Malware Targets Shortcut Flaw In Windows, SCADA 214
tsu doh nimh writes "Anti-virus researchers have discovered a new strain of malicious software that spreads via USB drives and takes advantage of a previously unknown vulnerability in the way Microsoft Windows handles '.lnk' or shortcut files. Belarus-based VirusBlokAda discovered malware that includes rootkit functionality to hide the malware, and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company. In a further wrinkle, independent researcher Frank Boldewin found that the complexity and stealth of this malware may be due to the fact that it is targeting SCADA systems, or those designed for controlling large, complex and distributed control networks, such as those used at power and manufacturing plants. Meanwhile, Microsoft says it's investigating claims that this malware exploits a new vulnerability in Windows."
Windows for SCADA? WTF?! (Score:4, Insightful)
Seriously, anyone using Windows for SCADA in this day and age has to get their head checked. With the wealth of proprietary and free embedded operating systems available today, the use of Windows in any sort of embedded device should have ended a long time ago.
Re:Windows for SCADA? WTF?! (Score:5, Informative)
SCADA systems do not run in embedded boards but on full fledged computers. I worked in a company that designed a SCADA system long time ago using iRMX as operating system. The problem with Scada systems have always been its costs that increase when you use special operating systems. The trend now is to run Scada systems in windows machines, but the reliability is not the same.
Re:Windows for SCADA? WTF?! (Score:4, Funny)
If the reliability of an embedded system is 1, and the reliability of a Windows system is i, then the modulus of the reliability of the two systems is the same.
Re:Windows for SCADA? WTF?! (Score:5, Funny)
Windows' reliability can only be expressed as an imaginary number?
Thanks, that explains a lot!
Better yet, if you have a 2 independent systems running at the same time mirroring eachother, the odds failure is the odds of both of them failing at the same time.
(1 - i)(1 - i)
Or 1 -2i + i^2
And the reliability is thus
1 - [1 -2i + i^2]
Which is 1 - 2i.
Get a pair of pairs...
1 - 4i^2 = 5.
Four Windows boxes and you've got a reliability of 500%!
Re:Windows for SCADA? WTF?! (Score:4, Funny)
Re: (Score:3, Interesting)
People are moderating above post as funny. In fact, a Microsoft Security Update really did shut down a nuclear reactor. [washingtonpost.com]
Nuclear reactors are vulnerable to shut downs caused by network, malware, and "normal" Microsoft Windows related issues. See: malware shutting down a nuclear reactor, [securityfocus.com] and network trouble shuts down a nuclear reactor. [pcworld.com]
Re: (Score:2)
Re:Windows for SCADA? WTF?! (Score:5, Informative)
Re: (Score:3, Insightful)
Re:Windows for SCADA? WTF?! (Score:5, Informative)
They have an internal process to verify all patches on the systems they support their software on (RHEL, SuSE, Windows Server 2003, 2008, Windows XP and Vista, with Windows 7 certification coming) and ensure they do not break the SCADA servers or clients, and they release this information to their customers relatively quickly (we usually are about one month behind, implementing patches that've been vouched safe within about 30 days of the patch release, but this process is faster for zero-day and other such critical things).
They do not "assume" anything for their customers. However they do strongly encourage air-gap, and frankly so would I. A SCADA system controlling the power grid should never have an Internet connection. It should never need one. If it must have this, you have something seriously wrong with your design.
Furthermore, I would add that recent (within the last two to three years) updates to CIP [wikipedia.org] and NERC [wikipedia.org] compliance specifications actually require patches to be kept up to date, and also require you to full document the fact that you have patched your servers and workstations. If you have not applied a patch, you must have documentation explaining why (this is why our vendor has their patch vouching program, so you have documentation on why they said don't install something). There are very heavy fines for not implementing this, and can even lead to certification revocation, which means you can't do business.
Re: (Score:2)
Go check out the Smart Grid Interoperability Standard over at NIST sometime...
They're doing it all the time.
