Sasser Worm Takes Down UK's Coastguard 733
jonman_d writes "The Sasser worm has recently disabled the computer systems of Britain's Coastguard. Naturally, this event raises even more doubts over the reliability of Microsoft software in critical systems. Moreover, it raises questions of responsibility: if the worm writer is caught, can he be held at least partially responsible for any deaths that occured during this outage?"
If the programmer at Microsoft... (Score:2, Interesting)
Re:He should be (Score:3, Interesting)
Patches (Score:5, Interesting)
But...
Why aren't MS patches single discrete objects? One patch for One vulnerability? That way IMHO clears the problem of a "patch" that comes up, is huge, and attempts to fix ten documented vulnerabilities (but knowing the code used in huge projects, it's possibly many dozen fixes at once).
This kind of fine grained control is what works WELL in debian for example. To update an error in ssh, download it's patch. to update an error in an x library, update that one library. Not bundled in with loads of extra crap
I suspect this is a marketing thing. MS can truthfully say they only had 4 patches in a year, when the patches in linux systems number "in the hundreds", when the reality is far different.
Even MacOS seems to be partway to the debian like approach, where there may be a dozen security updates in a year fixing a small number of vulnerabilities each. It's a consistent line of updates, instead of happening in large steps over which an admin has no control.
Also affected Deutsche Post (Score:3, Interesting)
Due to stricter securities setting (because of Sasser) this was not possible for hours.
Re:He should be (Score:1, Interesting)
Yes virus writer are wrong, wrong, wrong to keep creating this crap BUT ultimate responsibility lies with Microsoft, they allow this to happen by producing third rate crap, avoiding the real issues and putting all their efforts it seems into political manouverings and doggy business practices. They are not fixing the problems, I suggest Bill gets his house in order.
Proximate cause (Score:3, Interesting)
Ok, would that make the virus writer responsible? Again, no. The virus writer just tossed a ball which somebody else picked up.
Who is this somebody else? Microsoft? No, again. Although, Microsoft did pick up the ball, they didn't throw it at the victim's window themselves. They only threw it to the next "player".
That next player would be coast guard management who decided to run their system on Windows instead of the more secure Linux or OpenBSD. Would they be guilty of manslaugher? Again, no. They just tossed the ball to the next player.
The next player would be the sysadmin who failed to run windows update on his known vulnerable system (A windows system is always deemed vulnerable. Thus, "not having heard of" the worm is no defense). And he would be the final player who tossed that ball through the window.
Re:He should be (Score:2, Interesting)
Re:Sasser FUn! (Score:3, Interesting)
What's even worse is the fact that most internet users are still stuck on dialup! According to this recent article [cbsnews.com] at CBS, 3 out of 5 internet users don't have broadband.
The very issue of security patches, their sizes, and the problems for dialup users trying to download them was covered here [securityfocus.com] as well.
Re:Oh, for fuck sake (Score:5, Interesting)
According to Wikipedia [wikipedia.org] Elk Cloner [wikipedia.org] was the first virus to be caught "in the wild" i.e. outside of a research lab. It ran on Apple II systems, more than likely because MS-DOS was barely capable of running programs at the time.
Also, lets keep things in context, Sasser can install and execute itself remotely without any user interaction -- there is a big difference between that and booting from a random floppy disk or logging in as root, downloading, chmod +x virus, and executing
CT scanners at major hospital affected (Score:5, Interesting)
The danish newspaper Ingeniøren [www.ing.dk] reports that the Sasser virus attack affected the danihs hospital, Herlev Sygehus. The hospital had to cancle scheduled CT-scannings because the scanners crashed. Also MR-scanners were affected, though no scannings were canceled.
"We do actually have a firewall, but aparently it hasn't been updated enough" sais radiographer Jan Bovin. "It was the scanners running Windows 2000 and XP that were affected, the MR-scanners running Linux had no problems," he sais.
The original story is here [www.ing.dk] (in danish).
It appears that the consequences of the Microsoft monopoly are getting worse. Are there any linux-run hospitals?
"real" businesses hit too (cf BA) (Score:4, Interesting)
http://tinyurl.com/3h7fb
If I were a Linux vendor I would be all over BA and other victims pitching my stuff.... I know this is a bit wrong but hey Business is business and I am sure I would get these guys attention FAST!
