Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Worms Crash Ohio Nuke Plant, MD Trains

michael posted about 11 years ago | from the woodpecker-that-brought-down-civilization dept.

Security 817

stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."

cancel ×

817 comments

Sorry! There are no comments related to the filter you selected.

Bow down to the Lord's penis (-1)

(TK2)Dessimat0r (669581) | about 11 years ago | (#6755243)

-PENIS--PENIS--PENIS--PENIS-
P_______________________8..P
E__Bow down to the_____#~..E
N__Lord's penis_______8.',-N
I_____________________#',-.I
S__Jesus wants your__8',-..S
-__anus, and he_____#~',-..-
P__wants it NOW! ___8_',-..P
E__________________##',-',-E
N__An original_____8',-',";N
I__TrollKore______##',-',";I
S__work of art.___8',-',";.S
-__By Dessimat0r ##',-',";.-
P________________8',-',";,.P
E_______________#'',-',";,.E
N______________8(',-',";,..N
I_____________#(',-',";,.,.I
S__________#8#8_',-',";,.,.S
-_________#',-.8',-',";,.,.-
P________8~',-..#',-',";,..P
E_______#'',-',";8_',-',";.E
N_____8=',-',";.+#+',-',";.N
I____#=',-',";,._8',-',";,.I
S___#=',-',";,..(#',-',";.8S
-__8(',-',CMDR,.(8',-',";s#-
P_8(',-',.TACO.";#',-',-s8_P
E_#z',-','WOZ',";8',-..s#__E
N_8_.,#',"ERE',";~#,..88___N
I_#.##',-,',',,";~8,8#_____I
S_8##',-+~'',-',-~#'8______S
-_#.,..-',-',";.'=8#_______-
P_.8+_',-',";,.'88_________P
E___888',-',";~8___________E
N______8#888#88____________N
I__________________________I
S____.oO TrollKore Oo._____S
-_At the head of the game._-
P__________________________P
E___irc.freedomirc.net_____E
N_______#trollkore_________N
I__________________________I
S__________________________S
-PENIS--PENIS--PENIS--PENIS-

Get the code to the TrollKore ASCII penis here... [slashdot.org]

All you cock-loving fuckers out there, here is a special treat for you bastards, take a look at this knob. NOW SUCK IT, MOTHERFUCKERS!

You are not logged in. You can log in now using the Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal the convenient form below, or Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal

H3Y e0D St34L Th15 P057 F1R57!!! (-1, Troll)

HyperColor Underware (628462) | about 11 years ago | (#6755245)

H3Y e0D St34L Th15 P057 F1R57!!!

This would be a good idea. This would be a very good idea. To post this first and get recognition of the first post, 30d would be 30ded on national tv exposure. Good. Success. I enjoy.

The network administrators... (5, Insightful)

aridhol (112307) | about 11 years ago | (#6755246)

...should be fired. Why was the safety monitoring system on a nuclear power plant exposed, even indirectly, to the internet?

Re:The network administrators... (5, Insightful)

gcaseye6677 (694805) | about 11 years ago | (#6755285)

Better yet, why is it running Windows?

Re:The network administrators... (4, Interesting)

epiphani (254981) | about 11 years ago | (#6755474)

I was under the impression that Microsoft didnt encourage the use of its products in applications such as these. We are talking about systems that cannot fail - if they do, people could die.

I thought Microsoft had the sense to accually say 'this is not what our product is for - get something custom'. If I worked at Microsoft, the last place I'd want our 'it-does-everything' operationg system doing would be managing the safety systems at a nuclear plant.

Does anyone know if Microsoft accually encourages this type of a deployment - if they dont, what moron decided to use it?

Re:The network administrators... (4, Insightful)

chef_raekwon (411401) | about 11 years ago | (#6755289)

true, any admin that doesn't know about packet filter firewalls should be fired...
--- but imagine when they catch the clown who spread/made the virus...he/she might be locked up for a while...

Re:The network administrators... (5, Insightful)

s20451 (410424) | about 11 years ago | (#6755364)

true, any admin that doesn't know about packet filter firewalls should be fired...