Re:Windows for SCADA? WTF?! (Score:4, Interesting)
Re: CIP (CIP-007 R3), the standard actually requires
R3. A patch management program
R3.1. Patches be assessed within 30 days
R3.2. Document the implementation (usually interpreted as an implementation plan) and install the patches or mitigate
There is no requirement on the timing of installing the patches in R3.2, only that assessment be completed in 30 days.
As a result, certain utilities are very legally setting the install plan date for 2013. When they get the opportunity to install, they then update the plan the week they install and document the change. In the interim, they put together a document that shows that IDS, AV, Firewalls, or something else similar mitigates the attack.
While crazy in the desktop world, most control systems cannot be updated without shutting down generation plants. Transmission has a slightly easier time of it but not much. Shutting down generation during peak periods such as heat waves or blizzards are a worse choice than patching as long as decent security is in place. Major upgrades such as O/S Service Packs and SCADA/DCS upgrades only have an opportunity maybe once a year during planned maintenance shutdowns. This is true regardless of the OS ('nix, Windows, VMS...)
Yes, certain vendors are very good about updates (Wonderware and similar) and others are very poor. They are all getting better but there is no way I would patch most systema on running coal or gas turbine generation plant. Risks are too high on environment and life safety. A loss of the control system can result in a plant shutdown or scram. A problem control system can put safety at risk because the plant is running and improperly controlling.
More of a problem is the proprietary hardware, especially on DCS systems. While no direct user interface is present, these systems are never patched, run hidden or semi-proprietary OS's. Worst case I know of is a DCS board that allows remote login with a known unpublished ID/password.
At least today, virtually every control system is behind an internal firewall and the majority have a decent firewall configuration. However, the value of communicating out of the control system outweighs the risk. Especially when running 15 power plants in a major utility and the power supply/demand balance on the grid is more important than air-gapping. If air-gapped, high quality frequency control at 60 Hz would be near impossible.
Re:Windows for SCADA? WTF?! (Score:5, Interesting)
We are a central control center though, the HQ for utility company as a whole, not an individual generation plant. So our system setup may indeed be very different from the individual plants we operate, so I can't speak for how the plants manage their DCS control systems directly. Our major SCADA upgrades though are on a yearly basis, unlike OS patches.
I see a few people all replied to my air-gap comment, but I'm lazy and don't need to make three replies!
We do indeed have inter-facility communications all over the place, to all of our various power plants we operate and control, to all our individual substations, all that stuff. However, it's done via private networks. We have our own microwave communications system licensed throughout the state and probably 90% of our communications to our assets is via this. The rest is through dedicated leased lines. We also communicate realtime with the state's central control authority, and that's done via a private frame relay circuit that THEY actually had installed at our facility (along with their equipment) because they actually require this from all utilities under their authority, to communicate to them. They did it right, basically.
Re: (Score:2)
They do not "assume" anything for their customers. However they do strongly encourage air-gap, and frankly so would I. A SCADA system controlling the power grid should never have an Internet connection. It should never need one. If it must have this, you have something seriously wrong with your design.
It's often not a design problem but a constraints problem. Managers want it cheap, and then want it user friendly. This typically means engineers need to be able to get full diagnostic access to the equipment without moving from their desks, and laying a dedicated fibre to each substation is out of the question. More than likely you're going to end up with a system of independent networks, a control network (for control), an information network (for engineers), and a general network (where the engineer's ac
Re: (Score:2)
Re: (Score:2, Funny)
The funny thing is that I work with a lot of GE products.
Sorry to hear that, if I ever catch up to you in the field I will pick up your bar tab.
Re: (Score:2)
Considering the reliability of Windows...I'd probably choose to deploy one of the FOSS HMI systems over the commercial ones.
It doesn't matter if you build a fortress- if you build the same on a foundation of shifting sands.
Re: (Score:2)
Considering the reliability of Windows...I'd probably choose to deploy one of the FOSS HMI systems over the commercial ones.
It doesn't matter if you build a fortress- if you build the same on a foundation of shifting sands.
Can you furnish any links to any decent/competitive FOSS HMIs? Because building a fortress out of mud doesn't appeal to me when I can user armor plating for my fortress. Also I don't think you have a very realistic appreciation of Windows reliability .. (not that I am a fanboi - typing from my Mac) , just that I have worked on lots and lots of commercial systems running windows.
