Slashdot Mirror
Sasser Worm Takes Down UK's Coastguard
jonman_d writes "The Sasser worm has recently disabled the computer systems of Britain's Coastguard. Naturally, this event raises even more doubts over the reliability of Microsoft software in critical systems. Moreover, it raises questions of responsibility: if the worm writer is caught, can he be held at least partially responsible for any deaths that occured during this outage?"
But here in the U.S., I believe it falls under both 18 USC 1030 and some clause in the Patriot Act.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
As reported on the BBC, this killed their mapping systems, forcing them to revert to the paper maps that they've always used in the past.
No safety critical systems were involved.
Debian: GNU/Linux done the Linux way
Despite the apparent Slash-Spin of this article it should be noted that Microsoft released the patch for this vulnerablity over two weeks ago, per:
MS's Security Bulletin on April 13th (this is a week before Sasser "hit".) Microsoft did their job, but can the UK Coastguard do theirs? Apparently not... It is so easy to point the finger at the provider or some anonymous joe on the Internet, but it is so hard to take responsibilty for your own lack of action. It's the UK Coastguard's job to apply their patches in a timely fashion so that the services they render can be reliably delivered.
It's possible to get these notices emailed to you as soon as they're available. These people should be fired, er wait.. in UK... sacked.
- Mind
Well, who is there to do it ? out coastgaurd (for you non-UK is actually called the RNLI which stands for the Royal National Lifeboat Institution)
You are misinformed; the Coastguard *is* a government agency. The RNLI is a fine charity but nothing to do with this story.
That's not true. The coastguard is an executive agency of the Department for Transport (DfT), whereas the RNLI is a charitable organisation. It is true that a lot of the sea based rescues are performed by RNLI volunteers but a lot of the coastal emergencies are tended by the coastguard itself. Helicopter rescues for example, don't involve the RNLI.
In other words, it is the Government's responsibility to hire competent administrators.
The Coastguard is responsible for coordinating various organizations (RNLI,RAF, RN etc.) in search and rescue operations in the UK. It is a agency of the department of transport. They monitor the emergency broadcast channels for the UK and a large section of the Atlantic ocean and often further a field. Throughout the UK they have a number of rescue teams who often get involved with more than just maritime emergencies. The RNLI as you stated is a charity, staffed almost completely by unpaid volunteers. If a ship at sea needed assistance, HM Coastguard would be contacted and possibly send the nearest RNLI lifeboat to assist.
In the example of the grandparent, you type
apt-get update && apt-get -u upgrade
It tells you exactly what software has updates and offers to install them. It does the rest for you. Should you want to install one at a time because of potential/expected problems with upgrading them, type apt-get install package-name.
It's not tough.
-N
I've nothing to say here...
I really got the impression that the reporter was trying desperately to make this into a dramatic news story whereas the coastguard person was fairly level-headed about it. Even she stated that every employee has a backup laptop that is not connected to the Internet as a contingency plan in just these circumstances. Plus, they can also rely on paper maps if necessary.
Yes, we all know Windows has security holes (just like any other piece of software) and that Microsoft could do a whole lot more to make their software more secure - however, the fact is that using good firewalling and educating users properly is the best way of stopping 99.9% of all known worms and viruses.
Microsoft must take some of the blame but so should the salesmen and IT people for possibly not deploying the right platform in the first place and then, post deployment, not ensuring it's secure.
Gentoo Linux - another day, another USE flag.
Microsoft will send you an update on CD for free. There was a link posted here a while back, or try googling for it.
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
If it's not running, it can't be exploited!
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
I tried that update cd (figured if nothing else it would be useful to take to friends houses who have dialup and need patches). The cd took no less then three months to get to my house! The post mark was like 4 days before I received it so it was in proccessing for 3 months. In that time several news security patches had come out....
If they can't get the CD out in a few days, it's worthless. For instance, sasser? That CD would have been useless... as I still wouldn't have it.
