoring system on a nuclear power plant exposed, even indirectly, to the internet?
I can't say that I don't give a fuck. I've just run out of fuck to give.
This post could trigger a train of events, leading to NUCULEAR(sic) WAR, and the EXTERMINATION OF THE HUMAN RACE.
Then again, it probably won't.
I live in a giant bucket.
Somebody needs to make a "Clean up virus" that turns the power back on and makes the trains go.
This could be big.
Sig it.
they discovered that 30 square inch hole and the plant was shut down anyways...
CSX decided that train engineers and systems engineers are the same thing. Look how much money they saved...
I think the fault here is with the moron that managed and accepted the software in the first place. One of the first disclaimers all software companies make is that they do not gauruntee that they are suitable for life threatening situations. Who accepted this software? Who speced it? Who supervised their work and ensured that they were competent people to manage this type of work?
It is horrifying that critical systems such as Nuclear (or Nucular as W. says) power plant safety systems have been compromized by rampant known issues with Microsoft Security I believe that it is worse that such critical systems are not better administered. Heads should roll in the IT department. This is also an indicator of how this Nuclear power plant has treated Homeland Security in general. Having such systems exposed to the internet is just plain negligent.
Pfft!
;)
Call me when that train is on a direct head on course with said power plant!
Now that is bad!
...before someone really is killed due to M$'s negligence. Sure, one could argue that they should have applied patches and that it isn't M$'s fault but tell that to the jury. When surviving relatives see the potential for a profitable liability suit they are going to go after the biggest pockets and that is M$.
is why anybody still thinks that Windows is suitable for a production control environment. I can understand the pretty gui for someone's desktop, but (and I'm serious when I ask this) what kind of utter cretin would think to put Windows, or any Microsoft product, in a fucking nuclear power plant, completely un-fucking-protected from this sort of stuff?
It doesn't make sense. Use a Unix/Linux machine, make sure it has only the access level needed from the outside (maybe sshd running, maybe), and keep the thing patched.
Why is this rocket science? Why do people who are building nuke plants and rail lines not know any better?
Sorry for going off on a rant, but damn it, somebody needs to say it.
Do you have ESP?
This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.
Actually, I suspect that someone unwittingly plugged an infected laptop into the network inside of the firewall.
That reactor had been down since February of 2002 due to a 6" hole in the reactor head.
I just submitted the same story, it will probably get rejected, so here's some more links:
The Washington Post is reporting that the Slammer worm crashed the computerized display panel which monitors the most crucial safety indicators (coolant systems, core temperature sensors, and external radiation sensors) at Ohio's Davis-Besse nuclear power plant in January. No serious problems occured, primarily because the plant has been offline for more than 1-1/2 years.
Davis-Besse is run by FirstEnergy, which many people feel may bear much of the responsibility for last weeks power blackout.
1. Worms infect Internet taking control of nuclear power stations and public transport
/. story is about someone inventing 2 million sunblock or we're all going to have a really bad day.
2. Japan announces 30 year program to build intelligent robots
3. New Scientist reports self-healing robots a reality, can survive battle damage
4. Arnold announces "I will go to Sacramento and I will clean house".
All I can say is that I hope the next
John.
There is a good chance that the worm also disabled systems normally used to switch power, or route around surges. Just a thought.
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
... and people will stop using Windows in critical systems where failure can have catastrophic results. The only thing Windows does reliably is fail. Whoever decides to run a nuclear plant's safety monitoring system or a civil rail's monitoring and safety system on a Windows platform should be dragged into the street, shot, burned, pissed on, disemboweled and then hanged.
People are morons.
The heat from below can burn your eyes out
Funny you should mention the Blackout. The timing DOES seem interesting. I wonder just what functions inside the electric utilities depend on Microsoft Windows. If it's good enough for the nuclear industry, would anyone be surprised if failure of a critical set of Windows systems were responsible for the Blackout?
I've seen networks with effective firewalls still just down by worms. Laptops are a very effective way to breach firewalls -- if a laptop user connects at home, or on the road without a firewall, and gets the worm, it is trivial to bring that same computer into work, and start spreading it behind the firewall.
There have already been numerous security and maintenance problems with the David-Besse Nuclear Plant...the plant has come much closer to melting down before this stupid event. See http://www.ohiocitizen.org/campaigns/electric/nucf ront.html.
Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters.
Thats why trains have human engineers and brakes. It's why people should use good judgement and observation. If you approach an intersection, and see that the traffic lights in all directions are green, use your head and stop, because something's wrong. Of course this is impossible, theres a mechanical failsafe that will make all lights blink red if that happened - making a 4 way stop, similar mechanical fallbacks are employed in the railroads. This is all besides the point.