Re: (Score:2)
Yes, there are open-source HMI projects [sourceforge.net] available, but try convincing someone to deploy a life-critical system using one of them.
That's the first time I've seen alpha software with a "This may kill you and everyone around you" warning that was literally true.
It's not a great confidence boost when you're thinking of switching from the commercial solution which I am sure makes plenty of soothing cooing noises about its safety.
Re: (Score:3, Informative)
Re: (Score:2)
eh, Windows Embedded is an embedded OS
the cost of the OS is negligible part of system
Re: (Score:2)
eh, Windows Embedded is an embedded OS
Windows Embedded is a Windows OS, not an embedded OS.
Re:Windows for SCADA? WTF?! (Score:5, Informative)
The server end though is very often a Windows shop. However, forms of *nix are not uncommon at all either and in fact UNIX types used to be the norm for servers in SCADA, but that's been going away for quite a while now. I'd say it's about 50/50 these days between Windows and *nix. Most of the *nix stuff is now AIX or some flavor of Linux (RHEL being the big one). That's on the server side. The actual consoles where the operators sit are about 90% Windows though, if not higher, and that's most likely where you're going to see this virus come into play in the first place because of some stupid user plugging in an infected USB device.
Though a proper SCADA shop should have their SCADA system locked down. We certainly do. All USB ports are secured and thumbdrives are not allowed, and disabled from being attached. An operator that can just walk up and stick a USB drive onto a console is a big, big no-no.
Re: (Score:2, Informative)
I work in support for Wonderware, which unfortunately, is in 33% of production facilities worldwide. It only runs on Windows, then there's iFix, GE's HMI software, Autosol and Standard Automation products running on windows... A GE DCS may run 'nix, but it reports to and is queried by a WinPC. I think it's probably more 75%/25% in favor of Windows for SCADA systems.
Re:Windows for SCADA? WTF?! (Score:5, Insightful)
The actual consoles where the operators sit are about 90% Windows though, if not higher, and that's most likely where you're going to see this virus come into play in the first place because of some stupid user plugging in an infected USB device.
And then the virus rootkits the control console. It can then issue commands to the SCADA systems that appear to be from legitimate operator input.
Back when I worked for Boeing, we fought a loosing battle trying to keep Windows systems off the shop floor. In an ideal world, we would have a secure subnet within the company Intranet behind its own firewall to keep the Windows systems from seeing shop equipment. In the real world, lots of the factory equipment was running Windows. Worse yet, some of the people responsible for loading firmware into avionics used Windows laptops to do so. And then they'd take them home at night where the kids would use them to log on to Facebook, or download kewl stuff from unknown sources.
You can't fire people fast enough to keep Windows out of misson critical areas.
Re:Windows for SCADA? WTF?! (Score:4, Funny)
Ok, I am never flying on a Boeing again. Or any other aircraft. And given that modern computers on cars now use regular ethernet and unsecure protocols (see the papers on successful methods for injecting false commands to the engine and braking systems), I'm going to stay clear of the roads as well. Hell, just get me a Dyson Sphere on some star in some remote galaxy - and a wormhole so I can continue reading Slashdot. Gotta have Slashdot.
Re: (Score:2)
When I worked at NASA, there were certainly nuts on the loose.
Re:Windows for SCADA? WTF?! (Score:4, Informative)
I recently did installation work at one of the largest gas processing plants in Norway.
The control system HMI runs on OpenVMS, the controllers are on a redundant token ring network. (good old coax).
All the control room clients are winxp sp2 with almost no patches. This is required to have the HMI applications work. They also need to be set to 256 colors to get blinking effects (critical in such a system..).
Will the system be replaced with something newer? Not in a few years. Stopping the plant costs 23 million USD per day just in lost sale/production...
Now... have there been problems with these vulnerable machines? Nope. Not ever. Control room personell know not to fuck with the clients and behave... They are running a multimillion dollar plant and fucking up is not something you want to do.... You dont mess with the system.. EVER.
The story describes what I consider an HR issue, not a technical one...
