Microsoft Worms Crash Ohio Nuke Plant, MD Trains 817
stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
It's only a matter of time... (Score:5, Interesting)
Blackout? (Score:2, Interesting)
Re:The network administrators... (Score:2, Interesting)
Our state's computer systems are only now recovering from that worm. These are boxes with career sysadmins. Keeping them secure is their job. WHY AREN'T THEY FIRED?
Speaking of the Blackout (Score:5, Interesting)
Fail Safe (Score:5, Interesting)
No. Taken to the extreme, this exploitation could cause the train system to stop. Which is what it did.
Ever since the Victorian era, trains are designed to stop if there's a failure. That's what "fail safe" means, not that it is "safe from failure" but that "when it fails, it is safe".
For a simple example [fraser.name], take a look at the _mechanical_ switching gear on the tracks behind my office. More modern electronic or computerised equipment is exactly the same in terms of how it reacts to failures.
Re:The network administrators... (Score:5, Interesting)
I thought Microsoft had the sense to accually say 'this is not what our product is for - get something custom'. If I worked at Microsoft, the last place I'd want our 'it-does-everything' operationg system doing would be managing the safety systems at a nuclear plant.
Does anyone know if Microsoft accually encourages this type of a deployment - if they dont, what moron decided to use it?
Bugtraq had a similar thread... (Score:3, Interesting)
Re:The network administrators... (Score:3, Interesting)
There's plenty of blame to go around here boys. Make sure everyone gets some.
Firewalls at Davis-Besse? Try radiation-walls! (Score:2, Interesting)
Why would you expect people who can't keep holes from forming in their reactor vessel [ucsusa.org] to plug holes in their firewall?
One of my my first thoughts after my lights went out (well, not really first) was "I wonder if that worm had anything to do with this." But at the time I doubted that they ran power plants on Windows so it seemed like a very idle thought -- until I found out that the problem started with FirstEnergy, that they owned Davis-Besse, and that they had already had problems because of Slammer! That got me really scared and mad at the people who are running our important systems.
SSH tunnels on the local network? (Score:3, Interesting)
With Blaster, spyware, etc. that seems to be spreading, I've wondered about using SSH only on a machine. Everything has to tunnel through the SSH connection (web, email, X11, etc.) using SSH port forwarding. That way, every machine on the local network would only accept SSH traffic. Any worm that gets installed and runs would try infecting other machines behind the firewall, only to find that those machines won't listen to the worm. Would something like this work?
P.S. Obviously, using this in a Windows environment would be difficult. Maybe this would be another good justification for migrating to a *nix platform.
Same thing in VA (Score:3, Interesting)
Re:What I don't get (Score:3, Interesting)
Safe = not sexy. (Score:4, Interesting)
Halifax ATM machines (Score:4, Interesting)
I am amazed that the infection of the Halifax Bank ATM machines in the UK -- reported by someone here on Slashdot a few days ago -- did not reach the mainstream press in the UK.
I find it hard to believe that one of the best known banks in the UK has ATM machines that are exposed to the Internet in some way and can get infected by worms. Any UK journalists reading this - I'm sure your readers would be interested to know how insecure the Halifax computer network is.
In other news: M$ protects itself Linux (Score:2, Interesting)
Disclaimer time? (Score:1, Interesting)
Something about how you shouldn't use Java for mission-critical things like, say, nuclear power plants. *snicker*
Not to bash Java or Sun or anyone; indeed, I find it applaudable that they point that out. But I wonder if such a clause shouldn't be attached to all Microsoft software as well?
If there's an argument against nuclear power, Microsoft is feeding the opposition. Come on, safety systems disabled because of their shoddy products?
Re:The network administrators... (Score:2, Interesting)
Re:The network administrators... (Score:3, Interesting)
firewall did just fine in blocking the virus, until somebody got their Windows laptop infected at home and brought it to work, behind the firewall.
I think this is the repeated Story of My Life in corporate IT the past couple of weeks.
The variant in our case was that the laptop dialed||VPN'd in.
There's going to be some serious rethinking about security policies because of this.
[Yes, the patches for the vulnerability were out there several weeks before the exploit, but no one trusts MS patches to not break something else, not unless they've been thoroughly tested in the local corporate setup, hence the delay in proper patching, hence the epidemic.]
Gotta re-evaluate several issues:
- Can't trust users to be sanitary.
- Can we afford dual laptops, one with sanitary protection?
- Can trust exploits will keep coming.
- Can trust MS to release patches, but of variable quality on variable schedule.
- Can trust local testing and deployment will cost us bucks.
Make a note to bring this list to the table next round of MS License negotiation, to the next budget request for IT, and to create heavy cluestick with which to whack users.It doesn't even require that (Score:3, Interesting)
As it turns out, this was essentially what happened in this case (it got in through a contractor's T1 line; how the contractor's office was infected isn't known, but I'm willing to bet that the contractor has machines directly connected to the internet).
NEXT: Accidental Nuclear ICBM Missile Launch...? (Score:5, Interesting)
And then there are VPNs...fine for offices, but not critical infrastructure - critical systems should be on totally separate, dedicated private networks, period!
Among my biggest fears in regards to computer worms, etc somehow getting into a nuclear weapons system and causing nuclear missiles being launched - in particular nuclear based ICBMs which are less protected; Windows is used on some nuclear subs from what I've read - frightening!
Re:What I don't get (Score:3, Interesting)
Control systems have *always* been awful (Score:3, Interesting)
To wit: At the Three Mile Island plant, the control room was a nightmare. Horrible human-factors engineering to save a few bucks. For example, a control knob might be on the opposite side of the room from the meter you'd need to watch to see if you were doing the right thing.
