Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malware Targets Shortcut Flaw In Windows, SCADA

timothy posted more than 4 years ago | from the thinking-big dept.

Security 214

tsu doh nimh writes "Anti-virus researchers have discovered a new strain of malicious software that spreads via USB drives and takes advantage of a previously unknown vulnerability in the way Microsoft Windows handles '.lnk' or shortcut files. Belarus-based VirusBlokAda discovered malware that includes rootkit functionality to hide the malware, and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company. In a further wrinkle, independent researcher Frank Boldewin found that the complexity and stealth of this malware may be due to the fact that it is targeting SCADA systems, or those designed for controlling large, complex and distributed control networks, such as those used at power and manufacturing plants. Meanwhile, Microsoft says it's investigating claims that this malware exploits a new vulnerability in Windows."

Sorry! There are no comments related to the filter you selected.

OMG (0)

Anonymous Coward | more than 4 years ago | (#32919538)

This is the end for sure. Goodbye everyone.

Interesting (1, Funny)

Anonymous Coward | more than 4 years ago | (#32919570)

Maybe Realtek has sinister plans other than making crappy drivers?

Re:Interesting (2, Funny)

Jeng (926980) | more than 4 years ago | (#32919704)

Funny, when I have people complaining about their audio on their computers I direct them to download the Realtek drivers to solve it.

Re:Interesting (0)

Anonymous Coward | more than 4 years ago | (#32919820)

The Realtek audio driver includes files with suspicious looking names: SkyTel.exe and vncutil.exe. They could at least name their backdoors better.

Re:Interesting (3, Insightful)

hairyfeet (841228) | more than 4 years ago | (#32919914)

Funny, because I use a reg file on a USB drive called "Audiosrvr" that resets the Windows audio server and fixes the "no sound" problem pretty much every single time. The only one I reinstall drivers on is Vista, but then again I usually tell folks to get off that turkey anyway.

As for TFA, who in the heck is using unsecured USB drives on important systems like that? This seems less like a Windows problem and more like a "stupid admin shouldn't allow USB" problem to me.

Re:Interesting (4, Insightful)

h4rr4r (612664) | more than 4 years ago | (#32920456)

Are you brain damaged?
USB drives are the new floppies. If the OS cannot handle them in a secure way the OS is the problem.

Re:Interesting (1)

cbhacking (979169) | more than 4 years ago | (#32921674)

My computer seems to have two options for audio: either a driver from WU that works only in stereo (I have 4.1 speakers) or being forced to taskkill audiodg a few times a week. It restarts automatically, but it's annoying, especially because there's no warning that it broke (I suppose if there was, it would auto-restart). Some apps just stop playing sound, but others will actually hang (Skype, Google Talk, I'm looking at you...) and appear to be frozen until it is reset.

Re:Interesting (4, Funny)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32919822)

At least, unlike HP and Creative, they have yet to master the art of making crappy drivers larger than entire operating systems of just a few years ago...

Re:Interesting (1)

Mister Whirly (964219) | more than 4 years ago | (#32922088)

Or perhaps Sony was asleep at the switch when this opportunity came up?

sorry... (0)

Anonymous Coward | more than 4 years ago | (#32919578)

Realtek != high-tech

Anti-virus researchers (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32919584)

More like anti-virus scaremongers.

Re:Anti-virus researchers (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32920720)

More like anti-virus scaremongers.

Only because so many people don't want to understand the computers they use and it is easy to make them buy into the fear of what they do not understand, especially when you have the credentials of expertise. On their shallow level the anti-virus people are technically correct. It is their approach that is systemically flawed. They have no interest in removing the suscpetibility to viruses so they continue using technically correct ways to advance the arms race of malware creators vs. anti-virus companies.

It's like the pharmaceutical companies - they have no interest in promoting natural, drug-free remedies even when these are available because they make more money in a nation of sick people. Antivirus companies make more money when over 90% of PCs use a platform that continues to suffer from the same kinds of flaws that plagued it 15 years ago. You do not trust untrustworthy content and that doesn't change whether it's ActiveX, automatically running scripts in remote e-mails, floppy drives of yesteryear, or USB drives of today. How many iterations of the same principle does Microsoft need before they get it? The code that handles such data needs to be some of the most security-hardened code in the system, against both design flaws like deciding to trust remote e-mails and against implementation flaws like buffer overflows.

They don't get it because they don't want to get it. This helps them sell the next version of Windows that promises to be more secure than ever. This helps the anti-virus companies sell the next version of their arms race. You think they're helping you? They're helping themselves to you.

Posted anon to preserve moderations.

Windows for SCADA? WTF?! (3, Insightful)

quanticle (843097) | more than 4 years ago | (#32919602)

Seriously, anyone using Windows for SCADA in this day and age has to get their head checked. With the wealth of proprietary and free embedded operating systems available today, the use of Windows in any sort of embedded device should have ended a long time ago.

Re:Windows for SCADA? WTF?! (5, Informative)

Anonymous Coward | more than 4 years ago | (#32919726)

SCADA systems do not run in embedded boards but on full fledged computers. I worked in a company that designed a SCADA system long time ago using iRMX as operating system. The problem with Scada systems have always been its costs that increase when you use special operating systems. The trend now is to run Scada systems in windows machines, but the reliability is not the same.

Re:Windows for SCADA? WTF?! (3, Funny)

jd (1658) | more than 4 years ago | (#32920138)

If the reliability of an embedded system is 1, and the reliability of a Windows system is i, then the modulus of the reliability of the two systems is the same.

Re:Windows for SCADA? WTF?! (1, Funny)

Anonymous Coward | more than 4 years ago | (#32920652)

If the reliability of an embedded system is 1, and the reliability of a Windows system is i

Windows' reliability can only be expressed as an imaginary number?

Thanks, that explains a lot!

Re:Windows for SCADA? WTF?! (4, Funny)

sexconker (1179573) | more than 4 years ago | (#32921390)

Windows' reliability can only be expressed as an imaginary number?

Thanks, that explains a lot!

Better yet, if you have a 2 independent systems running at the same time mirroring eachother, the odds failure is the odds of both of them failing at the same time.

(1 - i)(1 - i)
Or 1 -2i + i^2
And the reliability is thus
1 - [1 -2i + i^2]

Which is 1 - 2i.

Get a pair of pairs...

1 - 4i^2 = 5.

Four Windows boxes and you've got a reliability of 500%!