Sasser Frazzed (Score:4, Interesting)
As soon as the last batch of updates were released - starting about half an hour after I read about the updates on
Which is why it's f*cking galling that I checked our server's update history this morning and there are sixteen critical updates still waiting to be loaded, because the IT guys say we don't need them and, y'know, we shouldn't worry about it.
Aaagh!
Re:He should be (Score:2, Interesting)
oh pleeze are you saying Microsoft opened secret ports about which they didn't know? the organization didn't have a security policy that mandated closing unnecessary services or they did not follow the policy (if it's really "unneccessary services" that screwed them up).
until a year ago Linux would ship with a bunch of services running by default, which woudn't usually matter (just remember sendmail's default - open relay). but any reasonable sysadmin (or organization) would either stop those services or block them on the firewall level.
Re:The real question is (Score:4, Interesting)
When your systems are that important, it's madness to run them unsecured. There should be strong firewalls on the networks and virus scanners on every machine. If the virus finds a way in (say a managers laptop) there's no way it should be able to spread. And vulnerable systems (*cough* Windows *cough*) should be kept to a minimum.
I know some folks say if it's behind the firewall it's safe, but as we see again and again, that's rarely the case. It's my policy to ensure *every* machine is updated as required, and the servers and Windows machines run AV software.
Re:Bad Admins (Score:3, Interesting)
Don't have any services running on any ports unless the computer owner has explicitly asked for them.
Here's a question. Suppose I buy a new computer and I want to connect it to the internet over dialup to activate my copy of Windows XP. I now have to hunt around a bunch of menus to turn on the inbuilt firewall before I can do this. Then I have to download some megabytes of patches to make it safe. At a per bit cost that's ridiculous.
That's just not acceptable.
Re:Wrong (Score:3, Interesting)
The idea of the admin being responsible intrigues me. What if they don't have a system administrator? Can one still argue legally that since the average user is not technologically savvy and that they bought a product with the idea that it performed its function (especially in the case that the company claims it is secure), then could they argue that it is not their responsibility to make sure that the internal workings of the system work? I mean, you and I know better, but can an ignorant user rightfully claim that it is the software writer's responsibility to provide the service they paid for, without requiring the end user to pay for experts to monitor their system?
You and I know that is bunk, but I wonder how that would hold up legally...
Delta Airlines (Score:5, Interesting)
Although I think they've denied it in public, Delta Airlines was also brought down over the weekend by this worm. I have a friend who came to Church panting, out of breath because he was late and had to rush. He works at Delta and said he had been there since Saturday patching and cleaning machines. Right after services he was going back.
The system effected was one that calculates passenger and cargo weight so it can be distribuited evenly through out the aircraft. It's one of those systems that's easy to forget. It's not like air traffic control or reservations or something people would consider "critical".
It's scary but ironic that a small forgotten local sub-system can bring down a billion dollar corporation and inconvience tens of thousands of people. It was local to Atlanta, used at the ticket counter and for flights leaving Atlanta but, bring down the hub and the entire operation is effected.
Re:I don't know about Britain... (Score:5, Interesting)
I don't believe that it should be used in such as way, but if it is used to go after the "good" guys, then why not the bad as well?
Lately, it seems, the DMCA is trying to become the all-encompasing way to prosecute anyone who peeks somewhere they "shouldn't." This wouldn't work if someone explicitly opened the virus and it infected the system. However, if the virus sat there and hammered at holes in the software until it wormed its way in, then I don't see why they couldn't use the DMCA against that, as well.
I wasn't really suggesting it so much as putting it out there as a thought open for discussion...
Slow Down the Security Patch Cycle? (Score:3, Interesting)
This case would seem to support the reasons made in the computerworld article about slowing down the security patch release cycle.
Re:He should be (Score:3, Interesting)
Actually, there'd probably be people pointing fingers at everyone else. Was the problem with the gun, or the bullet? Maybe the problem was caused because you didn't keep the gun in proper care. Maybe the gun was old and out of date.