Re: (Score:2)
The vector is the windows machine that is networked (stupidly)
to older non windows boxen that do the SCADA work.
In theory, an attacker could manipulate the SCADA machines
and cause disruption.
Re: (Score:3, Funny)
The vector is the windows machine that is networked (stupidly) to older non windows boxen that do the SCADA work.
In theory, an attacker could manipulate the SCADA machines and cause disruption.
I worked with non-windows SCADA systems. Any windows boxes operated with proprietary software and proprietary communication keys. Without the keys, you have nothing. If any dickwad engineer insisted on windows communications, they deserve exactly what they get and I hope it's a Dell.
Re:Windows for SCADA? WTF?! (Score:5, Informative)
Most of the IT your life in the Western world depends on runs on Windows.
Yes, you are right: it is not suited for the purpose. It says so in the EULA.
Again, you are right: they have higher down times, increased maintenance due to weekly patching to prevent security problems.
Uh-huh, I agree. In my experience supporting such systems, they are indeed slower than a good Unix box, harder to administer because you are constantly manually typing things in as opposed to automating them.
Why are they using them you ask? Because it's all the developers/admins know how to use. They hate using the Unix boxes here at my work, and they keep coming to me to hold their hand doing anything on them. They prefer Windows because everyone has Windows at home or on their desks, and it's a lot easier for my co-workers to understand and use. That's why your quality of life is in the hands of Microsoft.
BTW, my co-workers are currently plotting to do-UNIXify one our major systems. *groan* They point out how expensive the AIX box is, and how unreliable it is. Um, the same guys who maintain the AIX box are going to maintain the Windows boxes, and if you remember, they did a terrible job keeping them up! It's not AIX that's unreliable -- it's the quality of our admins.
Re:Windows for SCADA? WTF?! (Score:4, Insightful)
I agree with the first part of that last sentence, and I suspect that if you asked people, they too would claim that Windows is easier to understand and use....
... But you'd all be wrong.
The plain fact is that Windows is simpler in places where simplicity actually hides essential knowledge. Say what you like about Linux/Unix being harder; the fact of the matter is that it's no harder than it should be. The Windows UI, on the other hand, definitely is simpler than it should be.
Every time someone takes the shortcut and runs a Wizard, the end result is that Microsoft, not the admin/developer, ends up making the majority of technical assumptions, most of which are driven by marketing, rather than actual technical needs.
The problem, in short, is not that Linux/Unix is too hard. The problem is that Windows pretends to be too easy.
Re: (Score:2)
Every time someone takes the shortcut and runs a Wizard, the end result is that Microsoft, not the admin/developer, ends up making the majority of technical assumptions, most of which are driven by marketing, rather than actual technical needs.
For example ?
Re:Windows for SCADA? WTF?! (Score:5, Interesting)
Seriously, anyone using Windows for SCADA in this day and age has to get their head checked.
About 6 years ago I worked as an engineer for a manufacturing company. One day a pop up message appears on my computer. It says something like, "this machine will restart in 30 seconds. Please save all of your work." I saved my work and the machine restarted. A few minutes later, it happened again, and I called IT.
IT comes out, and looks at my machine. They figure it's some sort of virus, but it turned out to be a worm. The Sasser worm [wikipedia.org] to be exact.
Machines start rebooting themselves all over the office, and my boss asks the IT manager if this will effect the assembly line PLCs.
The IT manager gives my boss a very firm, "No!" and goes on to explain how those machines are behind a separate firewall, and can't possibly get the worm.
Just as he is explaining this, the foreman comes in from the plant and says, "Hey! all of those computers out on the assembly line just rebooted themselves!"
Our IT director got very red, and went into the server room and unplugged all of the switches. We were one of the few companies using VOIP at the time, and that meant no phone, fax or internet for the whole building.
Why did we use Windows on the assembly line? I asked that my first day on the job. Corporate determined it was cheaper than running embedded devices.
The company was shut down for a whole day, costing $20,000 per minute in lost revenue. I can't imagine those embedded devices were that much more expensive.
As a side note, our IT Manager developed a heart condition at a very young age, and I quit a year later.