Re:Windows for SCADA? WTF?! (0)

Anonymous Coward | more than 4 years ago | (#32921650)

The reliability sucks if you're running Wonderware, the crap has several serious bugs one of which will cause several ethernet drivers to crash. It in essence is a ddos. I grant that the controller should not crash. Almost all of the controllers I'm aware of it effects have been patched. Yet Wonderware has not deemed it necessary to correct this and is still pumping out flawed versions of their software. Even if that were fixed you would still have an unreliable system because while their HMI is very good their communication drivers are barely usable excrement.

http://global.wonderware.com/EN/Pages/default.aspx [wonderware.com]

Re:Windows for SCADA? WTF?! (0)

Anonymous Coward | more than 4 years ago | (#32921880)

The trend now is to run Scada systems in windows machines, but the reliability is not the same.

Do you have anything to support this, because my experience says something else.

Re:Windows for SCADA? WTF?! (4, Informative)

FooAtWFU (699187) | more than 4 years ago | (#32919738)

Embedded device? No, it's the control systems. About 6 years ago I did an internship for a little SCADA company, and wrote something which took their existing customizable form structures (stored in databases, displayed in some Windows form framework that looked almost Win 3.1-ish) and made a version in HTML. The technology looked old even then; I'm sure that there are plenty of Windows control systems sitting around.

Re:Windows for SCADA? WTF?! (0)

Anonymous Coward | more than 4 years ago | (#32920926)

Every automaker in the US uses Robots controlled by SCADA apps on Windows machines. This is standard practice. Take a look at your Ford or Chevy the next time around. Hell, Ford liked Windows so much they made a few cars with Windows OS standard.

Re:Windows for SCADA? WTF?! (3, Insightful)

kb1 (1764484) | more than 4 years ago | (#32919782)

The target here is likely the HMI [ge-ip.com] side of things. Many (most?) of the HMIs are Windows based and often built, installed and then ignored. The implementers routinely expect them to be running inside air-gapped networks, so vulnerability patching is not performed and sometimes even actively discouraged. Yes, there are open-source HMI projects [sourceforge.net] available, but try convincing someone to deploy a life-critical system using one of them.

Re:Windows for SCADA? WTF?! (5, Informative)

Mousit (646085) | more than 4 years ago | (#32919976)

Security and vulnerability assessment used to be this poor, but that has undergone significant changes, particularly in this decade. I can't speak for all vendors, but the one we use has security testing, vulnerability assessment, and full patch updates implemented as a standard part of their maintenance contract with their customers.

They have an internal process to verify all patches on the systems they support their software on (RHEL, SuSE, Windows Server 2003, 2008, Windows XP and Vista, with Windows 7 certification coming) and ensure they do not break the SCADA servers or clients, and they release this information to their customers relatively quickly (we usually are about one month behind, implementing patches that've been vouched safe within about 30 days of the patch release, but this process is faster for zero-day and other such critical things).

They do not "assume" anything for their customers. However they do strongly encourage air-gap, and frankly so would I. A SCADA system controlling the power grid should never have an Internet connection. It should never need one. If it must have this, you have something seriously wrong with your design.

Furthermore, I would add that recent (within the last two to three years) updates to CIP [wikipedia.org] and NERC [wikipedia.org] compliance specifications actually require patches to be kept up to date, and also require you to full document the fact that you have patched your servers and workstations. If you have not applied a patch, you must have documentation explaining why (this is why our vendor has their patch vouching program, so you have documentation on why they said don't install something). There are very heavy fines for not implementing this, and can even lead to certification revocation, which means you can't do business.

Re:Windows for SCADA? WTF?! (1)

Svartalf (2997) | more than 4 years ago | (#32921070)

They do not "assume" anything for their customers. However they do strongly encourage air-gap, and frankly so would I. A SCADA system controlling the power grid should never have an Internet connection. It should never need one. If it must have this, you have something seriously wrong with your design.

Go check out the Smart Grid Interoperability Standard over at NIST sometime...

They're doing it all the time.

Re:Windows for SCADA? WTF?! (4, Interesting)

Anonymous Coward | more than 4 years ago | (#32922036)

Re: CIP (CIP-007 R3), the standard actually requires

R3. A patch management program
R3.1. Patches be assessed within 30 days
R3.2. Document the implementation (usually interpreted as an implementation plan) and install the patches or mitigate

There is no requirement on the timing of installing the patches in R3.2, only that assessment be completed in 30 days.

As a result, certain utilities are very legally setting the install plan date for 2013. When they get the opportunity to install, they then update the plan the week they install and document the change. In the interim, they put together a document that shows that IDS, AV, Firewalls, or something else similar mitigates the attack.

While crazy in the desktop world, most control systems cannot be updated without shutting down generation plants. Transmission has a slightly easier time of it but not much. Shutting down generation during peak periods such as heat waves or blizzards are a worse choice than patching as long as decent security is in place. Major upgrades such as O/S Service Packs and SCADA/DCS upgrades only have an opportunity maybe once a year during planned maintenance shutdowns. This is true regardless of the OS ('nix, Windows, VMS...)

Yes, certain vendors are very good about updates (Wonderware and similar) and others are very poor. They are all getting better but there is no way I would patch most systema on running coal or gas turbine generation plant. Risks are too high on environment and life safety. A loss of the control system can result in a plant shutdown or scram. A problem control system can put safety at risk because the plant is running and improperly controlling.

More of a problem is the proprietary hardware, especially on DCS systems. While no direct user interface is present, these systems are never patched, run hidden or semi-proprietary OS's. Worst case I know of is a DCS board that allows remote login with a known unpublished ID/password.

At least today, virtually every control system is behind an internal firewall and the majority have a decent firewall configuration. However, the value of communicating out of the control system outweighs the risk. Especially when running 15 power plants in a major utility and the power supply/demand balance on the grid is more important than air-gapping. If air-gapped, high quality frequency control at 60 Hz would be near impossible.

Re:Windows for SCADA? WTF?! (1)

OzPeter (195038) | more than 4 years ago | (#32920728)

The funny thing is that I work with a lot of GE products. After getting on a first name basis with their tech support people, I know that their programmers are definitely not the sharpest crayons in the box so cracking their software shouldn't be too hard. However they did buy iFix recently and I haven't had a chance to peek the hood of that product so perhaps to might be better than average.

