Slashdot Mirror
Boeing Hit By WannaCry Virus, Fears It Could Cripple Some Jet Production (seattletimes.com)
An anonymous reader quotes a report from The Seattle Times: Boeing was hit Wednesday by the WannaCry computer virus, raising fears within the company that it could cripple some vital airplane production equipment. Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out an alarming memo calling for "All hands on deck." "It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down," VanderWel wrote, adding that he's concerned the virus will hit equipment used in functional tests of airplanes ready to roll out and potentially "spread to airplane software." Indicating widespread alarm within the company at the potential impact, VanderWel said the attack required "a battery-like response," a reference to the 787 in-flight battery fires in 2013 that grounded the world's fleet of Dreamliners and led to an extraordinary three-month-long engineering effort to find a fix.
No sir. It is not a computer virus.
It is -once again, a Microsoft Windows virus.
Call things by their names.
Thanks again, NSA! Glad you had our backs...
Hey you business types who moan about not enough time to test updates and that it takes away from software projects that will generate income?
Pay attention.
[John]
Shit better not happen!
Microsoft to sell computer games about flying.
Use a real OS that has real security for real work.
Domestic spying is now "Benign Information Gathering"
This is why my back-up drives aren't connected to my computer 24-7. When I finish backing up stuff, I disconnect the drive(s).
Come on people, you gotta be smarter than this by now.
Probably still running Windows XP or Windows 7...at least those gave diagnostic codes when they failed.
No. But they do use it on manufacturing equipment now. I was there when they got hit with the Code Red virus. Fortunately, in 2001 they were running Solaris, HP-UX and Linux on the shop floor. When management came running out in a panic about possible effects on production, we told them, "No problem. We don't run Windows."
Management's response was, "Why aren't we running Windows?" I guess now they'll find out.
Have gnu, will travel.
No sir. It is not a computer virus.
It is -once again, a Microsoft Windows virus.
Call things by their names.
Boeing got hit by Wanna Cry
Would that make their planes Wanna Fall Down From The Sky ??
I bet wannacry will never hit an Antanov.
Yeah. But Boeing will never have to run down to Radio Shack to test vacuum tubes.
Have gnu, will travel.
In what universe is an entire national medical system not the "wrong person?" If there was any way of getting at ransomware scammers, we would have deployed it by now.
https://www.telegraph.co.uk/ne...
I can't believe they removed the F8 safe mode function from Windows 10. Now you need to be in Windows to tell it to reboot in safe mode. Good job there. What if your install is fucked and won't boot?
Only the State obtains its revenue by coercion. - Murray Rothbard
Use the productive time to look up what to replace Windows with.
Domestic spying is now "Benign Information Gathering"
Windows was the OS that low cost workers could understand.
Supporting Windows was to be cheaper as everyone can use Windows.
A really powerful firewall would always protect Windows.
Windows would have the easy to use GUI software aircraft workers crave.
Domestic spying is now "Benign Information Gathering"
I'm very interested to hear what Boeing vice president Phil Musser has to say about this event given his reported comment just 2 days ago in response to the closure of the Russian consulate in Seattle 'that the company has “rigorous IT and security protocols.”'.
I think if they hit organized crime, even by accident, that might be the "wrong person"
davecb@spamcop.net
Organized crime reach into normal society is pretty overrated. Seriously... I dare them toaksj alkj;a kalwwwwwwwwwwwwwwwwwwww
Irony: Agile development has too much intertia to be abandoned now.
Its a sad fact that many niche apps like CAD and so on are written for Windows. Yes you can get a CAD program for Linux but it has to meet the requirements and *nix OSs have lagged far behind in applications which have efficient workflow the features needed for many situations. Linux is fine if you need a word processor but when you get into large, specialized technical apps falls behind.