Techies tend to overestimate the role of technology in day to day life. MARC was shut down more because the clerks were having a hard time selling tickets, since they cant do simple math in their heads.
I don't need no instructions to know how to rock!!!!
but the 120 mile crater in Ohio speaks for itself.
Perhaps an accessory system was involved, but rail signalling involves quite proprietary and LOW-SPEED networking (on the order of 30 baud) on TOTALLY private wires.
Rail signalling was gradually developped over the last 150 years, and the earliest remote-control and automatic operations were developped almost 100 years ago.
From the onset, reduntancy and feedback was employed (for example, whenever a switch is automated, a separate sensor arm is attached to the switch points, as to monitor the exact switch position, as opposed as the switch motor actuating arm position), and the technology is extremely conservative (gravity-actuated relays with extremely big coils to pick-up the heavy armatures, contacts made out of special alloys that are guaranteed not to stick in case of arcing - why would they, they are overwhelmingly oversized for the current they carry- and the whole thing is mounted on heavy coil-springs to insure immunity to vibrations).
For compatibility purposes, whenever solid-state components are used, they are absolutely electrically compatible (and opto-isolated) with the older electromechanical relays.
And finally, everything runs on #8 gauge wire and the nominal voltage is 10 volts.
Such an overdesigned system can withstand quite a lot of punishment. So the idea of a worm bringing down signalling is laughable at best.
But if the suits insist on using a paperwork system that is vulnerable to worms, then, such lunacy can explain the outages...
No. Taken to the extreme, this exploitation could cause the train system to stop. Which is what it did.
Ever since the Victorian era, trains are designed to stop if there's a failure. That's what "fail safe" means, not that it is "safe from failure" but that "when it fails, it is safe".
For a simple example, take a look at the _mechanical_ switching gear on the tracks behind my office. More modern electronic or computerised equipment is exactly the same in terms of how it reacts to failures.
Slashdot monitor for your Mozilla sidebar or Active Desktop.
From the submission: "This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked."
As most people who had to fight this worm already know, a firewall doesn't do you a whole lot of good if you have users with laptops who plug in at home, then bring in their infected PCs and plug them into your internal network.
I'm not saying there aren't still ways to prevent the spread of worms, but an internal infection is in no way proof that there's no firewall. In many cases, it's just a clueless PHB who refuses to let the IT department lock down his laptop or install a personal firewall on it.
in an environment like a nuclear power plant, why aren't there firewalls on all clients? i mean, network security in such an installation is about as important as it gets.
it's possible the vulnerability arose through someone accessing internet e-mail. but wall street firms regularly blacklist internet e-mail sites. they do that b/c they're regulated to ensure that proprieties are kept and people aren't defrauded. a nuke though--we're talking more than just dollars and cents here.
it may not be fully the fault of the admins.
ed
I don't care if you're running MS, Linux, or FreeBSD. That damn port should've been firewalled and the software should've been patched. What's scary is imagining what could've happened if someone intentionally tried to hack the power plant. Some terrorist cell could cause a nuclear meltdown without ever setting foot in the US.
-- Political fascism requires a Fuhrer.
That is a silly conclusion to come to. Presumably they're also implying the same about the power grid.
I have first-hand experience with Ontario Hydro's IT nework (now Hydro One's IT network ;) and I gotta say - they have firewalls up the wazoo. And this is the problem. They rely on border security. However, on networks as large as the ones being discussed, border security doesn't cut it. There are too many entry vectors. People reading email, people browsing the web, and oh my god people with laptops - the pain the pain.
So before you go thinking "they aren't even taking precautions that would have saved them! Fire them!" understand that it's *exactly* that attitude which caused the networks to go down in the first place - the common misconception the a firewall is a magic wand that will solve all their ills.
Border security does NOT cut it when you run insecure software on the inside, boys and girls. And you can take that to the bank.
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Most likely the laptop belonging to the guy who drops by every week to make sure the firewall is up and running.
I'd love to see what the Linux community would say if some intravenous drug pump running an embedded version of Linux had a bug that caused it to fail and kill a patient?
They'd probably cry, 'But we already released a fix! They didn't install this patch, and this patch, and this patch, and then recompiled.'
Don't blame the software companies for the "sh*t quality" of their software, as you say--blame the system administrator who didn't install the already-available fixes or patches. That by far is your guilty party right there.
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
Microsoft announced today that they are in talks to use Homer Simpson as a spokes person.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
here. Surprised this hasn't shown up on Slashdot yet.