Sometimes that's not enough. At my university, the departmental firewall did just fine in blocking the virus, until somebody got their Windows laptop infected at home and brought it to work, behind the firewall. Once again proving that great network security can be easily defeated by poor physical security.

paranoia time (5, Insightful)

ed.han (444783) | about 11 years ago | (#6755450)

in an environment like a nuclear power plant, why aren't there firewalls on all clients? i mean, network security in such an installation is about as important as it gets.

it's possible the vulnerability arose through someone accessing internet e-mail. but wall street firms regularly blacklist internet e-mail sites. they do that b/c they're regulated to ensure that proprieties are kept and people aren't defrauded. a nuke though--we're talking more than just dollars and cents here.

it may not be fully the fault of the admins.

ed

Re:The network administrators... (1)

chef_raekwon (411401) | about 11 years ago | (#6755452)

until somebody got their Windows laptop infected at home and brought it to work

true -- but hopefully the sysadmin that knows about packetfilters, also knows about keeping their systems current with patches. (yes, i will continue to dream.)

what university do you attend that got the beat down?? U of T??? Silly Admins...time to get some experience for those CompSci majors--fire them.

Re:The network administrators... (4, Informative)

Proaxiom (544639) | about 11 years ago | (#6755396)

It sounds like the firewall wasn't the problem. More like it came in over a VPN from a contractor's unsecured network.

Blaster got past a lot of firewalls that way.

Re:The network administrators... (0, Redundant)

TheZax (641389) | about 11 years ago | (#6755405)

Don't necessarily blame the firewall. Sure blocking certain ports from the Internet will stop direct connects from the Internet, but from what I've seen with MSBlast, SQL Slammer and such, is that they are brought in on laptops from home users, or possibly dialup or VPN users and such. Once on the inside, many networks have little to no security.

Re:The network administrators... (0, Insightful)

Ishin (671694) | about 11 years ago | (#6755293)

More like why were such uptime critical systems running windows at all?

Re:The network administrators... (1, Interesting)

ArmorFiend (151674) | about 11 years ago | (#6755347)

they should be so FIRED!

Our state's computer systems are only now recovering from that worm. These are boxes with career sysadmins. Keeping them secure is their job. WHY AREN'T THEY FIRED?

Re:The network administrators... (5, Funny)

warpSpeed (67927) | about 11 years ago | (#6755356)

...should be fired.

The MARC network admin should be tied to the tracks a la dudly doright (sp?). Hope that signal to switch the tracks gets though...damn... That'll learn ya for hooking an operational network to the 'net'.

Same with the power plant. Your office is now located in side the containment building. Do you think they would pay more attention to the network security?

Re:The network administrators... (4, Funny)

TopShelf (92521) | about 11 years ago | (#6755369)

Fired??? Nah, just put him in charge of hand-polishing the fuel rods or something...

Re:The network administrators... (-1, Troll)

Lumpy (12016) | about 11 years ago | (#6755372)

..should be fired. Why was the safety monitoring system on a nuclear power plant exposed, even indirectly, to the internet?

and why the hell is it running windows?

sorry but sopmething like that needs to be on something that is proven stable.

The engineers need to be beaten with large boards with nails in them.

put it on a good old proven UNIX, solaris or something else that is used in the mission critical world.

only complete idiots put important things like a nuclear power plant or a water treatment plant on a windows base.

Re:The network administrators... (0)

Anonymous Coward | about 11 years ago | (#6755440)

You'd put freaking UNIX in control of a nuclear power plant?

Re:The network administrators... (1, Funny)

Anonymous Coward | about 11 years ago | (#6755469)

No, OpenBSD. Running on a ZX81, I recall Clive Sinclair saying that you could use ZX81s to run Nuclear Power plants...

Re:The network administrators... (4, Insightful)

aridhol (112307) | about 11 years ago | (#6755442)

That brings up a good question. Doesn't software need to be certified before it can be used in nuclear applications? In fact, isn't one of the (many) disclaimers on most software (including Windows) "don't use this in a nuclear facility"?

Re:The network administrators... (3, Insightful)

eyeball (17206) | about 11 years ago | (#6755384)

Why was the safety monitoring system on a nuclear power plant exposed, even indirectly, to the internet?

It doesn't even necessarily take an indirect connection to the internet. If a virus is on a laptop that was connected to a public (or any infected network) like at home, then connected to a completely autonomous network, it can then infect that network.

Re:The network administrators... (1)

yiantsbro (550957) | about 11 years ago | (#6755439)

ummmm...that would be an indirect connection to the Internet. A system such as this should not allow for that.

Re:The network administrators... (4, Insightful)

aridhol (112307) | about 11 years ago | (#6755479)

Then why was the safety monitoring system exposed to the office network? In this case, the worm came in on a non-firewalled T-1 line from a contractor's network, and through there to the internet.

I would have suspected that there would be multiple layers of protection in front of critical systems like that. Even more, I would expect that safety regulations require these layers of protection. Of course, that would hurt the bottom line, so we can't have that happening :(

Re:The network administrators... (1, Redundant)

heidkamp (653609) | about 11 years ago | (#6755403)

Aren't these types of systems supposed to NOT be running Windows?