Believe it or not, you can get a command and file compatible alternative to AutoCAD on Linux now called BricsCAD. Haven't tried it on Linux, but have on OSX and Windows.
applications which have efficient workflow the features needed for many situations
Interesting. Because it was the 'efficient workflow features' that we had to build on UNIX systems at Boeing which were simply unavailable on Windows systems. CATIA started out running on UNIX (AIX and Solaris at Boeing) and was finally ported to Windows NT when the Microsoft fanbois cried hard enough. The backend 'workflow management' was never ported to a Windows platform during my time there. We just couldn't buy enough NT servers that would handle the load a Sun system could handle.
Data integrity was (and still appears to be) a problem for Windows systems. We had a requirement to keep people from modifying datasets not a part of their scheduled workflow. The NT folks could never figure out how to implement that. And more than a decade later, this is fundamentally what the WannaCry virus does. Windows just isn't ready for enterprise use yet.
Have gnu, will travel.
Have gnu, will travel.
Boeing used to be one of the world's most competent corporations.
Then they merged with McDonnellDouglas. They absorbed the McD defense products, and then the morons in the board room replaced a bunch of Boeing's old management structures with the McD people. The McD teams used to outsource more stuff, whereas the old Boeing people used to do stuff more in-house. This came to a head with the 787 program which ended up over budget and behind schedule in large part because Boeing, which used to do everything inhouse, was under the new management oursourcing parts all over the planet and bringing the parts into the Boeing facilities for final assy - a tactic the McD guys were used to but the boeing people and systems were not. The results were entirely predictable to anybody without an MBA degree.
The idea that the new & reckless Boeing management was running their internal systems on the super-crappy Windows operating system is both predictable and sad. These clowns should not be trusted with national security projects - they probably store all their stuff unencrypted in the cloud and run their Windows machines unpatched and without antivirus protections and hardware firewalls.
This is the company that has been charging billions of dollars per year for nearly a decade to convert a shuttle external tank into a 1st stage booster - which they MIGHT be able to fly manned 20 years after the design started. Incidentally, the SLS design was specifically chosen to re-use shuttle heritage hardware, including engines and engine plumbing stripped directly from working orbiters, in order to accellerate development time and save money [sigh]. While Musk at SpaceX has been moving to re-usable rockets, Boeing is actually regressing to throwing away expensive reusable shuttle engines on each SLS launch!
Same company that has been studying blended-wing-body airframes for 20+ years without builing a single manned example. The old Boeing could design a readically new aircraft and get a test article onto a flight line in MONTHS.
This virus incident is just the most-recent evidence that the federal government was completely incompetent when they allowed Boeing to absorb North American aviation, Rockwell International's aerospace division, Bell helicopter, McDonnellDouglas (itself a merger of McDonnell Aircraft, Douglas Aircraft, Convair and Consolidated) and others. Huge bloated incompetent defense contractors lose all interest in being efficient and competent as they become hooked on cost-plus government contracts combined with lack of competition resulting from the absorption of most or all competitors.
Linux was *NOT* the only alternative. Not even the most secure alternative. Just the most actively developed.
Other alternatives are the various BSDs. They existed then and were stable then. I'm not really sure about the differences between them, or whether they are more significant than the differences between the various Linux distros.
I think we've pushed this "anyone can grow up to be president" thing too far.
Since the NHS were admonished for not installing patches which would have prevented Wanacry in May 2017, Boeing really should have patched their systems by now.
What if your install is fucked and won't boot?
After 3 failures to boot to the desktop windows will automatically trigger the startup repair program where among other options you can attempt to boot into various forms of safe mode.
If you for some reason can't get there (i.e. your computer boots to desktop and then somehow cleanly reboots preventing Windows from triggering the startup repair) you can do it manually from the recovery partition, USB or Windows 10 install media, or just go all out brute force and hit the reset button 3 times while the windows logo comes up to trigger 3 boot failures.
As to why they don't do it, that much is obvious. Windows no longer goes through a proper boot process anymore unless you either a) manually reboot using the start menu, or b) install a windows update. After all booting is a big waste of time in the eyes of MS, as is giving the user 3 seconds to hit F8. On my desktop those 3 seconds make up the vast majority of the boot time.