Re:Windows for SCADA? WTF?! (Score:5, Insightful)
What you describe is a massive failure on the part of the IT staff.
Re: (Score:3, Insightful)
Sorry buddy, but you got it wrong. This problem doesn't affect Linux based systems. I can plug my usb stick into my computer and I'm not affected by this. Everyone. EVERYONE using microsoft is affected by this. Its not a matter of proper patching or not. This is another newly discovered flaw. It was discovered because microsoft didn't test their software prior to shipping. No other operating systems are affected by this. Only microsoft. And not just 'whats a patch?' systems, but all of them. This
Re: (Score:3, Insightful)
Why do you presume an embedded system would even have an OS?
That probably had something to do with it. Yes, I'm sure yo
failed to correctly patch windows (Score:3, Insightful)
Bullshit
Re: (Score:3, Insightful)
If they had Linux PCs correctly configured for assembly line work (i.e. only components necessary to that work installed, firewalls on PC as well as network, etc.) how many holes would have been left open by a failure to patch?
How many would have been left open on any other embedded device OS?
Re: (Score:3, Insightful)
True enough as far as it goes. Not properly maintaining any system is a problem. The firewall should have actually prevented the spread.
However, Linux and a number of other OSes (NOT Windows) make it a lot easier to produce a dedicated install with a minimal attack surface (no ports you can't close or services that you can't shut off and uninstall.). The question is why would an industrial control system not be stripped down to essential services. Why was anything there even listening to port 445 or 139?
Re: (Score:2)
Re: (Score:3, Insightful)
Somebody obviously doesn't know what SCADA is used for in this day and age.
Re: (Score:2)
Oh come on, that's easy - it's used for swimming underwater and looking at whales and things. Like Jacques Cousteau. Right?
Re: (Score:2)
Seriously, anyone using Windows for SCADA in this day and age has to get their head checked.
While I couldn't agree more, anyone out there running something other than windows for SCADA.... please give me a list of your vendors. You make it sound like we have a grand choice. At our plant we have vibration monitoring systems where the software runs on windows and directly administers the system, and all of our HV switchgear control software runs on windows. About the only system we could buy now that doesn't run on windows is the vibration monitoring system from B&K which runs on ... SCO... I sh
Re: (Score:2)
Totally useless comment. An attack on a SCADA is a targetted attack. If you are running it on another type of OS, the attacker will simply write it for that OS.
Because all OSes are equally vulnerable to being owned by anyone who plugs a USB key into the hardware.
Re: (Score:3, Funny)
Re: (Score:2)
LNK files (Score:2)
Re: (Score:3, Interesting)
Re:LNK files (Score:5, Informative)
>>>Microsoft has had it's fair share of ideas copied too (Apple copied the popular 'right mouse click'...
Uh. No. I don't know who invented right button clicking first, but I know the Amiga in 1985 had the capability with context menus arriving in OS 2.0 (1989). Ditto the Atari ST. It was not a Microsoft invention.
In fact I honestly can't think of anything MS originally invented. Maybe MS-BASIC back in the distant disco decade (70s) but that's about it.
Re: (Score:2)
Re: (Score:3, Interesting)
No you're wrong. Commodore Amigas had the right button context menus in 1989. In fact when I first experienced Windows 3 in 1992, I found it frustrating specifically because the right button was there, but didn't do anything. I then realized how advanced Amiga OS really was.
Re: (Score:2)
Uh. No. I don't know who invented right button clicking first, but I know the Amiga in 1985 had the capability with context menus arriving in OS 2.0 (1989). Ditto the Atari ST. It was not a Microsoft invention.
So you're saying the "trashcan, finder [ignoring for a second how little like Finder Explorer works], desktop arrangement, and shutdown procedure" didn't exist anywhere except MacOS ?