I'm pretty sure that Windows comes with a warning saying its not for air traffic control, nuclear plants, etc... so this may reach beyond "network guy incompetent - fire him" to "network guy criminally negligent - cane him"

Re:The network administrators... (3, Insightful)

Jaguar777 (189036) | about 11 years ago | (#6755404)

They don't have to be exposed to the internet. All it takes is one employee with a laptop that is used at work and at home.

Re:The network administrators... (1)

watzinaneihm (627119) | about 11 years ago | (#6755446)

A stupid , brainless worm which relies on blank scanning managed to get into the Internal network of a Nuclear powerplant.Similarly there was a report of a Halifax ATM being actually infected by the worm.
Imagine what a determined human intruder could do. All he has to really do is to setup a worm which actually sends out information about where it is and which is ready to take instructions from outside... World Domination!!!!

Re:The network administrators... (4, Funny)

rnd() (118781) | about 11 years ago | (#6755484)

You are absolutely right. It's a symptom of a heavily regulated industry (electricity, railroads) that they end up with a dumbass sysadmin.

Full and total deregulation would have likely prevented this from happening.

Re:The network administrators... (1)

bobthemuse (574400) | about 11 years ago | (#6755493)

If I remember correctly, the worm came in through a VPN, which had been established with a technical contractor. Their net was exposed and became infected. Makes you wonder who else might have ties to the internet that the admins aren't fully aware of....

ehhh??? redundancy & isolation?? (-1, Flamebait)

gl4ss (559668) | about 11 years ago | (#6755259)



hello??

you outsource building nuke plants to india too? no wonder they got their nukes developed.

So many morons (0)

Ilvatar (667201) | about 11 years ago | (#6755262)

Sysadmins of such networks really should block all ports except for the ones they really need. I don't even think they realise what the consequences of their lack of security can be! Shame on them!

Re:So many morons (0, Flamebait)

borgdows (599861) | about 11 years ago | (#6755269)

*real* sysadmin really should BAN Windows from critical systems like these!

Re:So many morons (0)

Ilvatar (667201) | about 11 years ago | (#6755406)

That too. Then again, a sysadmin using windows is hardly a sysadmin. I don't know about you, but I reserve the title sysadmin for people who administer systems.

Taken to the extreme! (3, Funny)

ealar dlanvuli (523604) | about 11 years ago | (#6755268)

This post could trigger a train of events, leading to NUCULEAR(sic) WAR, and the EXTERMINATION OF THE HUMAN RACE.

Then again, it probably won't.

Re:Taken to the extreme! (1)

trompete (651953) | about 11 years ago | (#6755437)

Well, if the plant were to reach meltdown, it would affect the US and Canada. I hope I never see the day when the Canadians come marching in to Michigan with their hockey sticks and whatnot.
But seriously, who would start a war over an unintentional nuclear disaster where the most damage was caused in the source country?

Wow. (3, Funny)

AbbyNormal (216235) | about 11 years ago | (#6755274)

Somebody needs to make a "Clean up virus" that turns the power back on and makes the trains go.

This could be big.

Thank God (4, Funny)

WTFmonkey (652603) | about 11 years ago | (#6755281)

they discovered that 30 square inch hole and the plant was shut down anyways...

What kind of engineer?? (4, Funny)

OffTheLip (636691) | about 11 years ago | (#6755284)

CSX decided that train engineers and systems engineers are the same thing. Look how much money they saved...

Re:What kind of engineer?? (2, Funny)

TedCheshireAcad (311748) | about 11 years ago | (#6755401)

Well...

class TrainEngineer extends Engineer{

...

class SystemsEngineer extends Engineer implements Geek{


Sorry about the Java ;)

Message from the men's bathroom at a steakhouse (-1)

JismTroll (588456) | about 11 years ago | (#6755286)

ATTENTION

Do not throw toothpicks
in the urinal
crabs can polevault

Software Disclaimer (4, Insightful)

jocks (56885) | about 11 years ago | (#6755295)

I think the fault here is with the moron that managed and accepted the software in the first place. One of the first disclaimers all software companies make is that they do not gauruntee that they are suitable for life threatening situations. Who accepted this software? Who speced it? Who supervised their work and ensured that they were competent people to manage this type of work?

The Horror (4, Informative)

ccZaphod (672824) | about 11 years ago | (#6755301)

It is horrifying that critical systems such as Nuclear (or Nucular as W. says) power plant safety systems have been compromized by rampant known issues with Microsoft Security I believe that it is worse that such critical systems are not better administered. Heads should roll in the IT department. This is also an indicator of how this Nuclear power plant has treated Homeland Security in general. Having such systems exposed to the internet is just plain negligent.