And no shutting down windows and then turning the power on is not a proper reboot anymore. That puts windows into some kind of half state which is how they dramatically cut down the boot time.
Because it was the 'efficient workflow features' that we had to build
So you built something yourself? You and the GP are talking about two different things.
And what OS are they running?
Unless this is a new version of WannaCry, they probably aren't running XP. It ran fine on Win7 but did not get onto any of our (less common) XP systems.
If we had avoided "up"grading to shinier operating systems, would we have entirely missed out on the fun last may?
I'll see your Constitution and raise you a Queen.
One of these days this virus is going to hit the wrong person and the authors are all going to wind up dead.
They did. One of the groups hit by the attack last spring was the FSB. They used to employ Vladimir Putin when they went by the name KGB. I can't think of a worse target.
Or perhaps they are now "under new management" after the old management all stopped having functioning nervous systems!
I'll see your Constitution and raise you a Queen.
Antonov is Ukrainian FYI.
And given the sorry state of their aircraft production (the overwhelming majority of An-148s was built in Russia, not in the Ukraine) the only Antonov computers that could get hit by WannaCry would be the laptop of the managing director and the workstation of his typist.
"It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
Unlike so many the succumb to ransomware, I expect that Boeing had good defenses - practices and systems - in place to defend against ransomware and intrusion. It's possible or even probable that they had the best systems in place
Ransomware has been my biggest security fear for the last couple of years and defending against ransomware and the possibility of infection has been my biggest spend as well as time-sink for the past couple of years. The idea of a department or the entire company being infected scares the shit out of me.
I'd very much like to know exactly which systems Boeing had implemented. I'd like to know which systems failed so dramatically.
What happened to the "kill switch"? Was it removed or something? I thought WannaCry was a non-issue now because of that.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Organized mobsters use the same hospitals as everyone else...
First thing that comes to mind; the multiple layers of backups and images needed to assure recovery from these events. In a dynamic manufacturing environment, I would want stackable images, possibly hourly delta backups, maybe even run things in VMs with on-and off-line redundancy. I would be diving my VMware rep insane with demands to port the images into KVM or virtualbox, and always at the lowest possible version to permit restoration despite underlying OS or environmental changes... Data separation to avoid losing it all in a half hour.
Then and only then would I go back to fretting over the network security team and all the layers of intrusion detection and prevention.
And a lab full of honeypots to try and identify the vermin before they find the real cheese. Because if I had Boeing as a client or employer, I would know I work for one of the most coveted targets on Earth. Not just script kiddies, but jerks, paid criminals, state actors, and competitive industrial spies. Everyone with an Android phone or a RasPi. Everyone. Even Facebook.
And I would probably be redesigning the data assurance system yearly, just to keep refining it with the latest options.
Intel certainly deals with this. They are an information company, and losing tools due to these threats should be unacceptable. Not merely airgap security for production tooling, but for all company IP. No other way. Seems like Boeing had a hole. Darn.
deleting the extra space after periods so i can stay relevant, yeah.
Not justono culture as much as a nation that has gotten lazy on.security. Boeing, like many large companies, only think bottom line and do not think about long-term issues.
I prefer the "u" in honour as it seems to be missing these days.
So you built something yourself?
Of course. Business rules have to be set up and workflows have to be defined.
Have gnu, will travel.
NSA is not the ones to blame. You can and should blame companies for no longer taking security serious. Boeing has had ages to update their computers, yet have done nothing. Likewise, even now, they are pouring money into places like Russia to make titanium, and vietnam, China, and India are doing software for Boeing ( India works closely with Russia on military projects ). Boeing and other companies are to blame.
I prefer the "u" in honour as it seems to be missing these days.
No, windows is not on the plane. In this case, it is manufacturing equipment that was hit.
I prefer the "u" in honour as it seems to be missing these days.