Re: (Score:3, Interesting)
XMLHttpRequest, for one. You know, the thing that made AJAX work (invented by MS to provide the real-time nature of Outlook Web Access). http://en.wikipedia.org/wiki/XMLHttpRequest [wikipedia.org]
Depending on how pedantic you want to get, MS had precursors of the dock before Apple or NeXT, although I'm not sure they were the first. The Start menu paradigm has been copied by a number of other GUI environments; it's not the first time there was a globally-accessible go-to menu for running programs, but it introduced the conc
Re: (Score:2)
In fact I honestly can't think of anything MS originally invented. Maybe MS-BASIC back in the distant disco decade (70s) but that's about it.
How about this innovative and original MS piece [wordpress.com]?
But in all seriousness though, Photosynth [wikipedia.org] is one amazing piece of software that is a Microsoft original. Kinect aka Project Natal is another awesome piece of technology.
Re: (Score:2)
How about this innovative and original MS piece [wordpress.com]?
Amiga had [wikipedia.org] this also before Windows :)
Kinect aka Project Natal is another awesome piece of technology.
That is yet to be seen - early reports indcate that at least first titles will be very Wii Sports like simple things and not the awesomeness that was shown in trade show pre-rendered videos and untill we see actual live title it will be a glorified Sony Eyetoy.
Re: (Score:3, Informative)
Cool. Let's indulge in some nineties nostalgia with a good old OS war... :-)
When I first laid hands on Win95 I thought to myself, "This feels just like my Quadra Mac."
Yes, it looked much the same, except in Win95 I could format a floppy disk while copying files over the network and typing an email.
Re: (Score:2)
Win95 and Mac both had the same type of multitasking - cooperative. So you could format a floppy, copy files online, and type email on either of them. BUT if one of those tasks crash, it froze the whole OS.
This is false. Windows 95 pre-emptively multitasked exactly the same way Windows 98 (and Me) did.
Re: (Score:2)
P.S. And just for the sake of completion:
1985 - Commodore released the preemptive multitasking Amiga OS 1.0
1993 - Atari ST gained preemptive multitasking with TOS4
i.e. Commodore and Atari, per usual, were years ahead of the competition. It's a shame neither of these American companies exist anymore, since they were the true innovators.
That's what you get... (Score:5, Funny)
...for taking shortcuts.
Re: (Score:2)
The Supernatural episode that on last week was hilarious. The two brothers in the show got trapped in a CSI Miami episode, and they did about 20 of these "And that's what I call..." (shades) "...a deadly outcome."
Realtek (Score:3, Insightful)
and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company.
For very loose values of "legitimate." Realtek is the Yugo of hi-tech.
Re: (Score:2)
I have a few Realtek NICs (8139) that are among the most reliable and simple devices to install.
Maybe I just got lucky, but I have a few PCI Realtek NIC that I've moved from PC to PC doing upgrades and NEVER had a problem with it working on any Operating system I've ever installed.
The damn thing just works, flawlessly. Is that so bad?
Re: (Score:2)
Once upon a time, Realtek's cards made up >80% of all network cards people around here used.
In the times of 10Mbps BNC and early 10baseT, typical prices were like:
* PLANET's NE2000 "compatible": 50zl
* Realtek's 8029: 60zl
* 3Com's 3c5x9: 700zl (yeah, it's not a typo -- over an order of magnitude more)
The latter two were damn reliable, while junk cards worked only on a good day, hardly ever managed to talk to cards made by other manufacturers, worked or not based on the room they were in, and even when by
They make the motherboard chips as well (Score:2)
It's only after every single motherboard started to include on-board networking that Realtek stopped being relevant.
Not sure if you realize it or not, but 90%+ of all motherboard onboard NICs, are made by Realtek.
Don't believe me? Check your lspci / Device Manager.
Re:Realtek (Score:5, Interesting)
The 8139 is one of the shittiest NICs ever created. It personifies the Realtek ethos of bottom-of-the-barrel, "get it to sort-of work and ship it" engineering. The fact that it works on "any operating system you've ever installed" is a testament not to the virtues of Realtek, but the skill and dedication of a few people who undertook the monumental task of creating drivers. Don't get me wrong, I'm glad I have $5 surround sound on my motherboard, but I still wouldn't piss on Realtek to put out a fire.
http://fxr.watson.org/fxr/source/pci/if_rl.c [watson.org]
Re: (Score:2)
You realize that was written in the 1990s, right?
