Maritime Cybersecurity Firm: 37% of Microsoft Servers On Ships Are Vulnerable

colinneagle writes: A report from maritime cybersecurity firm CyberKeel claims that spot checks at 50 different maritime sites revealed that 37% of the servers running Microsoft were still vulnerable because they had not been patched. But what's most interesting is what happens when hackers can breach security in shipping environments, including one case in which "drug gangs were able to smuggle entire container loads of cocaine through Antwerp, one of Belgium's largest ports, after its hackers breached the port's IT network," said Rear Adm. Marshall Lytle, assistant commandant responsible for USCG Cyber Command.

On the other hand

[OzPeter]

Drug smugglers in Europe managed to deliver 400kg of cocaine to the Aldi supermarket chain in Berlin. So apparently not all drug smugglers are good at moving their contraband.

Aldi supermarket workers find record cocaine stash in banana boxes

Re:On the other hand

[grcumb]

Drug smugglers in Europe managed to deliver 400kg of cocaine to the Aldi supermarket chain in Berlin. So apparently not all drug smugglers are good at moving their contraband.

Aldi supermarket workers find record cocaine stash in banana boxes

'Allo? Polizei? Ve bin finden der... four... five... six... er, FOUR hundred kilos von der cocaine!'

That's Because they're all running

Pirated versions.

yarrr

Re:Running "Microsoft"

[rmdingler]

Drug gangs...

Two words put together by no one ever who sounded authentic.

Re:Running "Microsoft"

[rstanley]

"So this summary doesn't even go into which Microsoft product is vulnerable, ..."

Are you kidding?

They ALL are!!!

37% of webservers, not servers on ships

[Dutch+Gun]

Hopefully that includes timely patch management, since CyberKeel claims 37% of maritime webservers running Microsoft were not patched and thereby "open to remote control risk." Granted, that risk is about hackers taking over websites, but it could certainly turn into a misinformation mess.

Also, I love the picture used for that article - a coast guard cutter in front of a ship burning on the water in the background - as though it's vulnerable Microsoft-based computer suddenly burst into flames and took the ship with it. Danger! Patch your OS or this could happen to you!

Re:Running "Microsoft"

[geekmux]

So this summary doesn't even go into which Microsoft product is vulnerable...

I'm sorry, but can you please identify your location? It seems the rest of us in the known universe are wondering what planet you are from where there is a Microsoft product that somehow isn't vulnerable.

..., and how these vulnerabilities could be potentially exploited.

Given that the latest SMB rehashed vuln affects every version of Windows, I'd say the "exploit" is running Windows.

This level journalism is what causes people to say that Windows NT left a ship marooned.

Given my previous statement regarding vulnerabilities still being discovered, it really wouldn't fucking matter what version of Windows they assumed was hacked.

Obviously

[ArcadeMan]

Those servers are particularly vulnerable to flooding.

Re:Thank Greeks and Microsoft for your iWatches!

[antiperimetaparalogo]

You do realize that these systems are connected to the Internet? The same Internet that everyone else is connected to. The fact that the server is in the middle of the ocean is irrelevant. As is the fact (true enough) that a significant fraction of commercial shipping is run by Greek firms.

I suppose it being in Greek might be an example of security by obscurity, but it's just TCP/IP and the same Microsoft code that everyone else uses.

No, -most- of these systems are not connected to the Internet, not even between them and/or a central ship's system - usually they are just monitor and control systems with very little integration. I don't blame you because the article (and /. summary) was not good to begin with, so relax, everything is under control in sea by us Greeks (hey dude, some fucking Greek pride, don't hate me!)

Servers on Ships?

[styrotech]

Is that like Ruby on Rails?

Re:Underestimate.

[hey!]

37% of wives and girlfriends are likely to cheat on you too. But what you gonna do about it? Dump your cheating girlfriend and just end up with another cheating girlfriend? What's the point of that? So most people just stay with their lousy operating system or girlfriend. Really it is all pointless anyway.

Er... presuming that the cheating is important to you, you have a 100% chance of having a cheating girlfriend if you stay with the current one but only a 37% chance if you switch to a new, randomly chosen girlfriend.

But... if you don't instinctively see that, then I have to conclude that on some level you want abuse from your girlfriend/software vendor. In fact given your track record of past choices it seems likely that your choice will perform worse than chance, although a probably bad new choice remains a better strategy than staying with the devil you know.

If you don't have the confidence in your discretion to improve upon chance, a randomly chosen girlfriend/OS is a reasonable next step. You should try *anything* that meets the obvious superficial criteria (e.g., is biologically female, has companies providing professional support services). In fact studies suggest that while attractiveness makes a huge difference in who people ask out on a date, it has no effect on their satisfaction with that date once it takes place. What we think we want and what will make us happy are often two different things.