We had a story when I worked there: A CS consultant was giving an embedded systems class to a bunch of Boeing engineers. He started the first day off by asking, "If you were on a Boeing plane taking off and you suddenly realized that your group was responsible for the avionics software, how many of you would be concerned?" Everyone raised their hands except for one lady sitting in the front row. So the instructor asked her why she wasn't worried. "If my department wrote the software, the plane wouldn't even taxi, let alone take off."
Have gnu, will travel.
You guys have me all nostalgic about running Unigraphics on an HP-UX system.
However, I thought the data integrity requirements you mention were largely resolved by Teamcenter.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
No different than any Fortune 100/500 company, such as Intel, GE, Ford, any national bank, any number of organizations. 'Locking them down' doesn't bring them to a standstill. As if they are not 'locked down' now, for if not, they were pwned a few years ago. Totally.
'Locked down' is dog whistle for "I can't do whatever I want on the company laptop oh noes pimpage". Yeah. It's not even yours. Be happy you've got a job you can do from your mom's basement. My home office has a real window that shows me sunlight and my back lawn, not just the galvanized foundation vent and the spider nest. And a dog. And fresh coffee, Sumatra.
deleting the extra space after periods so i can stay relevant, yeah.
No argument about your second sentence - I have witnessed that myself. Worst country in Europe.
"It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
resolved by Teamcenter
I'm not sure. They were looking at a lot of different products to implement DCAC/MRM when I left. This may have been one of them.
Their problems were that whatever tool suite they tried to implement on top of an NT infrastructure, it was pretty easy to go in 'underneath' the apps and fiddle with the data. And this is probably what leads to stuff like WannaCry. Once one system in a domain is cracked, it seems to be pretty easy to get into pretty much anything else.
Have gnu, will travel.
Business rules have to be set up and workflows have to be defined
Again you and the GP talked about two different things. The GP talked about pre-defined software based workflows to suit the business. You're talking about designing a business workflow then custom making software to suit.
It may sound like splitting hairs, but it will be precisely that hair which fundamentally changes the procurement process. Also many industries in general are overwhelmingly moving to the process described by the GP as they learn that their own defined business workflows are often either not the most efficient, or require so much bespoke software that it costs them a lot of money to maintain that workflow.
I have spent the best part of last year in exactly this kind of discussion. ... *wasted*. I have *wasted* the best part of last year in that kind of discussion. It's amazing that everyone thinks they are special.
I have used BricsCAD on Linux, a few years ago, and it was pretty good then. I would still be using it if my workplace hadn't issued me a Windows 7 laptop with AutoCAD and Revit on it (with the expectation of me working on the train and during weekends).
"Windows just isn't ready for enterprise use yet." reminds me of:
Why Windows NT Server 4.0 continues to exist in the enterprise would be a topic appropriate for an investigative report in the field of psychology or marketing, not an article on information technology. Technically, Windows NT Server 4.0 is no match for any UNIX operating system, not even the non-commercial BSDs or Linux.
http://linux.math.tifr.res.in/...
their own defined business workflows are often either not the most efficient, or require so much bespoke software that it costs them a lot of money to maintain that workflow.
That might work for a plumbing repair business. But I don't think there is an item in the pull down menu to select the "commercial aircraft manufacturing" workflow. And it doesn't really cost that much if you start out with a flexible tool set. Compared to having some consultants from a Windows shop "waste the better part of last year" trying to sell you their canned solution.
The biggest part of any process re-engineering is to sit down with the customer, identify their processes and the inefficiencies therein and only then, propose a solution. And occasionally, after a cleanup, a clipboard and paper solution will work just fine.
Have gnu, will travel.
... I dare them toaksj alkj;a kalwwwwwwwwwwwwwwwwwwww
"Sorry, squire! I scratched the record!"
I'm sick and tired of these hip, "ironic" sigs. This is an actual, honest-to-goodness no-nonsense sig!
You seem very certain.
How is it you know those things are true?
There's no time like the present. Well, the past used to be.