Re:Windows for SCADA? WTF?! (1)

Svartalf (2997) | more than 4 years ago | (#32921064)

Considering the reliability of Windows...I'd probably choose to deploy one of the FOSS HMI systems over the commercial ones.

It doesn't matter if you build a fortress- if you build the same on a foundation of shifting sands.

Re:Windows for SCADA? WTF?! (1)

OzPeter (195038) | more than 4 years ago | (#32921146)

Considering the reliability of Windows...I'd probably choose to deploy one of the FOSS HMI systems over the commercial ones.

It doesn't matter if you build a fortress- if you build the same on a foundation of shifting sands.

Can you furnish any links to any decent/competitive FOSS HMIs? Because building a fortress out of mud doesn't appeal to me when I can user armor plating for my fortress. Also I don't think you have a very realistic appreciation of Windows reliability .. (not that I am a fanboi - typing from my Mac) , just that I have worked on lots and lots of commercial systems running windows.

Re:Windows for SCADA? WTF?! (3, Informative)

mighty7sd (1233176) | more than 4 years ago | (#32919808)

Windows is used all the time for SCADA applications, especially in distributed control systems. SCADA applications aren't just embedded devices, they are typically a Windows server installed on a workstation that is used for the HMI (human-machine interface) used for operators to communicate with the SCADA devices such as PLCs and DCSs. Most operators would not be able to function without Windows so they can check their email on Outlook, surf the web or play solitaire. If you want to use programming and algorithms from major manufacturers, a Windows machine saves money since there are already drivers and plug-ins made for Windows machines.

Re:Windows for SCADA? WTF?! (1)

rubycodez (864176) | more than 4 years ago | (#32919826)

eh, Windows Embedded is an embedded OS

the cost of the OS is negligible part of system

Re:Windows for SCADA? WTF?! (0)

Anonymous Coward | more than 4 years ago | (#32919830)

Seriously, anyone using Windows for SCADA in this day and age has to get their head checked. With the wealth of proprietary and free embedded operating systems available today, the use of Windows in any sort of embedded device should have ended a long time ago.

Totally useless comment. An attack on a SCADA is a targetted attack. If you are running it on another type of OS, the attacker will simply write it for that OS. This isn't a SPAM dude. This is a directed spying attack.

Re:Windows for SCADA? WTF?! (1)

0123456 (636235) | more than 4 years ago | (#32919864)

Totally useless comment. An attack on a SCADA is a targetted attack. If you are running it on another type of OS, the attacker will simply write it for that OS.

Because all OSes are equally vulnerable to being owned by anyone who plugs a USB key into the hardware.

Re:Windows for SCADA? WTF?! (2, Funny)

hedwards (940851) | more than 4 years ago | (#32919912)

Not Secure OS 2k11, it includes an epoxy substance to jam in the USB ports and floppy if applicable.

Re:Windows for SCADA? WTF?! (1)

Mister Whirly (964219) | more than 4 years ago | (#32922142)

Because any OS can be cracked given enough time and determination.

Re:Windows for SCADA? WTF?! (0)

Anonymous Coward | more than 4 years ago | (#32919834)

SCADA usually talks and is control by monitoring computers. That computer needs to email report, compile data, transmit said data, there are many cases where several pieces of SCADA equipment are thousands of feet apart and if one piece fails all the other have to perform differently. scada is not one device in any meaningful plant configuration. there are feed back loops. shit get complex real quick. and SCADA is not a set it and forget type of operation. plant configuration change depending on the weather and the season.
some venders only offer access to there advanced features through there proprietary software. its so awesome when there is a problem and you cant do shit cause Rosewell manual only pertains to a win-tel environment.

you think scada a problem? look up the security of the Hart communication protocol. pwning your water supple is two wires and a palm pilot with physical access anywhere on the 24V main dc line. now there putting blue tooth transmitters on the line for you. google blue tooth sniper antenna.

Re:Windows for SCADA? WTF?! (5, Informative)

Mousit (646085) | more than 4 years ago | (#32919840)

They're talking about the master/control side of things, the main servers and the operator consoles that people sit at and view indications, and control things. That is where Windows is often run. Embedded devices to this day remain highly proprietary in SCADA systems, though we are seeing more Linux-based embedded devices now.

The server end though is very often a Windows shop. However, forms of *nix are not uncommon at all either and in fact UNIX types used to be the norm for servers in SCADA, but that's been going away for quite a while now. I'd say it's about 50/50 these days between Windows and *nix. Most of the *nix stuff is now AIX or some flavor of Linux (RHEL being the big one). That's on the server side. The actual consoles where the operators sit are about 90% Windows though, if not higher, and that's most likely where you're going to see this virus come into play in the first place because of some stupid user plugging in an infected USB device.

Though a proper SCADA shop should have their SCADA system locked down. We certainly do. All USB ports are secured and thumbdrives are not allowed, and disabled from being attached. An operator that can just walk up and stick a USB drive onto a console is a big, big no-no.

Re:Windows for SCADA? WTF?! (2, Informative)

Anonymous Coward | more than 4 years ago | (#32919994)

I work in support for Wonderware, which unfortunately, is in 33% of production facilities worldwide. It only runs on Windows, then there's iFix, GE's HMI software, Autosol and Standard Automation products running on windows... A GE DCS may run 'nix, but it reports to and is queried by a WinPC. I think it's probably more 75%/25% in favor of Windows for SCADA systems.

Re:Windows for SCADA? WTF?! (5, Insightful)

PPH (736903) | more than 4 years ago | (#32920770)

The actual consoles where the operators sit are about 90% Windows though, if not higher, and that's most likely where you're going to see this virus come into play in the first place because of some stupid user plugging in an infected USB device.

And then the virus rootkits the control console. It can then issue commands to the SCADA systems that appear to be from legitimate operator input.

Back when I worked for Boeing, we fought a loosing battle trying to keep Windows systems off the shop floor. In an ideal world, we would have a secure subnet within the company Intranet behind its own firewall to keep the Windows systems from seeing shop equipment. In the real world, lots of the factory equipment was running Windows. Worse yet, some of the people responsible for loading firmware into avionics used Windows laptops to do so. And then they'd take them home at night where the kids would use them to log on to Facebook, or download kewl stuff from unknown sources.

You can't fire people fast enough to keep Windows out of misson critical areas.

