Worm Attack Prompts DoD To Ban Use of External Media 295
An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."
RIAA..... (Score:1, Interesting)
Sounds like a tactic the RIAA would use.. Find a way to penetrate, and make portable drives look evil. Everyone knows external drives = piracy, so what better way than to get it banned by the Pentagon. Slowly it will be illegal to even make them!
Ohh RIAA, when will you be crushed? What next, banning torrenting at the Pentagon? Sheesh!
Re:Maybe they can use.. (Score:1, Interesting)
As someone who has administered a classified demonstration network for my company, the policy for our lab was that anything attached to the network was approved by the security officer and connected by the approved system administrators. Any removable media with unclassified media was scanned on a dedicated system before being used on the classified system, and even then, only the system administrator was authorized to load the media. Unclassified removable media is not permitted within the secured facility (so leave your iPods, USB drives, etc... in the car). All CD/DVD devices were disabled and only administrators had access to a system where media could be loaded (after all the approval and scanning processes were completed).
Mij
Re:This isn't alarming... (Score:3, Interesting)
Re:Windows.... (Score:3, Interesting)
Re:Auto-infect (Score:3, Interesting)
While I agree with you (I disable it on ALL my systems), just image Joe Bob phoning Blizzard bitching that noting happened when he put the CD in the drive!
But then again, I also believe that banking sites should authenticate to YOUR private key, that credit cards should have rolling pins and that it should be illegal to run windows on anything that handles security or financial information...
While all these ideas seem sane, practical and necessary to me, the average person would become irate when they find out they can't just use the last 4 numbers of their phone number for their windows machine, bank pin, corporate login system and the key to their child's soul!
Re:Not News (Score:4, Interesting)
Intelligence agencies did it to eliminate data paths out of the agency. DoD is doing it to eliminate malware paths into and within the agency.
The V.A. is ahead of DOD (Score:2, Interesting)
Re:They're just ignoring the real problem (Score:5, Interesting)
There's no way you can automatically run code on a Linux computer by inserting a USB flash drive. It's just not possible. Those virus happen only because of Yet Another Windows Design Mistake - autorun.inf files that run executables.
This has been a problem for years. Make a program that deletes all the files in a system. Put it into a CD along with a autorun.inf file. Burn the CD, don't write anything on it, and leave it near the office of someone you hate. At some point the guy will insert the CD just to check what's there. Boom. The virus will run automatically as soon as the CD is inserted.
And there're more posibilities, like making a virus executable have a carpet icon. Since Windows hides extensions by default, people will double click the virus because they will think it's a carpet.
These things can't happen in Linux (well, not really true, they can happen thanks to the shitty .desktop files that get "interpreted" by file managers even if they don't have execution +x permissions)
Bingo! (Score:3, Interesting)
Get real. Security all comes down to the person who's task it is to implement it.
Years ago, I was on a DoD facility where scheduling was being done on a UNIX box. Everyone there used the console for their work, everyone used the root account to do their work, and the password was written in on the first page of the book marked "Procedures" that was beside the console.
Re:It's not intuitive how to disable AutoRun (Score:3, Interesting)
And then, after disabling Autorun, iTunes whines at you about it.
Re:This isn't alarming... (Score:5, Interesting)
Why is everything in Windows managed by tools that do not come with the default installation?
I can perfectly manage a Linux installation without 3rd party or "optional" tools found on some website. Windows requires X tools that provide basic functionality on their site, and not default on the CD.
I hate that.
Re:This isn't alarming... (Score:2, Interesting)
They should be using Sun Ray's. . . (Score:1, Interesting)
Many DoD installations use Sun Ray's, a server-based computing solution. Although the desktop unit has USB ports, policy can be set on the server about who can use what types of USB devices. Mass storage devices can be disabled altogether, if desired, and there's nothing the user can do to override that.
Sounds like the Pentagon should have a look at an installation, maybe JICPAC. Combined with Trusted Solaris, it's about the most secure environment you can come up with. You can't even copy/paste between apps running in different zones.
But even using Sun Rays with linux servers would be a huge leap.