Re:Realtek (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
The Crab's stuff is better than it used to be. Their NICs are pretty good quality; not quite up to Intel standard, but good for what you pay. Sound is merely OK quality, but reliable.
Windows users are capable of using shortcuts? (Score:2, Funny)
I thought they would barely manage to point and click, and the keyboard were a mistery to them, just like the whole UI is designed to train them to behave... :/ But th
I doubt more than 5% of the (l)users actually know what a shortcut is, considering how they are intentionally hidden away as deep as possible, or even completely removed.
(I’m not hating Windows specifically. “modern” [aka. “dumbed down beyond being usable”] KDE/Gnome and OSX UIs often are not much better nowadays.
Re: (Score:2)
I doubt more than 5% of the (l)users actually know what a shortcut is, considering how they are intentionally hidden away as deep as possible, or even completely removed.
Yeah, that's right, the start menu and desktop are intentionally hidden away or completely removed. The screen just shows a pretty picture, which does nothing when you click on it.
Re: (Score:2)
Wow. You did manage the single two things left. ^^
How about the shortcut to:
- lock the system
- search a file
- run something
- browse the file system
- show the desktop
- switch between the task bar, the desktop and your application
- print just the window
- all the Alt-something shortcuts for the menus
- close a document
- close a application
- etc
they all exist. They all make work faster. How many do you think the average user knows? Hm? One?
And how about
- the directory structure of the file system browser resembl
Re: (Score:2)
That was a very nice rant, which had dick all to do with windows shortcuts. Unfortunately, you seem to have confused keyboard shortcuts with file shortcuts (also known as "links"), while simultaneously bitching about every other way that every OS in existence has apparently failed to please you. Boo fucking hoo.
On the other hand, you DO sound amazingly like one of those crazy talk-show hosts, such as Bill O'Reilley or Keith Olbermann. Do you have your own TV or YouTube show? I'd love to subscribe.
Re: (Score:2)
And hey, OSX actually presents this "simplicity" (actually lack of freedom) as a bullet point in the feature list.
That's right folks - when it's easy, it's because THE MAN is keeping you down. The truly free know that every breathe is a struggle, and they're THANKFUL for it.
Re: (Score:2)
<rimshot>
Solution (Score:5, Funny)
It;s a concern. (Score:2)
Power stations (including nuke ones) use SCADA for control systems. Not the kind of stuff you really want to be infected with malware. Sure, the odds of anything really nasty happening is slim (it does happen though - the main Japanese nuke power station has accidentally vented radioactive material into the air in the not-too-distant past). The most likely event is a shutdown, followed by a blackout of a region. If there's a cascading effect, it might even take out a whole State until they reload the comput
Re: (Score:3, Interesting)
The reason they're "expensive" is because of the efforts to try to ensure secure and reliable operation in the face of attackers. Don't be laying the blame at the feet of the OSes- lay it at the feet of the cheap people that sought to maximize profits while ignoring the risks involved with the choices they were making.
Re: (Score:3, Interesting)
Oy! Dark Elves aren't supposed to make sensible comments.
Anyways, the way secure OS kernels are generally written is to move the critical functions into a "security kernel". Only that security kernel needs to be proven correct. Flaws in the rest of the OS cannot cause vulnerabilities. Well, in theory. But once that security kernel is written, then the expensive part of the development is done. It's proven complete and correct, so you should almost never have to touch the security kernel again. That componen
And how... (Score:4, Insightful)
Besides that, why code an interface specifically for Siemens SCADA? One question you'd have to ask is, does that system have marketshare for the control systems of any specific type of thing, or is it generally just popular in industrial automation? I can't find anything specific online, besides advertising writeups about factory control.
Re: (Score:3, Interesting)
Besides that, why code an interface specifically for Siemens SCADA?
Because 1) it has a large market share, 2) it may have been the first brand that the virus writers managed to reverse engineer. Stay tuned for versions that work with Allen Bradley and others.