Re:Windows for SCADA? WTF?! (3, Funny)

jd (1658) | more than 4 years ago | (#32921464)

Ok, I am never flying on a Boeing again. Or any other aircraft. And given that modern computers on cars now use regular ethernet and unsecure protocols (see the papers on successful methods for injecting false commands to the engine and braking systems), I'm going to stay clear of the roads as well. Hell, just get me a Dyson Sphere on some star in some remote galaxy - and a wormhole so I can continue reading Slashdot. Gotta have Slashdot.

Re:Windows for SCADA? WTF?! (0)

Anonymous Coward | more than 4 years ago | (#32921726)

Heck with Windows, the guys building planes don't even know the difference between lose and loose! Did you loose a nut or was it just lose?

Re:Windows for SCADA? WTF?! (1)

jd (1658) | more than 4 years ago | (#32922048)

When I worked at NASA, there were certainly nuts on the loose.

Re:Windows for SCADA? WTF?! (1)

SpaceLifeForm (228190) | more than 4 years ago | (#32919844)

The vector is the windows machine that is networked (stupidly)
to older non windows boxen that do the SCADA work.

In theory, an attacker could manipulate the SCADA machines
and cause disruption.

Re:Windows for SCADA? WTF?! (5, Informative)

MagikSlinger (259969) | more than 4 years ago | (#32919856)

Most of the IT your life in the Western world depends on runs on Windows.

Yes, you are right: it is not suited for the purpose. It says so in the EULA.

Again, you are right: they have higher down times, increased maintenance due to weekly patching to prevent security problems.

Uh-huh, I agree. In my experience supporting such systems, they are indeed slower than a good Unix box, harder to administer because you are constantly manually typing things in as opposed to automating them.

Why are they using them you ask? Because it's all the developers/admins know how to use. They hate using the Unix boxes here at my work, and they keep coming to me to hold their hand doing anything on them. They prefer Windows because everyone has Windows at home or on their desks, and it's a lot easier for my co-workers to understand and use. That's why your quality of life is in the hands of Microsoft.

BTW, my co-workers are currently plotting to do-UNIXify one our major systems. *groan* They point out how expensive the AIX box is, and how unreliable it is. Um, the same guys who maintain the AIX box are going to maintain the Windows boxes, and if you remember, they did a terrible job keeping them up! It's not AIX that's unreliable -- it's the quality of our admins.

Re:Windows for SCADA? WTF?! (1)

WhiteHorse-The Origi (1147665) | more than 4 years ago | (#32922218)

I'm an unemployed Linux Admin...

Re:Windows for SCADA? WTF?! (3, Insightful)

grcumb (781340) | more than 4 years ago | (#32922358)

Why are they using them you ask? Because it's all the developers/admins know how to use. They hate using the Unix boxes here at my work, and they keep coming to me to hold their hand doing anything on them. They prefer Windows because everyone has Windows at home or on their desks, and it's a lot easier for my co-workers to understand and use.

I agree with the first part of that last sentence, and I suspect that if you asked people, they too would claim that Windows is easier to understand and use....

... But you'd all be wrong.

The plain fact is that Windows is simpler in places where simplicity actually hides essential knowledge. Say what you like about Linux/Unix being harder; the fact of the matter is that it's no harder than it should be. The Windows UI, on the other hand, definitely is simpler than it should be.

Every time someone takes the shortcut and runs a Wizard, the end result is that Microsoft, not the admin/developer, ends up making the majority of technical assumptions, most of which are driven by marketing, rather than actual technical needs.

The problem, in short, is not that Linux/Unix is too hard. The problem is that Windows pretends to be too easy.

Re:Windows for SCADA? WTF?! (5, Interesting)

Thelasko (1196535) | more than 4 years ago | (#32919910)

Seriously, anyone using Windows for SCADA in this day and age has to get their head checked.

About 6 years ago I worked as an engineer for a manufacturing company. One day a pop up message appears on my computer. It says something like, "this machine will restart in 30 seconds. Please save all of your work." I saved my work and the machine restarted. A few minutes later, it happened again, and I called IT.

IT comes out, and looks at my machine. They figure it's some sort of virus, but it turned out to be a worm. The Sasser worm [wikipedia.org] to be exact.

Machines start rebooting themselves all over the office, and my boss asks the IT manager if this will effect the assembly line PLCs.

The IT manager gives my boss a very firm, "No!" and goes on to explain how those machines are behind a separate firewall, and can't possibly get the worm.

Just as he is explaining this, the foreman comes in from the plant and says, "Hey! all of those computers out on the assembly line just rebooted themselves!"

Our IT director got very red, and went into the server room and unplugged all of the switches. We were one of the few companies using VOIP at the time, and that meant no phone, fax or internet for the whole building.

Why did we use Windows on the assembly line? I asked that my first day on the job. Corporate determined it was cheaper than running embedded devices.

The company was shut down for a whole day, costing $20,000 per minute in lost revenue. I can't imagine those embedded devices were that much more expensive.

As a side note, our IT Manager developed a heart condition at a very young age, and I quit a year later.

Re:Windows for SCADA? WTF?! (0)

Anonymous Coward | more than 4 years ago | (#32919992)

There's no OS that does not crash or stop working for some time interval. It's not Windows' fault that operation back then was paused, it's architechtural problem. Whatever OS they would use, with that mind, they would have similar hold backs.

Re:Windows for SCADA? WTF?! (4, Insightful)

bloodhawk (813939) | more than 4 years ago | (#32920198)

really you are asking the wrong questions. They failed to correctly patch windows, they would just as likely fail to correctly patch linux or any other OS too. The question isn't "why were you using windows", vulnerabilities exist in all OS's. The question is "Why the fuck were they not patching known vulnerable systems that are mission critical?" Patch for sasser worm was available well before the worm, secondly "why the fuck if they had a reason to not patch vulnerabilities were they leaving their mission critical devices exposed?".

What you describe is a massive failure on the part of the IT staff.

Re:Windows for SCADA? WTF?! (1)

Anonymous Coward | more than 4 years ago | (#32921182)

really you are asking the wrong questions. They failed to correctly patch windows, they would just as likely fail to correctly patch linux or any other OS too. The question isn't "why were you using windows", vulnerabilities exist in all OS's. The question is "Why the fuck were they not patching known vulnerable systems that are mission critical?" Patch for sasser worm was available well before the worm, secondly "why the fuck if they had a reason to not patch vulnerabilities were they leaving their mission critical devices exposed?". What you describe is a massive failure on the part of the IT staff.