Carousel is a lie!
Perhaps the silliest quote from the article:
CSXT has confronted increasingly sophisticated computer viruses, like ones that have penetrated some of the most secure sites in the country in recent days.
Sorry, but they're obviously not "some of the most secure sites in the country". If they were, they wouldn't have been penetrated like this. How can I say this? Because my company didn't get penetrated.
I'm afraid of sounding like a broken record here, because if anyone looks at my past posting history they'll see I've said exactly the same thing. However, the fact is we have mission-critical 24/7/365 servers running Windows (as well as Linux) that simply can not be vulnerable. So we secure them, and we protect them, and put in safeguards, and work together as a team if there is a particularly nasty threat out there...and we keep running. Funny, that.
Sod it; plenty of other posters will argue the point about patching, firewalling, etc., and a myriad of rabid MS-bashers will refute and insult. Let my small voice add merely this to the fray -- it doesn't have to be this way, even if you use Windows. All that is required is people who know what they're doing.
Why would you expect people who can't keep holes from forming in their reactor vessel to plug holes in their firewall?
One of my my first thoughts after my lights went out (well, not really first) was "I wonder if that worm had anything to do with this." But at the time I doubted that they ran power plants on Windows so it seemed like a very idle thought -- until I found out that the problem started with FirstEnergy, that they owned Davis-Besse, and that they had already had problems because of Slammer! That got me really scared and mad at the people who are running our important systems.
With Blaster, spyware, etc. that seems to be spreading, I've wondered about using SSH only on a machine. Everything has to tunnel through the SSH connection (web, email, X11, etc.) using SSH port forwarding. That way, every machine on the local network would only accept SSH traffic. Any worm that gets installed and runs would try infecting other machines behind the firewall, only to find that those machines won't listen to the worm. Would something like this work?
P.S. Obviously, using this in a Windows environment would be difficult. Maybe this would be another good justification for migrating to a *nix platform.
Overrated / Underrated : Moderation
What major release has Micro$loth put out there that's made everyone's lives better and easier in the last several years? I can't think of any. These published reports just show what a house of cards the Windoze platform is.
They are assuming the ports were not blocked. Which is crap, I've been to dozens of companies in the past week who are blocking all incoming ports and still got infected by this virus. These companies also had SAV corporate edition which was configured to update the definations via a FTP script, so they were actually getting their definations updated daily rather than the crappy live update which updates about once a week. Granted, they should have patched their systems when the RPC flaw was first exposed, but you shouldn't be so quick to point fingers.
Train control has this luxury. Computer systems onboard airplanes do not... simply turning off jet engines in case of computer failure is not an appealing possibility.
when in worked as a contractor at Virginia Power in 1999, all the temps had internet access. So it was just a matter of time before viruses found their way into Source Safe. When I checked out a project, there goes my hard drive. Guess who checked in the infected file? You got it, a member of the HELP DESK SUPPORT TEAM. Three cheers for the idiots. Oh yah, if you are wondering, the plants reactors were made by Westinghouse in the early 70s, so no computer control there. There are so many layers of mgmt to go through to do anything close to throwing a switch. anyways, no firewalls at virginia power. lots of internal lans and servers accessible by anyone too..
Is a "rouge" patch available at the next Mary Kay party? Is that similar to wearing cucumbers over your eyes when you go to sleep at night? Maybe is it a "rogue" patch after all...
You're not just connecting to your business partners, you're connecting to everyone they've ever connected to.
The Register article says "It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse's corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network that completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread".
I'd never let a client do that. From a business risk management point of view, you *might* allow a direct connection by a vendor, *if* you had a good contract requiring them to keep good security and be responsible for breaches, and *if* you had secured everything sensitive in your internal network. From a theoretical or technical point of view, you should never trust something you don't control.
Monitoring systems are just as safety-critical as control systems. After all, the feedback loop is part of a control system. Imagine an intruder changing the readings to show that reactivity was decreasing, core temperature was dropping, and coolant pressure was so high that relief valves should be opened. You'd have a Three Mile Island rerun. That system should never, NEVER have been exposed even indirectly to the Internet.
But then, Davis-Besse is the plant where someone thought the way to check for an air leak was to poke around with a lit candle near flammable insulation wrapping critical control cables (1975).
In actual practice, that may be what happened. The critical control system network itself should be (have been) inaccessible from the desktop/laptop network (aside from known secure methods, a la ssh) with the appropriate firewalls on *that* network (at a gateway, and maybe on each host/node). I can only wonder if the submitter/commentator meant/implied this when they asked why such ports were not blocked.
"Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
I think that's a little far-fetched, and almost amounts to fear-mongering. At best, it displays ignorance of how modern rail systems work. When the signals fail, the trains simply stop - engineers don't look at a broken signal and say "well, gee, I hope there's nobody in front of me, full speed ahead!" In fact, on most modern equipment the braking is automatic when signals fail. I don't know exactly how modern the system is in Maryland, but at the very least there would be a regulation that all trains come to a halt in the event of signal failure. They certainly would not go speeding around without knowing if there's another train occupying the same block.
Collisions can and do occur even when the signals are working properly - it takes time to stop a speeding train. But assuming positioning is all correct to begin with and everybody's following proper speed limits before the signals go out, there should be no problem stopping a train in time once the signals do fail.
Next thing you know, the Dept. of Homeland Sec. will issue a regulation requiring the use of Palladium or similar tech. on all computers. After all it is for our 'safety.'
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
First of all, this kind of service should never be connected to the public network, or even better, never to a non-dumb terminal.
Secondly, Microsoft CLEARLY spells out that their software is never to be used in this kind of implementation. Most software manufacturers do -- Sun, Apple, and most Linux distros IIRC.
Now, if this is a case of a critical service being overflowed from a remote location simply because it's connected to a public network, that's bad enough. To be running a consumer operating system on those critical services is simply unacceptable and probably worthy of execution. I don't care if the system was offline at the time -- this kind of thing should be definitely ringing warning bells. I hope whatever moron implemented this system gets fired.
From reading the article the services that went down had analog backups, but it's still unacceptable. Don't connect critical services to the fucking Internet.
Doh!
Reactor control systems and monitoring systems should be as simple as possible. Problem is analog meters human operators and knobs and rocker switches aren't sexy.
-- $G
I mean seriously, how do they get away with this crap? Yes, I understand that campaign funding allows MS to sneak in their OS to the military, etc... but to actually put this nightmare in critical systems?
What the hell does it take, MS-inducted Chernobyl to make them realize that such an OS HAS NO PLACE in a nuclear reactor? Or how about NT crashing a critical system in a battleship?
Have we REALLY become so pampered that we need a bloody GUI for every frickin thing we do? I don't advocate running X in linux either, it's stupid.
If there were ever a case for a specialized proprietary system, this would be it. Just do something that does the job, and does it well. No fancy GUI crap, no million-other-f***ing-functions that can cause it to break down. Linux is a bit better than windows because you can trim it to be very specific... so something linux-based could be OK (just not a whole RedHat install, or anything else).
I mean hell, it's security monitoring. You could work this with a few text screens, some big red lights, sirens, maybe a nice voice that says "Red Alert" a-la-startrek or something.
We don't need a windows installation, with a million doodads and AOL messenger stating "You've got Meltdown" for a nuclear reactor. We don't need a GUI. We need something that does the job (well), and is secure. Cut out the extra crap... and with MS there is more and more crap you can't cut out ('nix has source, you can trim all you like, but in-house is still better).
Makes you wonder exactly how many systems like this you are trusting your life too. Wonder if we'll find out tomorrow that the power-outage was caused by a virus.
Let me guess... It is the lazy administrator's fault. Well, when the patch is not easily installed most "windows administrators" -- like my mom who settles down in front of her machine to do the puzzle page each day -- just don't do it. When you don't know that the patch is out there, then how the fuck can you install it? Most computer users do not sit and watch bugtraq all fucking day. I don't read m$ EULAs because I don't use their products, but I am sure they indemnify themselves against their own poorly thoughtout piece of shit software.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
I offered this article about how the Navy/Marine network was brought down by the recent spat of worms the other day but was rejected.
There are a number of other articles our there that give info on this and the reports of other nuke plants being affected on the fateful day last Thursday.
Here is some more information on the vulnerability actually used to crash the train signalling network in Maryland.
I am amazed that the infection of the Halifax Bank ATM machines in the UK -- reported by someone here on Slashdot a few days ago -- did not reach the mainstream press in the UK.
I find it hard to believe that one of the best known banks in the UK has ATM machines that are exposed to the Internet in some way and can get infected by worms. Any UK journalists reading this - I'm sure your readers would be interested to know how insecure the Halifax computer network is.
Cringely made this same mistake the first part of his weekly article http://www.pbs.org/cringely/pulpit/pulpit20030814. html. It's not always the "network" guys that are responsible for system patches and client firewall. Especially not in large companies.
With MS systems it's not just a matter of loading a patch, quite often they break something especially third party apps, fail to fix the problem they claim to fix, or open a new vulnerability.