Your not going to trust your military's computer system to enlisted folk, and chances are the officers are not aware of preventive measures. Those who are assign such tasks to contract companies.
I dont speak for all military, but the Army has an entire major command dedicated to nothing but computers. Formed in 99 NETCOM has actully done a fairly good job in keeping things working. As far at threat detection, patch verification, and orders to deploy, NETCOM tends to be on a 72 hour turnaround. Given that the patch was issued April 13, its way ahead of an outbreak like Sasser. Even better, they have the authority to disconnect. The orders to patch go straight to company commanders and sysAdmins who can be repremanded if their unit goes down. Even if they give the task to a contractor, they are still liable Id hate to be the company commander who sees the brigade commander over virus outbreaks. That seems to keep them in line pretty well.
SPC Gruhn
TNOSC-K, Systems Management Branch
1st Signal BDE
"First to Communicate!"
Yesterday at my local Super Stop & Shop grocery store, all 6 of the self-checkout lanes were down, and all of the human checkout lanes were directing people to the service desk, where one poor woman was hand-imprinting who knows how many hundreds of credit card transactions per hour.
Why?
Apparently the system that reads my credit card number around four times a week for the past year has been running unpatched and unfirewalled.
Coool! Thanks, Stop & Shop IT!
No, they should be fired because they didn't keep up with the patches necessary. All software is 'faulty' and requires patches and updates. For as much hue and cry there is for Unix or Open source software, even these systems need patching from time to time, and some of the software used there has had HUGE problems if it wasn't patched.
Sendmail anyone?? BIND??? and wasn't there an Apache Chunk Handling Vulnerabilty a couple of years ago?
Microsoft software is used heavily in the world, but the problem is that for years, no training existed that *focused* on WHY we patch our software..there was no emphasis on patching. Add to that the fact that with the economy being the way it is, companies are doing more work with less people.
No one wants to work 12-14 hours a day; least of all sysadmins. We all have our own lives..families...other obligations too. Yet all too frequently, we're expected to patch and update the servers and desktops, the anti-virus software (don't deploy things without testing them first, of course), ancilliary software and etc. while keeping up with upgrade projects, daily problems, and keeping on top of technological advances as well. Yet, the boss goes home at 5. We're like residents in a med program--overworked, but unlike them, we never get to stop being that way.
In America today you can murder land for private profit. You can leave the corpse for all to see, and nobody calls the c
Well, the reason that a Windows admin is more busy with such stuff is twofold:
- More bugs
- Have to keep fixing things that are not being used at all, but that can't just be uninstalled/disabled.
For example, on my (FreeBSD in this case) Open Source OS based server, I can simply ignore patches for web browsers, mail clients, and generally any gui based program since they are not installed or at least not functioning, and definitely not listenign to the outside world without me havign set it up that way very explicitly.
I do have to watch a very specific shortlist of products that need to be kept uptodate, and I'll get a message on my phone in case a critical bug in one of those products is published in any of the known ways.
Having this shortlist of products (FreeBSD core, openssl, openssh, Apache, PHP) makes it very managable, and in the end I don't have to update things that often.
It would also really help a lot if MS patches didn't break so much and so often. I can remember virtually every case where a FreeBSD patch managed to messup my system over the last 8 years, and the last one goes back to the 3.x era some years ago. It seldom happens, and its in fact so exceptional that I can run the risk of it happening on my production servers. The risk and consequences are waaay smaller then the much more likely breakins that would result if I dont apply the patches.
At any rate, it doesn't take much time, and it is very clear what I have to watch and patch to keep secure. That is one of the main problems with Windows, even when you are a competant admin, you have so many things to watch, and keep discovering new things all the time.
Yes, I do believe that MS can be blamed for that problem. Such a system is not suitable for anything other then connecting to an isolated and trusted local area network. THe fact that windows uses IP for many LAN orriented services makes the problem a lot worse.