Vulnerabilities do exist in all OSs but that statement of the obvious doesn't enlighten anyone or help anything. There is more to the picture. This certainly could happen to a *nix shop, in the sense that I know of no laws of physics which would make it impossible. However, it absolutely tends not to happen in a *nix shop and there are reasons for this. Here I say *nix because it's one of the leading alternatives to Windows, but really by that I mean Unix, Linux, QNX, or any number of systems better suited for such a purpose.

The lesson here is simple enough: companies that hire incompetent IT staff which commit massive failures choose Windows, even in an environment where another tool would be better suited for the job. Desktop workstations for office workers, assuming a managed environment? Windows is a good choice there. Critical back-end servers or control systems for mission-critical machines? Windows is one of the worst choices you can make for this.

Besides, IT staff who are aware of alternatives to Windows, as in actually have expertise or at least competency with adminstering both Windows and non-Windows systems, would also tend to be aware of the need to patch known vulnerabilities and the high desirability of isolating critical systems wherever this is practical. In a diverse world of many tools for many jobs, the self-proclaimed "experts" who truly know one thing and one thing only tend to be the least competent. So it is with Windows shops full of "admins" who would be completely clueless and helpless if they were placed in front of a non-Windows system.

Re:Windows for SCADA? WTF?! (1)

bloodhawk (813939) | more than 4 years ago | (#32921948)

My whole point was, the fact that it was windows in his story was incidental. The entire story was a saga about incompetent IT admins, yes they probably exist more in the windows world due to the perceived ease of use, but I see almost as many badly run *nix environments, hell I am working in a badly run *nix environment at the moment that would be just as susceptible to such a disaster.

Re:Windows for SCADA? WTF?! (1)

WhiteHorse-The Origi (1147665) | more than 4 years ago | (#32922242)

Same here. 13 years of IT and I just gave up because of corporate morons. $4million for peoplesoft, $70k for Microsoft, the list of waste goes on.

Re:Windows for SCADA? WTF?! (1)

Kepesk (1093871) | more than 4 years ago | (#32920004)

Anyone using Windows for anything essential needs to re-evaluate their software choices. How many times have we heard the story "Malware targets flaw in Windows"?

Re:Windows for SCADA? WTF?! (2, Insightful)

Bigjeff5 (1143585) | more than 4 years ago | (#32920386)

Somebody obviously doesn't know what SCADA is used for in this day and age.

Realtek is long known for malware (0)

Anonymous Coward | more than 4 years ago | (#32919618)

Just up to now, their malware has been confined to hardware.

LNK files (1)

Itninja (937614) | more than 4 years ago | (#32919636)

Have not .lnk security issues been around since Windows 95? Is this a new one?

Re:LNK files (-1, Flamebait)

commodore64_love (1445365) | more than 4 years ago | (#32919934)

Yep.

Yet another Mac OS component that Microsoft blatantly copied with Win95 - except Mac did the shortcuts properly. Win95 also copied the trashcan, finder, desktop arrangement, and shutdown procedure. When I first laid hands on Win95 I thought to myself, "This feels just like my Quadra Mac."

Re:LNK files (2, Interesting)

Itninja (937614) | more than 4 years ago | (#32920208)

Of course they did. Any successful company copies innovative ideas from the competition (like how Apple copied the mouse drive GUI from Xerox). Microsoft has had it's fair share of ideas copied too (Apple copied the popular 'right mouse click' context menu for their computers).

Re:LNK files (4, Informative)

commodore64_love (1445365) | more than 4 years ago | (#32920420)

>>>Microsoft has had it's fair share of ideas copied too (Apple copied the popular 'right mouse click'...

Uh. No. I don't know who invented right button clicking first, but I know the Amiga in 1985 had the capability with context menus arriving in OS 2.0 (1989). Ditto the Atari ST. It was not a Microsoft invention.

In fact I honestly can't think of anything MS originally invented. Maybe MS-BASIC back in the distant disco decade (70s) but that's about it.

Re:LNK files (1)

Itninja (937614) | more than 4 years ago | (#32920992)

They had two-button mice in 1985? I didn't say MS invented the context menu. They invented the context menu that was triggered by a right mouse click.

Re:LNK files (2, Interesting)

commodore64_love (1445365) | more than 4 years ago | (#32921364)

No you're wrong. Commodore Amigas had the right button context menus in 1989. In fact when I first experienced Windows 3 in 1992, I found it frustrating specifically because the right button was there, but didn't do anything. I then realized how advanced Amiga OS really was.

Re:LNK files (1)

drsmithy (35869) | more than 4 years ago | (#32921506)

Uh. No. I don't know who invented right button clicking first, but I know the Amiga in 1985 had the capability with context menus arriving in OS 2.0 (1989). Ditto the Atari ST. It was not a Microsoft invention.

So you're saying the "trashcan, finder [ignoring for a second how little like Finder Explorer works], desktop arrangement, and shutdown procedure" didn't exist anywhere except MacOS ?

Re:LNK files (2, Interesting)

cbhacking (979169) | more than 4 years ago | (#32921612)

XMLHttpRequest, for one. You know, the thing that made AJAX work (invented by MS to provide the real-time nature of Outlook Web Access). http://en.wikipedia.org/wiki/XMLHttpRequest [wikipedia.org]

Depending on how pedantic you want to get, MS had precursors of the dock before Apple or NeXT, although I'm not sure they were the first. The Start menu paradigm has been copied by a number of other GUI environments; it's not the first time there was a globally-accessible go-to menu for running programs, but it introduced the concept that you do *everything* from one menu (and its submenus, if you're still feeling pedantic), from starting a program to changing the desktop background to installing a driver to turning off the computer.

Most of Microsoft's major advances have been business/enterprise targeted. Exchange+Outlook, as a fully-integrated groupware solution, had no serious competition for a long time. The degree and ease of control that Group Policy gives domain controllers is still a major reason that companies choose Windows.

Hell, as much heat as they caught for it, the very concept that an OS always comes with a web browser can be attributed to MS. You don't have to use it, and there's a number of people who don't except to, just once, download another browser... but they can do that. No needing to get an install disk, or mess with command-line FTP, or anything of that nature.

Re:LNK files (0)

Anonymous Coward | more than 4 years ago | (#32921788)

> Maybe MS-BASIC

BASIC was created by Kemeny and Kurtz in the 60s. When BillG was in Harvard he wrote BASIC programs on the DEC computer there. It seems that there was at least one BASIC system for which the source code was available. As the Intel 8080 development system ran on DEC machines it was not impossible for BillG to use the source when creating his Altair BASIC. Granted the whole maths routines needed rewriting (which was done by a third team member that I can't recall the name).

