Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Knocks Out U.S. Visa Approval System

Posted by timothy on from the tax-funded-monoculture-gets-blight dept.

GillBates0 writes "According to this story and many others, the State Department's electronic system for checking every visa applicant for terrorist or criminal history failed worldwide late Tuesday because of a computer virus, leaving the U.S. government unable to issue visas. The virus crippled the department's Consular Lookout and Support System, known as CLASS, which contains, among others, names of at least 78,000 suspected terrorists. It was unclear which computer virus might have affected the system. But a separate message sent to embassies and consular offices late Tuesday warned that the Welchia virus had been detected in one facility. Welchia is an aggressive infection unleashed last month that exploits a software flaw in recent versions of Microsoft Windows."

14 of 439 comments (clear)

  1. Windows Means Work by akedia · · Score: 5, Insightful

    As much the Slashdot community hates Windows and likes to dump on its flaws, I've realized one thing: Windows means jobs in the IT security sector. As a Network Security technician, my job is, among other things, to make sure the latest threat to Microsoft software doesn't bring down the entire infrastructure in the federal department where I work. At least twice a week, my office has a meeting where we discuss the latest Windows virus or exploit, organize a task force, and then do a system-wide deployment of the fix to some 2000+ clients. I like to think that as long as Microsoft keeps making, er, crappy software, and as long as we still have crackers writing virii and trojans, I don't have to worry about losing my job. If there was some magical "perfect" sofware that never needed fixing (note: there isn't) then we wouldn't need IT security professionals now, would we?

    1. Re:Windows Means Work by Morosoph · · Score: 5, Informative

      Time again to post an article on The Broken Windows fallacy.

      --
      Wikileaks, no DNS
  2. Damn terrorists! by MagerValp · · Score: 5, Funny

    So now even terrorists using a fake name won't be able to get into the US!

    --

    READY.
    #
    1. Re:Damn terrorists! by Dr+Caleb · · Score: 5, Insightful
      Only 78,000 suspected Terrorists?

      I thought the U.S.A. P.A.T.R.I.O.T act made everyone in the US a suspected terrorist. That should read "300,000,000+ suspected terrorists".

      Did you read that article on politechbot.com that they wouldn't let some guy wearing a little button that read "Suspected terrorist" fly on an airplane?

      --
      "History doesn't repeat itself, but it does rhyme." Mark Twain
  3. Oh, *that* VISA.... by KFK+-+Wildcat · · Score: 5, Funny

    And here I was thinking about all the new "Already approved VISA platinum card!" in my inbox...

  4. Shut down on purpose, not failed.... by jdreed1024 · · Score: 5, Interesting

    According to a CNN article, the State Department shut down the network to prevent the spread of the virus. It was down from noon until 9PM on Tuesday. Shutting down a network on purpose is different from having it "fail" due to a virus.

    --
    There is no sig, there is only Zuul.
    1. Re:Shut down on purpose, not failed.... by phillymjs · · Score: 5, Insightful

      Shutting down a network on purpose is different from having it "fail" due to a virus.

      Not by much, since both have the effect of putting a stake through the heart of user productivity for however long it takes to exorcise the virus from all the systems.

      ~Philly

  5. Re:Does the state dept. read /. ??? NO by Eric_Cartman_South_P · · Score: 5, Funny
    You forgot...

    4.) vi is better than e-macs

    5.) In Soviet Russia, you attack Virus!

    6.) People should patch their boxes bec.#J^@ATDT[NO CARRIER]

    7.) Don't use FreeBSD because it's dead/dying.

    8.) Apple is awesome. But I can't afford one.

    9.) Imagine a Beowolf cluster of those!

    10.) Patents, RIAA, Spooks, Windoze, Verisign, Politician, Spalling Checkirs; all bad.

    11.) Ogg, Apple, *nix, RMS, EFF; all good.

    12.) ???

    13.) Profit!

    PS. Mod's, go away. I'm just having fun. Don't put it up or down you fu%#d2DHATDT[NO CARRIER]

  6. My sister works there. by Anonymous Coward · · Score: 5, Informative

    Evidently, the virus was patched/cleaned pretty quickly, and there was no real security risk, as in national security, because when the system is down, they simply do not issue visas. Most places they probably just told people to come back tomorrow.