Re:He should be (Score:5, Interesting)
if the gun exploded in someones hand then that would be a result of a defect, and something that is not caused by a malicious user. Slam Microsoft all you want, nothing wrong with that, but realize this specific incident would not have happened with out a malicious user.
The analogy is still wrong.
Say a gun manufacturer manufactures a gun that will work for most people most of the time, and failures only involve reloading, no actual damages. This same gun, through poor engineering, has a weakness in the barrel that can only be affected by a certain type of ammunition. The manufacturer doesn't consider this important because nobody manufactures that type of ammunition, it's worthless ammo.
So someone handcrafts the ammunition that will exploit the flaw, sneaks into your house and loads your gun with it, then escapes without leaving any trace other than the ammo in the gun.
Now the gun blows up in your hand. Who's at fault?
Even stretched to the limits as the analogy is, there's one primary difference between this analogy and the actual topic. For guns there aren't thousands of individuals building ammunition specifically designed to ruin the guns and possibly hurt the people firing them. For computers, there are. If this were to happen for real with a gun manufacturer, the manufacturer would be acquitted of all charges, because he had a reasonable expectation that what became an engineering flaw through exploit would not ever be a problem. Not so with the OS producer. They have a reasonable expectation that their OS will be attacked, and the more market share they have, the more this expectation resembles waiting for the sun to rise, i.e. you *know* it'll happen.
The OS producer must bear some responsibility for it, for the same reason a car manufacturer must bear some responsibility for injuries sustained in a car accident due to safety systems not well-engineered. Even then, we tend to forgive the car manufacturer, because accidents aren't supposed to happen, and there's usually some idiot at fault.
I'm all for pointing at Windows and saying it sucks any day of the week, but I'm not so sanguine to blame microsoft for the script kiddie that wrote the virus. It's grey area, there. And let's not forget that our beloved GPL disclaims all warranties as well...
Re:He should be (Score:4, Interesting)
If someone breaks into my house, I am not suing the person who built my house.
Even if the lock and indeed the whole of the front door is pathetic, has known vulnerabilities and the maker still touts it as secure with the well-known chairman of the company that built the house (door, lock and all) having announced a big push for increased security almost two years ago? How is the buyer of that house supposed to know that his front door is made of a material that looks like steel and feels like steel but offer about as much protection from burglars as Aerogel?
Microsoft claims Windows is secure. It isn't.
Re:He should be (Score:3, Interesting)
Hmmm
How about any unpatched operating system is officially unsuitable for this sort of thing.
Yes blame can and should be placed on MS for the design and security features of their software however a large portion of blame should go to the individuals and organisations that do not regularly update their systems.
As linux takes off in the corporate world I expect there will be an increase in worms targetting that operating system, let's just hope that individuals and organisations learn the lessons and keep the systems patched or the problems will keep occurring regardless of the operating system being used.
On the train (Score:2, Interesting)
Me: phew, almost our entire university network down, just by one stupid virus. Luckily I'm using Linux.
The other guy: What the hell is Linux???
Network security? (Score:3, Interesting)
Shouldn't there be a bit better security in an essential service such as that? Why are people allowed to bring insecure machines in, and plug them into the network? Shouldn't they have 24/7 administration? Shouldn't someone have seen a report about Sasser, and patched their machines? We're not talking about Mom & Pop ISP here, we're talking about a branch of a nations military. Why are people coming in with laptops from home, and being allowed on the same network with an essential infrastructure? Haven't their admins read any books on secure networking? What about firewalls between the essential infrastructure machines, and the compromisable network? The way the story sounds, people take their laptops home, browse the Internet, and come to work and plug in pretty much anywhere. I suppose there's more than one CCSP on staff saying "hey boss, told you so" err, maybe "Sir, remember those security recommendations I made last year? May we implement those now?"
Re:The real question is (Score:2, Interesting)
> the RNLI.
Helicopter rescues quite often involve the RNLI. The RNLI however do not (AFAIK) have any helicopters. Helicopters from the coastguard or RAF frequently cooperate with the RNLI in effecting rescues.
John
monoculture problems (Score:3, Interesting)
But also caused with the massive MS Windows monoculture (cf market dominance).
It's times like this that running 3 O/S's at work for the users desktop helps. But then i get stuffed by patching and trying to find tools that cover all my bases....(or run three tools!).