BillG also never paid for the DEC machine time used to develop 'his' BASIC.

Re:LNK files (2, Informative)

rduke15 (721841) | more than 4 years ago | (#32920242)

Cool. Let's indulge in some nineties nostalgia with a good old OS war... :-)

When I first laid hands on Win95 I thought to myself, "This feels just like my Quadra Mac."

Yes, it looked much the same, except in Win95 I could format a floppy disk while copying files over the network and typing an email.

Re:LNK files (0)

commodore64_love (1445365) | more than 4 years ago | (#32920748)

Win95 and Mac both had the same type of multitasking - cooperative. So you could format a floppy, copy files online, and type email on either of them. BUT if one of those tasks crash, it froze the whole OS.

Windows 98 gained preemptive tasking.
OS 10 (2001) gained preemptive tasking.

Re:LNK files (1)

drsmithy (35869) | more than 4 years ago | (#32921552)

Win95 and Mac both had the same type of multitasking - cooperative. So you could format a floppy, copy files online, and type email on either of them. BUT if one of those tasks crash, it froze the whole OS.

This is false. Windows 95 pre-emptively multitasked exactly the same way Windows 98 (and Me) did.

Re:LNK files (1)

commodore64_love (1445365) | more than 4 years ago | (#32921624)

P.S. And just for the sake of completion:

1985 - Commodore released the preemptive multitasking Amiga OS 1.0
1993 - Atari ST gained preemptive multitasking with TOS4

i.e. Commodore and Atari, per usual, were years ahead of the competition. It's a shame neither of these American companies exist anymore, since they were the true innovators.

Re:LNK files (0)

Anonymous Coward | more than 4 years ago | (#32921828)

You have no idea what you are talking about. Both Win 95 and 98 had preemptive multitasking in 32-bit mode.

That's what you get... (4, Funny)

MrEricSir (398214) | more than 4 years ago | (#32919650)

...for taking shortcuts.

Re:That's what you get... (1, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#32919672)

*Shades*
Yyyyyyyyyyyyyeeeeeeeeeeeaaaaaaaaaaahhhhhhhhhh

Re:That's what you get... (1)

commodore64_love (1445365) | more than 4 years ago | (#32920784)

The Supernatural episode that on last week was hilarious. The two brothers in the show got trapped in a CSI Miami episode, and they did about 20 of these "And that's what I call..." (shades) "...a deadly outcome."

Re:That's what you get... (0)

Anonymous Coward | more than 4 years ago | (#32919690)

*puts on sunglasses*

YEEEAAAAAHHHHH!!!

Realtek (2, Insightful)

StikyPad (445176) | more than 4 years ago | (#32919660)

and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company.

For very loose values of "legitimate." Realtek is the Yugo of hi-tech.

Re:Realtek (1)

nschubach (922175) | more than 4 years ago | (#32919722)

I have a few Realtek NICs (8139) that are among the most reliable and simple devices to install.

Maybe I just got lucky, but I have a few PCI Realtek NIC that I've moved from PC to PC doing upgrades and NEVER had a problem with it working on any Operating system I've ever installed.

The damn thing just works, flawlessly. Is that so bad?

Re:Realtek (1)

KiloByte (825081) | more than 4 years ago | (#32920000)

Once upon a time, Realtek's cards made up >80% of all network cards people around here used.

In the times of 10Mbps BNC and early 10baseT, typical prices were like:
* PLANET's NE2000 "compatible": 50zl
* Realtek's 8029: 60zl
* 3Com's 3c5x9: 700zl (yeah, it's not a typo -- over an order of magnitude more)

The latter two were damn reliable, while junk cards worked only on a good day, hardly ever managed to talk to cards made by other manufacturers, worked or not based on the room they were in, and even when by some chance they did work, you got less than half the speed of Realteks/3Coms.

Being just a tiny bit more expensive than the cheap crap and almost as reliable as top-end gear, it's no wonder Realtek got that kind of market penetration.

A bit later, in the era of early 100Mbps, their 8139 cards were rock solid and as still very cheap.

It's only after every single motherboard started to include on-board networking that Realtek stopped being relevant.

They make the motherboard chips as well (1)

brunes69 (86786) | more than 4 years ago | (#32920876)

It's only after every single motherboard started to include on-board networking that Realtek stopped being relevant.

Not sure if you realize it or not, but 90%+ of all motherboard onboard NICs, are made by Realtek.

Don't believe me? Check your lspci / Device Manager.

Re:Realtek (4, Interesting)

StikyPad (445176) | more than 4 years ago | (#32920136)

The 8139 is one of the shittiest NICs ever created. It personifies the Realtek ethos of bottom-of-the-barrel, "get it to sort-of work and ship it" engineering. The fact that it works on "any operating system you've ever installed" is a testament not to the virtues of Realtek, but the skill and dedication of a few people who undertook the monumental task of creating drivers. Don't get me wrong, I'm glad I have $5 surround sound on my motherboard, but I still wouldn't piss on Realtek to put out a fire.

* Supports several extremely cheap PCI 10/100 adapters based on
      40 * the RealTek chipset. Datasheets can be obtained from
      41 * www.realtek.com.tw.
      42 *
      43 * Written by Bill Paul
      44 * Electrical Engineering Department
      45 * Columbia University, New York City
      46 */
      47 /*
      48 * The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is
      49 * probably the worst PCI ethernet controller ever made, with the possible
      50 * exception of the FEAST chip made by SMC. The 8139 supports bus-master
      51 * DMA, but it has a terrible interface that nullifies any performance
      52 * gains that bus-master DMA usually offers.
      53 *
      54 * For transmission, the chip offers a series of four TX descriptor
      55 * registers. Each transmit frame must be in a contiguous buffer, aligned
      56 * on a longword (32-bit) boundary. This means we almost always have to
      57 * do mbuf copies in order to transmit a frame, except in the unlikely
      58 * case where a) the packet fits into a single mbuf, and b) the packet
      59 * is 32-bit aligned within the mbuf's data area. The presence of only
      60 * four descriptor registers means that we can never have more than four
      61 * packets queued for transmission at any one time.
      62 *
      63 * Reception is not much better. The driver has to allocate a single large
      64 * buffer area (up to 64K in size) into which the chip will DMA received
      65 * frames. Because we don't know where within this region received packets
      66 * will begin or end, we have no choice but to copy data from the buffer
      67 * area into mbufs in order to pass the packets up to the higher protocol
      68 * levels.
      69 *
      70 * It's impossible given this rotten design to really achieve decent
      71 * performance at 100Mbps, unless you happen to have a 400Mhz PII or
      72 * some equally overmuscled CPU to drive it.
      73 *
      74 * On the bright side, the 8139 does have a built-in PHY, although
      75 * rather than using an MDIO serial interface like most other NICs, the
      76 * PHY registers are directly accessible through the 8139's register
      77 * space. The 8139 supports autonegotiation, as well as a 64-bit multicast
      78 * filter.
      79 *
      80 * The 8129 chip is an older version of the 8139 that uses an external PHY
      81 * chip. The 8129 has a serial MDIO interface for accessing the MII where
      82 * the 8139 lets you directly access the on-board PHY registers. We need
      83 * to select which interface to use depending on the chip type.
      84 */