  7. Re:Does the state dept. read /. ??? NO by Xerithane · · Score: 5, Insightful

    1.) Use a firewall to block unnecessary access from the external network

    They probably do. Then a user VPNs in with an infected machine against policy, or brings a laptop in and plugs it in. This happens at my work, too.

    2.) Patch Windows often

    Define "often", please. It could be once a month, once a quarter. I'm sure they have change control plans.

    3.) Use anti-virus software and update the definitions often

    See above.

    I would have thought that the State Department would at least do these minimums (to keep its systems "safe from evil-doers"), but I guess you can't even expect that much from government work.

    No, it's just that it's easier to assume that you are smarter than them and assume you know their network and systems.

    --
    Dacels Jewelers can't be trusted.
  8. Re:78 THOUSAND suspected terrorists? by ryanvm · · Score: 5, Funny

    How on earth does the government come up with a list of _78,000_ suspected terrorists? This is the type of indiscriminant prejudice that a seige mentality creates.

    Ohp - now it's 78,001.

  9. Re:78 THOUSAND suspected terrorists? by ZoneGray · · Score: 5, Insightful

    >> Instead we spend more on a "war on terror" in a year than has been spent in the entire history of cancer research.

    Not even remotely true, unless you only count the money spent by the federal government. There are billions spent every day on cancer research by companies big and small, dwarfing what is spent chasing terrorists.

    It's like that year at the Oscars when all those wealthy actors stood up and complained that the US doesn't spend enough on the arts.

    Anyway, read the Preamble.... "in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity"

    No mention of curing cancer, or PBS documentaries, or midnight basketball, or time off from work to take your dog to the vet. Those things are all reasonable, but they're not the primary responsibility of government.

    Note, too, the difference in wording: "PROVIDE for the common defense, PROMOTE the general welfare."

  10. Re:Does the state dept. read /. ??? NO by Frater+219 · · Score: 5, Insightful
    No system is immune.

    But systems are not equally buggy. I discuss this here. No design and no development method is perfect. However, it is incontrovertible that some designs and some development methods yield software that fails less often; that fails less severely; and that fails more recoverably. We can inspect systems' behavior and say that for particular purposes, certain software is better than others. We can say this on the basis of technical facts, not merely marketing claims and promises of "support" and "warranty". We can also say it on the basis of historical evidence -- some systems have failed more often and more severely than others.

    A Microsoft Exchange mail server stores users' mail in a binary database, in a proprietary format. A Postfix or Qmail mail server stores users' mail in text files in a simple directory structure. We can make a reasonable (and correct!) prediction that in case of failure, it is easier to recover the content of mail from a Postfix or Qmail system than from Exchange. And, indeed, this is borne out by the experience of administrators: a maildir can get into an inconsistent state, but it's much easier to recover it than to recover an Exchange mail database.

    (Note that I'm not describing frequency of failure, but rather severity. We can also make predictions about the former, of course ....)

    Security holes are, from an engineering standpoint, simply another kind of failure. We can look at design choices such as privilege separation and chrooting -- applications of the Principle of Least Privilege -- and say that some systems will fail worse than others. A program that can't access files outside of /home/myprog cannot scribble on the kernel in /boot/vmlinuz. A Web server that runs as Administrator on Windows 2000 has opportunities to fail worse than a Web server that runs as www-data on Solaris.

    Simply put, there exist objective facts about security design, just as there exist objective facts about, say, civil engineering. Why doesn't the city construct water mains out of balsa wood and bridges out of papier-mache? It simply doesn't work very well. :)

  11. Re:Does the state dept. read /. ??? NO by antiMStroll · · Score: 5, Insightful

    Congratulations, you win the MS/Godwin award for the first spurious comparison between an arcane, difficult OpenSSH exploit requiring manual application on a per-computer basis and detailed expertise, and a Windows plug-it-in-and-watch-it-die automatic worm vulnerability. I knew someone would rush to claim equivalency between such radically different apples and oranges but am surprised it's getting modded inside of a dozen first posts.