Re:If the programmer at Microsoft... (Score:3, Interesting)
According to the insurance company, HELL YEAH!
Cooper
--
This truth probably doesn't come as shocking news to any of you,
and if it does then you're stupid and I hate you.
- Everything Can Be Beaten -
Where was the British CG CERT during this? (Score:3, Interesting)
Microsoft has verified that the worm exploits the Local Security Authority Subsystem Service (LSASS) issue that was addressed by the security update released on April 13
I work for the US Army. We knew about this way before the patch came out just by monitoring bugtrack. Less than 72 hours from the bug being confirmed by our service CERT, we firewalled access to this kind of thing. The patch was confirmed for deployment almost 48 hours after the patch became available. If it was not deployed 96 hours after the order, we shut the node down until we can confirm its patched and ready to rejoin the network. The impact of Sasser on our networks? Almost ZERO.
All of our responce is coordinated by the US Army CERT (ACERT). Where did the British Coast Guard equivelent do? Is there such a thing? This is preventable, especially given the time from patch to exploit. Its not like this sprang up overnight. Even then, dont they have a team that monitors this stuff and has authority to order massive disconnet? It seems that MS is not at fault, the British CG CERT failed them here. If they did try to prevent this, what failed them? Anitvirus? Admins who failed to patch? Lack of informing them downrange?
SPC Gruhn
TNOSC-K, Systems Management Branch
1st SIG BDE
"First to Communicate!"
Don't blame the script kiddies (Score:4, Interesting)
It's like placing a coin on a railway track to see what happens to the Queen's face when a train runs over it, and ending up derailing the train
This is an excellent opportunity to sow seeds of change. Open people's minds to the possibility that there might be an alternative to Windows. Ask questions. Did they know there were vulnerabilities? Well, did they not look at the source code? [the what?] The source code -- you know, the human-readable form of the code that can be examined and modified. What scrutiny did you subject the source code to? [but that's a secret!] What -- you bought a locked box that you knew you weren't going to be allowed to look inside, and you didn't get even the tiniest little bit suspicious that somebody might be trying to hide something from you?
Every piece of food you buy is clearly labelled with a list of the ingredients. {this was actually used in an anti-drug propaganda advertisement in the mid-1990s, till some bright spark suggested that surely legal drugs would be properly labelled and the problems caused by not knowing what was in pills and powders were merely a side-effect of prohibition}. The analogy between Microsoft and Tom Lehrer's Old Dope Peddler [aol.com] is a strong one. Give out free samples {educational licence discount}, get people hooked {file format lock-in}, watch the little puppets dance to your tune.
For my part, I have pledged never again to work with Windows, ever. At all. The only repair I will ever again do to a Windows box is to install Linux on it -- barring that, I will simply unplug the power cable, leave it unplugged and consider that an improvement. The time has already come when I would sooner forego a computer altogether than touch Windows.
Microsoft.nl down as well (Score:2, Interesting)
Server Error in '/' Application.
-
Procedure or function TrafficInsert has too many arguments specified.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Procedure or function TrafficInsert has too many arguments specified.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SqlException: Procedure or function TrafficInsert has too many arguments specified.]
System.Data.SqlClient.SqlCommand.ExecuteReader(Co
System.Data.SqlClient.SqlCommand.ExecuteNonQuery(
Microsoft.Nl.Redirect.RedirectHttpHandler.LogTraf
Microsoft.Nl.Redirect.RedirectHttpHandler.Process
System.Web.CallHandlerExecutionStep.System.Web.Ht
System.Web.HttpApplication.ExecuteStep(IExecution
-
Version Information: Microsoft
Examples of how weight/balance causes crashes. (Score:4, Interesting)
Some examples from the British AAIB archives:
12 Jan 1999: Fokker F27-600 crash nr Guernsey. [dft.gov.uk](load moved)
18 Sep 1996 Boeing 737-4Q8, G-BSNW [dft.gov.uk] (Uncommanded roll due to incorrect fuel balance).
18 June 1972 Trident G-ARPI crash after takeoff at Heathrow [dft.gov.uk] (Weight and Balance as a contributory factor).
Re:He should be (Score:2, Interesting)
Too many people get hit with these worms, have their systems fall completely, just to recover, update Windows and carry on as normal. Then, in another year or so, the next major worm comes out and they have to do it all over again.