If a model of car were found to be so defective -- bolts breaking, carbonmonixide in the passenger compartment, split drive shaft when you change gears, works with only one brand of gas, plays only approved radio stations, etc. -- no one would think to blame the user.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The infected systems were 'only' in the higher level of the control hierachy. Control systems in all plants like this (chemical, power etc) are built on multiple levels. You start at level 0, which is pretty much mechanical - safety valves, burst plates, simple thermostats. Those ensure that even if every control layer above that goes haywire and tries to make the plant blow up, you still remain safe.
:)
I discovered the usefulness of this after setting a digital pressure control on a pilot plant wrong - nitrogen vented everywhere (which makes an incredibly loud noise), my supervisor went mad, but nothing broke
Here is a news bite I found thru Tom's Hardware . It talks about Microsoft using a Linux device to protect its domain. Rather interesting...
I checked my Solaris, AIX and Linux machines and couldnt find any worms or virus. Where is everyone find these things?
Keep in mind that Blaster was the only one of these DCOM worms that only exploited the DCOM hole. The newer variants, esp. Nachi, also tried to exploit the even-older IIS WebDAV hole. If the infected boxes were on the Internet and serving Web pages, no amount of firewalling will help.
Patch, patch, patch should be the mantra of every company that runs their business on MS software.
Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
railroad signaling systems being what they are, I'm certain that this could not have caused a collision. Railroad signal systems run on proprietary, failsafe software. Getting trains to bump into each other, in most systems, takes a computer glitch in code, or a specific series of commands to the signal system, plus a human overriding signal indications in the field.
in every signal system i've ever seen (quite a few across the country), the only thing that MS software/OS relates to is supervisory remote control and monitoring. The local signal logic (software or relay based) will not allow for unsafe train movements, even if accidentally commanded to do so, unless very specific conditions are met. Again, an Engineer passing a stop signal, for example, is usually one of the requirements.
According to Windows Update, Microsoft renamed "the MS-Blaster worm" to "The Blaster worm".
Now that is pretty lame behaviour from Microsoft, don't you think. And it really shows us why they really do not give us real input on what's going on while you boot that windows xp. They just renamed every error to "Windows is now starting up..."
And it's not MARC's problem... they only run on CSX's tracks.
Dairy Queen let alone a nuclear plant...
f ront.html
Check out http://www.ohiocitizen.org/campaigns/electric/nuc
All it requires is that someone VPN in with their home machine. You don't need the delay of physically transporting the virus so long as you deliberately open holes in your firewall for people you "trust". (which may keep out script kiddies, but not worms)
As it turns out, this was essentially what happened in this case (it got in through a contractor's T1 line; how the contractor's office was infected isn't known, but I'm willing to bet that the contractor has machines directly connected to the internet).
Who are the retarded idiots that let Microsoft within five miles of nuclear safety equipment? Microsoft's software is not quality controlled to any standard suitable for risking human life, and they even admit that in their EULA (no warranty, no liability).
Healthcare article at Kuro5hin
This will probably get me flamed to no end but think about it..
One life and death critical systems they should use proprietary hardware, OS and software.
Not any version of Windows, not any version of Linux, not Intel, not AMD, but something totally alien. Something that is designed from the ground up to be DIFFERENT and CLOSED that can not communicate with the outside world and the system that the outside world run on.
I'm talking about Air Traffic Control systems, Nuke plant controls, railroad traffic systems, hospitial systems, military systems, power systems, public utilities.
I mean NEW CPU's and a NEW OS and NEW software that is so different and so tightly closed that nothing can communicate with it but other systems of the same design.
With every other little dickweed with a Wally World emachine typing "1337" into google and downloading DIY virus labs, and these same little punks having access to the same networks that all the above mission critical systems communicate on, well, it's a disaster waiting to happen.
And when some script kiddie crashes a 747 full of people from his Wally World emachine on his mommies AOL account, what then? Or the same kiddie opens the floodgates on a dam and kills 200,000 people. Or a million people. Or makes a nuke plant go Chernobyl?
When burglars keep breaking into your safe every week and robbing you blind you would assume that it's time to get a better safe..
Before the world went insane and computerized every friggin thing from toasters to pay toilets to the power grid, this sort of thing was IMPOSSIBLE. Time to fix it folks..
Flame away..
Is there a Springfield in Ohio?
Simpson promoted
August 10, 2003
Springfield, Ohio
Springfield's own Homer Simpson was promoted to IT manager of Springfield's nuclear power plant today. Simpson promised that his first act would be to remove Unix from all of the power plant's computers. "Whoever heard of Unix anyway? I run Windows at home as do most Springfield residents. If it's good enough for playing games, it's good enough to run our nuclear power plant!", Simpson declared.