In the most amusing example, the operator console in the center of the room had a forest of absolutely identical black levers crammed together, where it would be a Bad Thing if the wrong one were pulled. To tell them apart, the operators did a bit of machining and installed beer tap handles on them -- e.g., "Michelob" for the water feed pump, "Bud Light" for the steam generator, whatever. Yes, it was that bad. And TMI was not much of an exception.
In another example, there was almost a catastrophic fire at the Browns Ferry plant because the official method of searching for air leaks in some electrical vaults was to hold a candle near the junction and see if the flame flickered. Too bad the insulation was flammable....
Yeah, I think it's terrible too, but doing things the dangerous way to save a few bucks is nothing new.
CSX uses InCharge "service assurance manager" (Score:5, Interesting)
The infection resulted in a slowdown of major applications, including dispatching and signal systems. As a result, passenger and freight train traffic was halted immediately, including the morning commuter train service in the metropolitan Washington, D.C., area. Contrary to initial reports, the signal system for train operations was not the source of the problem. Rather, the virus disrupted the CSXT telecommunications network upon which certain systems rely, including signal, dispatching and other operating systems.
So what are they using to manage their network? They're using InCharge "Service Assurance Manager" [trainorders.com].
-
CSX will implement InCharge(TM) Service Assurance Manager and InCharge(TM) Availability Manager to ensure the reliability of its Next Generation Dispatch Network, the core IP-based infrastructure that controls the dispatch and timely operation of 1,700 trains and over 20,000 carloads per day. More than 2,000 routers back this complex CSX network, each with multiple points of connectivity and multiple layers of redundancy.
InCharge IP Availability screenshots [smarts.com] make it clear what platform it runs on.Any questions?
Re:The network administrators... (Score:3, Interesting)
One of the things we learned is that the computer that actually controls the rods is run on DOS. They are required by the NRC (Nuclear Regulatory Committee) to run a very specific program to manipulate and monitor the rods that is only to be run on Dos. The program is internet capable and supports dumb terminals. This is how they instructed us before we went into the control room (in a classroom elsewhere in the building).
On some other notes, if the machines fail, the control rods fall automatically. They are held up buy the computer (well, by motors and/or electromagnets controlled by the computer). If they stop receiving signal form the computer, gravity naturally pulls the rods back down. They also have 2 additional COMPLETE systems ready to be plugged in at any moment if the primary system crashes. At this reactor, you can actually watch the reaction in the pool from above (contrary to the movies, the glow is an eerie blue, not yellow or green).
-Ab
/. response is anti-MS, but why not anti-nuke? (Score:1, Interesting)
I more or less accept that it is *possible* to generate nuclear power, and store the waste, 100% safely. But as stories like this illustrate, not everyone is doing it. Not even in the U.S.
(Yes, I know this particular plant was off-line at the time, yada yada, the point still stands.)
I'm going to lose a lot of karma for saying this.. (Score:3, Interesting)
Bill Gates sets the standards for software development at Microsoft. Bill Gates decides what is, and is not, accpetable in the design, coding, and testing phases of Microsoft products. Over a year ago Bill Gates came up with the "trusted computing" fraud.
Microsoft makes much of its income by selling bug fixes for software they shipped knowing it was no damn good. What do you think new release is? Mostly just bug fixs plus new window dressing used to add more bugs. Bill Gates has made his fortune by deliberately selling inferior software.
If I owned a company that sold ladders that have the same failure rate as Windows does, it would have been sued into bankruptcy and I would most likely been put in jail the first time a ladder failure was linked to so much as a broken leg. Yet, Bill Gates is the wealthiest man in the world. Free to continue his crime spree.
The magnitude of the fraud that has been perpetrated by Bill Gates & company is so huge as to constitute a crime against humanity. He has done more damage than all the terrorists who ever attacked the US. It is beyond treason. He should be tried for his crimes. If one person has died as a result of known bugs in Windows then he, and the entire management chain below him should be hung.
The latest attacks on world infratructure facilitated by Windows must be the last. It is time to prosecute the man whose greed and disregard for humanity enabled all of this damage. The accumulated wealth of Bill Gates and Microsoft should be used to compensate the victims of his crimes.
Stonewolf
Re:The network administrators... (Score:3, Interesting)
What is the lessen - no matter how secure you think a computer system is, someone may just find a back door. And if your the person who can't understand why those damn fools that run you rnetwork won't let you plug your machine in, it may be because they can't be sure they just haven't put a big door in a previously secure wall.
Re:Web Myth: WinNT Stops Ship (Score:4, Interesting)
What a blanket statement. So it's impossible (or too difficult) to use floating point numbers correctly? You know this... how?
IANAM(athematician), but....
Using floats introduces innacuracy because there is rounding and because of the fundamental limit in accuracy of floats in terms of how many decimal places are represented on a computer. For some applications the number of possible significant digits is unacceptable because it is not accurate enough.
It is fairly common to represent units as integers either by using smaller numbers or by representing a decimal number as integers in the program and using integer math to do all teh calculations. This way you do not lose digits or have unnecessary rounding.
The funny thing is I remember reading about this technique being used in DOOM because for this critical application the innacuracy of floating point was unacceptable and the performance was unacceptably degraded by the floating point processors of the day. Now that we have multiGhz CPUs and more video ram than we know what to do with and deicated video processors I regularly hear about floating point performance being important which to me implies floats are being used in games now.
However I would not be surprosed if programs written for NASA and such where they need billions of decimal places and being off at all means people die or are lost in space forever some pretty sophisticated techniques are required in programs. I think the poster was implying that the calculations for the engine of a Naval ship might need similar treatment. It is certain that the programmers designing the software handling calculations used for the armaments (trajectories of shells and navigation systems for the missiles, etc) would do well to excercise such care. After all, what is more mission critical? DOOM? or a ship with hundreds of people on it in enemy terrirtory?