There's too many people who use 'doze simply because it's "easy" and, probably mostly, "because everyone else is doing it..." I mean, if seeing these virus warnings on the news isn't enough to make people think "hmmm, when's the last *nix/Mac virus I heard about" and maybe actually look into it, I don't know what will work.
Maybe when Bill Gates finally grows the horns and starts talking in toungues [tinet.ie], people will get the hint.
Re:we should be (Score:3, Interesting)
Visuses on Linux - can it be done? (Score:2, Interesting)
Nevertheless some guy wrote this:
My reply to that (unposted) was that it would be very difficult for a worm/virus to propagate under Linux. Specially if all "servers" are switched off. Simply because Linux is the opposite of Windows - there is no homogeneity
With Linux we have:
Any biologist would reinstate that if you have a species which is highly homogeneous (and the analogy here is Windows-XP) it is in great danger of being wiped out to extiction by some common plague (worm/viruses). The thing most people hate about Linux - is what protects it from widespread attack (dependencies,lack of homogeneity)
Linux makes you more security-aware anyway. It endorses/teaches that practice instead of you just setting your (often innefectual) "Windows-Update" on auto. Ok there is no such thing as a 100% secure system, but there is something at least 10x more secure than Windows: Linux
For how much longer are you Window users going to put up with all this?
Re:Safety Critical Systems (Score:3, Interesting)
All the real work is done either by RAF or by volunteer lifeboats which do not get a single penny of government money. Frankly, I find it shamefull and disgusting that a country in the big 8 wich is also an island is incapable of even financing its lifeboat crews.
So frankly, if someone will wipe off the coast guard completely noone will notice. Emergency services have direct lines to the RAF anyway, and most of the lifeboat crewes are listening on the SOS frequencies as well.
personally (Score:2, Interesting)
Its not the fact that MS is any worse than linux software for bugs etc. BUT it is more at risk from virus attack so, all things being equal, the lower risk strategy is to pick Linux or similar in such a mission critical application.
A bit off topic, but a week or so ago there was a reality tv prog showing the coastguard/RNLI (RNLI is our volunteer rescue service for those not in the UK ) and some stupid moronic woman was hogging the rescue and calling channel 'for a laugh' these people should be removed from the gene pool too. ****RANT OVER****
Re:we should be (Score:4, Interesting)
MS should bear the blunt of the blame. For as much revenue that is generated by their products you would expect them to have a better product by investing into it. By no means though is MS the sole bearer of the blame. The organization that chooses to use the OS and the administrators that don't keep up with the OS maintenance also share some of this responsibility.
Re:Sasser FUn! (Score:2, Interesting)
If you know what a port is, then it is just as easy to open a closed one then to close an opened one.
What we need is an on-computer port-monitor service that scans every port on the machine while it is not otherwise busy. It should report to the user any opening of any non-solicited port, and identify the source program that asked for that port to be opened. Of course, the port-monitor should be configurable by the savvy user to skip over ports that the user may want to use.
Just my 2 cents.
Re:we should be (Score:2, Interesting)
no no no...
this isn't microsoft's fault. they aren't purposely trying to create an insecure platform. WHY would a company that wants to make money even consider that? why don't you try building a product the scope of windows, and make sure its 100% airtight?
it also isn't the fault of system admins. despite the grumblings of many /. users, microsoft makes legitimate server software, and using it is not necessarily a bad thing. it has its strengths and weakness just like *nix and linux.
how 'bout we blame the real culprit, THE VIRUS WRITER. you make it seems as if microsoft was paying this pimple-faced kid to make this thing. this guy/gal created this worm of their own volition. it was their CHOICE. to blame MS and sys admins is like giving this person a free pass. place the blame where it belongs--on the malicious little shit who wrote and distributed it. when they sat down to make sasser, they weren't doing it for noble reasons, they were doing it to be dicks.
www.if.se (Score:3, Interesting)
The company is one of Swedens largest insurance companies, it's called "IF" [www.if.se] and I think I'll change to a company that has their shit more in order.