Do a google search on "navy yorktown microsoft"
h tml
Yes, and find a lot of crap written by people who repeat a web myth. Now as far as people who were on the ship at the time or who actually wrote the software involved we get a different story. WinNT was not at fault. The truth is that a server app corrupted it's data, a client app tried to use that bad data, and the client app failed to control equipment. Can happen with any OS. Add to this the fact that the ship was a test platform not an operational ship and they were trying to break things.
"Others insist that NT was not the culprit. According to Lieutenant Commander Roderick Fraser, who was the chief engineer on board the ship at the time of the incident, the fault was with certain applications that were developed by CAE Electronics in Leesburg, Va. As Harvey McKelvey, former director of navy programs for CAE, admits, "If you want to put a stick in anybody's eye, it should be in ours." But McKelvey adds that the crash would not have happened if the navy had been using a production version of the CAE software, which he asserts has safeguards to prevent the type of failure that occurred."
http://www.sciam.com/1998/1198issue/1198techbus2.
"McKelvey writes that the failure, "was not the result of any system software or design deficiency but rather a decision to allow the ship to manipulate the software to stimulate [sic] machinery casualties for training purposes and the 'tuning' of propulsion machinery operating parameters. In the usual shipboard installation, this capability is not allowed.""
http://catless.ncl.ac.uk/Risks/20.37.html#subj1
Why in heavens name are critical systems running consumer-grade software...and worse, why are they connected to the public internet?
And then there are VPNs...fine for offices, but not critical infrastructure - critical systems should be on totally separate, dedicated private networks, period!
Among my biggest fears in regards to computer worms, etc somehow getting into a nuclear weapons system and causing nuclear missiles being launched - in particular nuclear based ICBMs which are less protected; Windows is used on some nuclear subs from what I've read - frightening!
The worm I got and the reaction I got from the mail administrators was very disturbing. The thing exploded out of Outlook's preview window, spawened multiple porn browsers and did God knows what else. I turned the computer off hard. The IIS people at corporate cenrtal did not believe me, executed to completion the thing by remote control without realizing it, recomended that I simply not use the preview screen and said that they got stuff like that all the time and it was "a normal part of advertising." It made me sick. They thought I was worried about being shit canned for looking at porn and were oblivious to the implications of rooting a desktop that could remote into any other desktop in the company. STUPID FUCKING MICROSOFT CERTIFIED ASSES. Whew, I really was angry and I still am.
My plant's server was also a pain. It was some goofey overpriced Dell "server" that collected information from plant systems and made it available. It failed often and required many late nights for the people in charge of it. There were many such system but the newest one had the most information. It also had the least abiltity to do real damage. For all it's faults, it was an improvement over what was there but was not required for the safe operation of the plant. It could have been done much better had Microsoft not had anything to do with it.
The answer is not to dissconect the "business" network from the plant information systems, it's to fix the network in a fundamental way. First, the network needed to be split into an Engineering section and an Adnministrative section, with Engineers only having partial access to the Administrative network and Administration haveing NO access to plant data systems. Data systems already have NO access to control systems, and this is a good thing. These architectual changes are valid regardless of software used but Microsoft must be eliminated from all of it. From a pure business perspective, having your information available to sabotage is unacceptable and that's what Microsoft's poor security record yields. Free software is superior from a security, and functionality standpoint and is now equal in ease of use. If running Microsoft keeps engineers from viewing plant data, while giving competitors and sabatours full access to such data, the costs of Microsoft is obviouly too high. Seperating engineers from their data, as Security Focus's write up implies, would be a costly mistake. I have every confidence that power plant operators will make the right choice soon.
Hell yes, I'm mad. I just about screemed this at the top of my lungs while I was there and was ignored. When the business comes, I'm more than happy to work for someone getting it done.
Friends don't help friends install M$ junk.
The /. crowd has VASTLY inflated ideas about how secure, reliable, and well-designed the control and monitoring systems are at nuclear plants and other big, dangerous facilties. Insecure computer networks are just the latest version of the old story.
To wit: At the Three Mile Island plant, the control room was a nightmare. Horrible human-factors engineering to save a few bucks. For example, a control knob might be on the opposite side of the room from the meter you'd need to watch to see if you were doing the right thing.