http://fxr.watson.org/fxr/source/pci/if_rl.c [watson.org]

Re:Realtek (0)

Anonymous Coward | more than 4 years ago | (#32920266)

It's impossible given this rotten design to really achieve decent performance at 100Mbps, unless you happen to have a 400Mhz PII or some equally overmuscled CPU to drive it.

No wonder they're bad. Almost nobody has chips that fast these days.

Re:Realtek (1)

djdanlib (732853) | more than 4 years ago | (#32920638)

You realize that was written in the 1990s, right?

Re:Realtek (0)

Anonymous Coward | more than 4 years ago | (#32921272)

Special comments provided by Captain Obvious.

Re:Realtek (0)

Anonymous Coward | more than 4 years ago | (#32921360)

You must be new here.

Re:Realtek (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32919790)

They may be pretty chintzy; but they are downright ubiquitous. Things are going to get comedic if every Realtek-equipped PC that also gets Windows updates suddenly starts throwing "unsigned driver" warnings because Microsoft revokes their trust of the Realtek signing key(which they might chicken out of; but they really should do if there are signed rootkit drivers floating around)...

Re:Realtek (0, Troll)

Charliemopps (1157495) | more than 4 years ago | (#32920022)

As if anyone pays attention to the unsigned driver warning anyway. lol

Re:Realtek (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32920164)

On 64 bit installs, they generally pay attention to the "OS refusing to install the unsigned driver" behavior, though... Luckily, Realtek isn't behind a gigantic fraction of the world's cheap NICs, so getting updated drivers won't be an issue...

Re:Realtek (1)

Nimey (114278) | more than 4 years ago | (#32920052)

The Crab's stuff is better than it used to be. Their NICs are pretty good quality; not quite up to Intel standard, but good for what you pay. Sound is merely OK quality, but reliable.

Windows users are capable of using shortcuts? (1, Funny)

Hurricane78 (562437) | more than 4 years ago | (#32919850)

I thought they would barely manage to point and click, and the keyboard were a mistery to them, just like the whole UI is designed to train them to behave...
I doubt more than 5% of the (l)users actually know what a shortcut is, considering how they are intentionally hidden away as deep as possible, or even completely removed.
(I’m not hating Windows specifically. “modern” [aka. “dumbed down beyond being usable”] KDE/Gnome and OSX UIs often are not much better nowadays. :/ But there are some competent UI designers out there. E.g. the Maya ones. :))

Re:Windows users are capable of using shortcuts? (1)

c6gunner (950153) | more than 4 years ago | (#32920540)

I doubt more than 5% of the (l)users actually know what a shortcut is, considering how they are intentionally hidden away as deep as possible, or even completely removed.

Yeah, that's right, the start menu and desktop are intentionally hidden away or completely removed. The screen just shows a pretty picture, which does nothing when you click on it.

Re:Windows users are capable of using shortcuts? (1)

Hurricane78 (562437) | more than 4 years ago | (#32922156)

Wow. You did manage the single two things left. ^^

How about the shortcut to:
- lock the system
- search a file
- run something
- browse the file system
- show the desktop
- switch between the task bar, the desktop and your application
- print just the window
- all the Alt-something shortcuts for the menus
- close a document
- close a application
- etc
they all exist. They all make work faster. How many do you think the average user knows? Hm? One?

And how about
- the directory structure of the file system browser resembling the actual structure.
- file extensions being visible.
- system directories being available.
- system files being visible.
- the ability to run scripts to actually use your computer as a computer (= to automate things) instead of like an appliance with colorful clickables.
- the actual start menu not being hidden away under “Programs>”.
- every administrative functionality in Windows not being “simplified” in a mind-boggingly idiotic and chaotic set of stupid dialogs.
- etc.

That’s just what I came up from the top of my head.
And as you may notice, sadly, KDE/Gnome are so extremely the same, that nearly all is true for them too. And hey, OSX actually presents this “simplicity” (actually lack of freedom) as a bullet point in the feature list.

And then they act surprised, if nature invents better idiots to cope with the downwards spiral of idiocy (aka “simplicity’). ^^
As always: Greed = submissive to the users = no long term sustainability = EPIC FAIL.

Solution (4, Funny)

mark72005 (1233572) | more than 4 years ago | (#32920006)

They should avoid holding the USB drive that way.

It;s a concern. (1)

jd (1658) | more than 4 years ago | (#32920348)

Power stations (including nuke ones) use SCADA for control systems. Not the kind of stuff you really want to be infected with malware. Sure, the odds of anything really nasty happening is slim (it does happen though - the main Japanese nuke power station has accidentally vented radioactive material into the air in the not-too-distant past). The most likely event is a shutdown, followed by a blackout of a region. If there's a cascading effect, it might even take out a whole State until they reload the computers from backup tapes. Uhhh, they DO have backup tapes, right...?

It bothers me that insecure OS' are being used for any kind of control system. Microsoft is only partly to blame, though. The high cost of real-time and "trusted" Operating Systems (which would have been far better choices) is also responsible. If a mission-critical industry genuinely couldn't afford mission-critical OS' for mission-critical components, something somewhere got SERIOUSLY messed up. (You'd want a real-time OS for components that need a specific response time, and trusted OS' for components that interfaced with stupid operators and the outside world and therefore needed the higher level of security.)