SCADA systems have traditionally been highly proprietary, depending on obfuscation for security. Some of the newer systems have learned fom the open source movement. "You may have our protocols, even our source. But you'll get nowhere without the key." But they don't have major market share yet, And that's not the way
Re: (Score:2)
Realtek has factories in China, and chinese "spies" would certainly be able to prochure whatever they needed from Chinese factories if I've understood the situation correctly.
If you prefer a car analogy (Score:2)
Default SQL username and password in HMI (Score:5, Informative)
So looking at some of the linked info it appears that this is targeting a Siemens SIMATIC WinCC Database. It appears that the database uses a hardcoded username and password combination that end users are told not to change. I found some forum postings from people who made the mistake of changing the password only to have the software fail.
Server=.\WinCC;uid=WinCCConnect;pwd=2WSXcder (+1 for what appears to be a reasonably random looking password, -1 for being short, -1 for not including symbols, -100 for hardcoding it into the app and forcing all users to have the same exploitable entry point into their embedded database that this worm can use to read and inject code into the database)
https://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&Language=en&PageIndex=2 [siemens.com]
Product being targeted:
http://www.automation.siemens.com/w2/automation-technology-distributed-control-system-simatic-pcs-7-1075.htm [siemens.com]
Seems pretty clear that this was a targeted attack. (Launched by Competitor, former employee, etc)
Re:Default SQL username and password in HMI (Score:4, Funny)
I'm assuming that this product is of the "Well, it sucks ass; but at least it was incredibly expensive..." school of enterprise software design?
Re: (Score:2)
Server=.\WinCC;uid=WinCCConnect;pwd=2WSXcder (+1 for what appears to be a reasonably random looking password
Only random looking. Glance down at your keyboard as you type in that password.
Re: (Score:2)
I was all 'yeah, it can happen to any Windows system...' until I read about this hardcoded shit password, they had it coming! It has probably been leaked to a competitor by some anonymous employee who was ignored too many times when pointing out security issues..
Separated systems (Score:2)
I used to work for a SCADA company our practice was to try to encourage (and was usually successful) to get the customer to cut the ties between the outside network and SCADA control system. Most system designs would often include an extra box with an extra link for an operator to access corporate email, internet, etc
That wouldn't preclude someone slapping something on a USB and taking it over..but why?
Re: (Score:3, Funny)
Funny, when I have people complaining about their audio on their computers I direct them to download the Realtek drivers to solve it.
Comment removed (Score:4, Insightful)
Re:Interesting (Score:5, Insightful)
Are you brain damaged?
USB drives are the new floppies. If the OS cannot handle them in a secure way the OS is the problem.
Re: (Score:3, Insightful)
*cough*
Portable media should never be considered "secure". FFS, just think about the corporations that have distributed malware, intentionally or unintentionally, via their CD's and/or DVD's. From time to time, a story comes out about malware being distributed at the various conventions. Yeah, it's a joke, mostly, because the techies at the conventions SHOULD be savvy enough to watch for that crap. Still, the malware gets distributed, and it runs on any number of machines, before the techies get wise to
Re:Interesting (Score:5, Insightful)
Portable media should never be considered "secure".
Correct, and that is why "autorun" functions that are active by default are a bad idea. But convenience over security is typical for certain OS vendors, especially those from Redmond ;-)
The only instance when stuff from portable media is automatically executed should be at boot time, if the medium is selected as boot drive in the BIOS (or whatever your system uses in place of the BIOS).
Re:Interesting (Score:4, Funny)
Re: (Score:2)
My computer seems to have two options for audio: either a driver from WU that works only in stereo (I have 4.1 speakers) or being forced to taskkill audiodg a few times a week. It restarts automatically, but it's annoying, especially because there's no warning that it broke (I suppose if there was, it would auto-restart). Some apps just stop playing sound, but others will actually hang (Skype, Google Talk, I'm looking at you...) and appear to be frozen until it is reset.
Re: (Score:2)
Re:Interesting (Score:5, Funny)
Re: (Score:2)
Higher end devices have much smaller drivers as the hardware has on-board PostScript processing, for example. The computer hands over PS instructions and says "Ok printer, parse that." You won't get that with your desktop InkJet; The price you pay is 80MB
Re: (Score:2)