In the most amusing example, the operator console in the center of the room had a forest of absolutely identical black levers crammed together, where it would be a Bad Thing if the wrong one were pulled. To tell them apart, the operators did a bit of machining and installed beer tap handles on them -- e.g., "Michelob" for the water feed pump, "Bud Light" for the steam generator, whatever. Yes, it was that bad. And TMI was not much of an exception.
In another example, there was almost a catastrophic fire at the Browns Ferry plant because the official method of searching for air leaks in some electrical vaults was to hold a candle near the junction and see if the flame flickered. Too bad the insulation was flammable....
Yeah, I think it's terrible too, but doing things the dangerous way to save a few bucks is nothing new.
The infection resulted in a slowdown of major applications, including dispatching and signal systems. As a result, passenger and freight train traffic was halted immediately, including the morning commuter train service in the metropolitan Washington, D.C., area. Contrary to initial reports, the signal system for train operations was not the source of the problem. Rather, the virus disrupted the CSXT telecommunications network upon which certain systems rely, including signal, dispatching and other operating systems.
So what are they using to manage their network? They're using InCharge "Service Assurance Manager".
-
CSX will implement InCharge(TM) Service Assurance Manager and InCharge(TM) Availability Manager to ensure the reliability of its Next Generation Dispatch Network, the core IP-based infrastructure that controls the dispatch and timely operation of 1,700 trains and over 20,000 carloads per day. More than 2,000 routers back this complex CSX network, each with multiple points of connectivity and multiple layers of redundancy.
InCharge IP Availability screenshots make it clear what platform it runs on.Any questions?
Dumbasses at nuclear power plant allow systems to be brought down by a bug microsoft and the IT security industry warned people about weeks ago. Management unaccountable for making their lazy IT employees do their job.
The low-level "reflexes" of reactors - the systems that actually run things minute-to-minute - are certified out the wazoo, and have received scrutiny at a level similar to the software that flies the Shuttle or commercial airliners.
As such, those systems are typically many years out of date relative to current hardware and software - if they were upgraded, they'd have to be recertified, and certification is so expensive that keeping thirty-year-old hardware running is cheaper. There are reactors in the US that are still controlled by PDP-8s (4K of 12-bit core memory, folks).
As others in this thread have said, the system that got hosed at this reactor was a modern status display added well after the reactor was signed off on and running. If it crashes, the operators get harder-to-understand information from the simpler systems in the control room, but the basic safety systems are still in place.
Homer Simpson to the contrary, the people who run nukes aren't completely stupid.
To a Lisp hacker, XML is S-expressions in drag.
We were all lucky the blaster worm really wasn't destructive..
Sure it was annoying, and a DDOS isn't good, but it COULD have been really malicious and MUCH worse...
The ability to run arbitrary code on a server opens up your entire infrastructure. But the moron had machines reboot to announce they were infected.. what was he thinking?
Or was this just a distraction from a much larer and sinister plan?
---- Booth was a patriot ----
For what it's worth, I remember an accident on the D.C. Metro in Bethesda when I was living there, sometime through 94 and 97. I couldn't find anything in my admitedly short search, but essentially it was on a shared part of the track during slightly wet weather. The Metro slammed into the read of a slower freight train, and the only death was the driver. An investigation showed that the train was being controlled remotely. He had radioed in they were travelling too fast, but couldn't stop it. I think he may have warned the travellers to move to rear cars, but he had no door into the cabin for security reasons.
Sudden inspiration to use WashingtonPost.com and not Google
Well, I did a search of WashingtonPost archives for 95-98. It was January 7th of 1996, the tracks were icy, and the control was by a central computer. It kept it at 75mph and when it did brake for the station it slid into a parked train. Other than later articles discussing various probes into whether the possibility of the problem was known and ignored, I can't give much more info. The full text in the archives is only available for a fee, but the relevant facts were in each's first two paragraphs.
I guess my point is even the brakes didn't help, once the train was doing 75mph. Don't assume that human intervention will overcome computer error. a) They can make the errors a lot more quickly than humans can compensate. b) Sometimes we misread the errors.
If interested, archive search. I used Metro, Train, accident, from Jan 96 - Mar 96. If you expand to later dates you will see the followups.
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.
It means no such thing. It is perfectly possible to have machine (such as a laptop) infected on the outside, then brought in and connected to the inter LAN, where it starts infecting machines it can reach.
And sicne when does port 444 have anything to do with it? Once exploited, the victim is running a command shell on port 4444.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Thank goodness there really was no danger! If the monitoring software had crashed while the plant was operational there could have been a serious breach in... wait a minute! Did you say "a 6-inch hole in the plant's reactor head"???