It's unclear if manufacturers would have been permitted to offer a special deal, though, for such organizations on what amounts to an emergency basis. There would be all kinds of anti-competitive rules invoked. It would have required special dispensation by the legislature, plus approval by "Homeland Insecurity", to eliminate such dangers on a legal basis. Even then, it's unclear if such laws would have held much sway with the Supreme Court makeup as it stands. Basically kicking Microsoft out of an entire sector of industry would run very counter to free-market ideals no matter what the potential consequence. The judges are so old that they're very unlikely to ever see the consequences of their decisions so why should they give a flying f*** if there are any?

(I'm not saying those ideals are necessarily wrong in the market, or necessarily wrong in general, but when you try to mix them with a large dose of complacency, a larger dose of greed and a huge dollop of obscurity+secrecy, there isn't a free market for those ideals to operate in anyway. Trying to make those ideals work in a context they were never designed for is where you get problems.)

Re:It;s a concern. (2, Interesting)

Svartalf (2997) | more than 4 years ago | (#32921138)

The high cost of real-time and "trusted" Operating Systems (which would have been far better choices) is also responsible.

The reason they're "expensive" is because of the efforts to try to ensure secure and reliable operation in the face of attackers. Don't be laying the blame at the feet of the OSes- lay it at the feet of the cheap people that sought to maximize profits while ignoring the risks involved with the choices they were making.

Re:It;s a concern. (2, Interesting)

jd (1658) | more than 4 years ago | (#32921386)

Oy! Dark Elves aren't supposed to make sensible comments.

Anyways, the way secure OS kernels are generally written is to move the critical functions into a "security kernel". Only that security kernel needs to be proven correct. Flaws in the rest of the OS cannot cause vulnerabilities. Well, in theory. But once that security kernel is written, then the expensive part of the development is done. It's proven complete and correct, so you should almost never have to touch the security kernel again. That component can be treated independently of the rest of the system, as that is how it is developed (and maintained). The cost of the rest of the OS can be covered by the sales of the unsecure versions (regular Solaris, regular IRIX, etc).

The utilities and userspace facilities that then get added onto that need to be audited as they get developed, and that's where the big big expense is. Not much I can see that can fix that, aside from OpenBSD-like auditing of the whole lot. Ensuring all libraries validated all inputs and that the system malloc enforced memory bounds would probably be helpful, as it would limit the exploit potential of bugs elsewhere that did exist.

But here we run into the crux of the issue. I really can't think of too many times you'd want to compile programs on a secure system that is running hardware. Nor can I think of too many times you'd want said system to provide much in the way of shell scripting or standard Unix utilities. In short, all you really want on such a box is a kernel, a skeleton system, and the applications you want to run that are supplied by some third-party.

So the only legitimate expensive component that these companies need is the security module. Which won't be cheap. But it also won't be as costly as having to pay for a complete OS as though nothing was getting reused and everything was going to get used. Neither of those is valid.

And how... (3, Insightful)

Securityemo (1407943) | more than 4 years ago | (#32920442)

This is awesome. A major 0day? They stole the signing key from realtek? And it's not like you can instantly invalidate those keys without major hassle. I wonder how many other such "cert" keys have been stolen over they years.
Besides that, why code an interface specifically for Siemens SCADA? One question you'd have to ask is, does that system have marketshare for the control systems of any specific type of thing, or is it generally just popular in industrial automation? I can't find anything specific online, besides advertising writeups about factory control.

Re:And how... (2, Interesting)

PPH (736903) | more than 4 years ago | (#32920994)

Besides that, why code an interface specifically for Siemens SCADA?

Because 1) it has a large market share, 2) it may have been the first brand that the virus writers managed to reverse engineer. Stay tuned for versions that work with Allen Bradley and others.

SCADA systems have traditionally been highly proprietary, depending on obfuscation for security. Some of the newer systems have learned fom the open source movement. "You may have our protocols, even our source. But you'll get nowhere without the key." But they don't have major market share yet, And that's not the way the utility industry thinks. For a business that really has no competition (Each utility operates within a designated area. Customers can't just go shopping around.) they hate sharing best practices and lessons learned. And their manufacturers have some of the strictest NDAs. Not so much to hide cutting edge technology, but to prevent customers from sharing tales of woe about crappy products.

Re:And how... (1)

Securityemo (1407943) | more than 4 years ago | (#32921334)

That's interesting to know. How complicated are the protocols? Would you have to actually get a hold of hardware components with embedded software on the "receiving" side to get a complete set for reverse-engineering, if you didn't want to reverse the protocol from the client code? ...
Realtek has factories in China, and chinese "spies" would certainly be able to prochure whatever they needed from Chinese factories if I've understood the situation correctly.

If you prefer a car analogy (1)

NotQuiteReal (608241) | more than 4 years ago | (#32920682)

See this link for what can happen to your SCADA systems - total distruction [scada1.com]

Default SQL username and password in HMI (5, Informative)

Que_Ball (44131) | more than 4 years ago | (#32920758)

So looking at some of the linked info it appears that this is targeting a Siemens SIMATIC WinCC Database. It appears that the database uses a hardcoded username and password combination that end users are told not to change. I found some forum postings from people who made the mistake of changing the password only to have the software fail.

Server=.\WinCC;uid=WinCCConnect;pwd=2WSXcder (+1 for what appears to be a reasonably random looking password, -1 for being short, -1 for not including symbols, -100 for hardcoding it into the app and forcing all users to have the same exploitable entry point into their embedded database that this worm can use to read and inject code into the database)
https://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&Language=en&PageIndex=2 [siemens.com]

Product being targeted:
http://www.automation.siemens.com/w2/automation-technology-distributed-control-system-simatic-pcs-7-1075.htm [siemens.com]

Seems pretty clear that this was a targeted attack. (Launched by Competitor, former employee, etc)

Re:Default SQL username and password in HMI (0)

Anonymous Coward | more than 4 years ago | (#32921696)

Did you happen to look at where the keys for that password are? Down the second row, back up the third, and then over to the fourth. It might as well just be qwertyuiop. Lazy vendors will be the end of us all.

Re:Default SQL username and password in HMI (0)

Anonymous Coward | more than 4 years ago | (#32921988)

Not a random password, look at the placement of 2WSXcder on your keyboard. Granted it's not a dictionary word but this is still poor.

Re:Default SQL username and password in HMI (3, Funny)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32922198)

Wow. That is some incredible quality there.

I'm assuming that this product is of the "Well, it sucks ass; but at least it was incredibly expensive..." school of enterprise software design?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?