8-bit processors still dominate the CPU market in terms of volume, and very nearly in terms of profitability. They are virtually never used as general-purpose computers anymore, but due to low cost of development, deployment and testing, they are ubiquitous in the control systems industry.
Companies like Atmel and Microchip are constantly devising new and better 8-bit microcontroller chips for this market. A lot of them are available in hardened grades for just these uses. A modern one will often bundle the entire machine onto a single chip, with as much IO and analog interfacing as you could ask for.
Reading the ENTIRE assembly dump of a 32K program is rather simple. A team of a dozen engineers can verify it in a matter of a couple months (I mean formal verification here, like you would do for a truly critical system, not just "give it a look over").
While truly using a BBC micro is a little obsolescant, the ideals that caused them to do so are sound.
Hardware, software, and blinking lights!
Rules of IT:
1) Do not place a vulnerable system on a critical network unless absolutely necessary.
2) When configuring a computer/server, always assume that you are hooking up to a hostile, unfiltered network.
If they'd applied these two rules to their network, routers, servers, etc., this likely wouldn't have happened. These are pretty basic ideas, folks. If you have a Windows box on the same network as a computer controlling nuclear saftey checks, you better have a damn good reason and you better check for patches weekly.
~Dalcius
Rome wasn't burnt in a day.
When will it end?
"Microsoft Worms Crash Ohio Nuke Plant"
Ummm...no, it clearly states in the body: disabled a safety monitoring system for nearly five hours.
100% of the blame for all of this damage rests on Bill Gates.
Bill Gates sets the standards for software development at Microsoft. Bill Gates decides what is, and is not, accpetable in the design, coding, and testing phases of Microsoft products. Over a year ago Bill Gates came up with the "trusted computing" fraud.
Microsoft makes much of its income by selling bug fixes for software they shipped knowing it was no damn good. What do you think new release is? Mostly just bug fixs plus new window dressing used to add more bugs. Bill Gates has made his fortune by deliberately selling inferior software.
If I owned a company that sold ladders that have the same failure rate as Windows does, it would have been sued into bankruptcy and I would most likely been put in jail the first time a ladder failure was linked to so much as a broken leg. Yet, Bill Gates is the wealthiest man in the world. Free to continue his crime spree.
The magnitude of the fraud that has been perpetrated by Bill Gates & company is so huge as to constitute a crime against humanity. He has done more damage than all the terrorists who ever attacked the US. It is beyond treason. He should be tried for his crimes. If one person has died as a result of known bugs in Windows then he, and the entire management chain below him should be hung.
The latest attacks on world infratructure facilitated by Windows must be the last. It is time to prosecute the man whose greed and disregard for humanity enabled all of this damage. The accumulated wealth of Bill Gates and Microsoft should be used to compensate the victims of his crimes.
Stonewolf
Why in the world are critical systems like nuclear saftey systems and railway saftey systems running Microsoft software? That's like playing Russian roulette with 5 bullets in the revolver. I can't wait until the next MS worm makes airplanes start dropping out of the sky.
Anyone see Terminator 3? I bet that worm spread using an MS exploit. That was really Microsoft's central offce they blew up in T2.
I'm an engineer at a safety switch company. We make Temperature and Pressure switches. Yes, the same ones that are used in nuclear power plants. Basically, as a purely mechanical switch, the entire computer systems can shut down and all our switches will do is turn off whatever is on. Or turn on whatever is off. ie: backup systems whatever. These systems are usually not computer controlled, only computer monitored. In essence you've lost all your remote ears to your nuclear power plant. The systems still works, all you need to do is walk around the plant to monitor it instead of sitting your lazy ass browsing eBay.
I think not. In his post he says that
That's the SLAMMER SQL WORM in JANUARY
Not the MSBlaster worm that's been going around for the last week or so. Blocking ports 135 or 139 or 445 would not affect the Slammer worm since it uses the 1433 MS SQL port.
Sig (appended to the end of comments you post, 120 chars)
Yeah - the end of the world is near enough. Just give more control of the nuke systems over to windows systems, and behold soon there will be no more windows to worry about. MS Windows:' This world has caused a fatal error. Everything will be terminated'. Press 'OK'.
You've got to be kidding me.
This can't be true! Please tell me it isn't.
Who the hell uses MS Windows to monitor a _nuclear__power__ plant_?
I would've never thought I'd be so happy to live in germany. At least our nuclear plants have their own, customized real time operating systems watching over what's going on.
Jebus Crickey, I'd suggest you'd get yourself a new set of plants right along with that new powergrid that's due.
We suffer more in our imagination than in reality. - Seneca
"Microsoft Worms Crash MD Trains into Ohio Nuke Plant"