Blackout not that bad. (2, Funny)

niko9 (315647) | about 11 years ago | (#6755303)

Pfft!

Call me when that train is on a direct head on course with said power plant!

Now that is bad! ;)

Re:Blackout not that bad. (1)

niko9 (315647) | about 11 years ago | (#6755464)

Pfft!

Call me when that train is on a direct head on course with said power plant!

Now that is bad! ;)


No you idiot! It would be so much worse if Dr.Evil was in the first car of that train (as it's heading towards the nuclear power plant) screaming "Fricking laaaaaaaaaser!"

That, my friends, is bad.

It's comforting to know... (0, Troll)

grasshoppa (657393) | about 11 years ago | (#6755304)

..that there are retards in the world who keep me employed through there inability to do the job for which they were hired.

Re:It's comforting to know... (1)

WwonderLlama (512526) | about 11 years ago | (#6755402)

"Retards" and "there inability"?
"Where inability"?

ooooh.... "their inability" ....

Maybe you should board up your glass house before you start throwing stones.

MSFT vs WORLD (-1, Troll)

masouds (451077) | about 11 years ago | (#6755306)

Microsoft products are not to be trusted and put in the internet. If you want to connect them to net, please please put them behind a firewall. You can setup one with an old 486 system.
I am willing to take bets on when first lawsuit lands in court 'PEOPLE vs. MSFT' about this problem.

It's only a matter of time... (4, Interesting)

Tracy Reed (3563) | about 11 years ago | (#6755315)

...before someone really is killed due to M$'s negligence. Sure, one could argue that they should have applied patches and that it isn't M$'s fault but tell that to the jury. When surviving relatives see the potential for a profitable liability suit they are going to go after the biggest pockets and that is M$.

Is it going to take deaths to make MS liable? (0)

BigAlexK (398239) | about 11 years ago | (#6755316)

OK, what exactly IS it going to take before legislation is put in place that makes Microsoft particularly, and any other guilty parties, liable (indirectly is good enough for me) for the sh*t quality of their software?

How many people have to indirectly die as a result of MS crap products?

Answers on a postcard to your local Congressman...

Re:Is it going to take deaths to make MS liable? (4, Insightful)

InterruptDescriptorT (531083) | about 11 years ago | (#6755465)

I'd love to see what the Linux community would say if some intravenous drug pump running an embedded version of Linux had a bug that caused it to fail and kill a patient?

They'd probably cry, 'But we already released a fix! They didn't install this patch, and this patch, and this patch, and then recompiled.'

Don't blame the software companies for the "sh*t quality" of their software, as you say--blame the system administrator who didn't install the already-available fixes or patches. That by far is your guilty party right there.

WTF?!? (1)

imsabbel (611519) | about 11 years ago | (#6755321)

You are REALLY telling me a nuclear power plants internal network is connected to the internet without a firewall?
Or even worse, a employee can plug in his notebook and access mission citical systems?
What happened to access restrictions?

consequenses (0)

Anonymous Coward | about 11 years ago | (#6755322)

Maybe this will cause some pressure to be put on Microsoft to make sure thier products are secure.

What I don't get (4, Insightful)

Trailer Trash (60756) | about 11 years ago | (#6755323)

is why anybody still thinks that Windows is suitable for a production control environment. I can understand the pretty gui for someone's desktop, but (and I'm serious when I ask this) what kind of utter cretin would think to put Windows, or any Microsoft product, in a fucking nuclear power plant, completely un-fucking-protected from this sort of stuff?

It doesn't make sense. Use a Unix/Linux machine, make sure it has only the access level needed from the outside (maybe sshd running, maybe), and keep the thing patched.

Why is this rocket science? Why do people who are building nuke plants and rail lines not know any better?

Sorry for going off on a rant, but damn it, somebody needs to say it.

Re:What I don't get (5, Insightful)

GoofyBoy (44399) | about 11 years ago | (#6755415)

>Use a Unix/Linux machine, make sure it has only the access level needed from the outside (maybe sshd running, maybe), and keep the thing patched.

How is this any different from;

Use a Windows 2000 machine, make sure it has only the access level needed from the outside (maybe sshd or something similar running, maybe), and keep the thing patched.

If there was a Linux/Unix worm running around, couldn't the exact same situation happen?

Re:What I don't get (2, Insightful)

random_rabbit (647072) | about 11 years ago | (#6755445)

I think the control system manufacturers would advocate real-time OS systems to control nuclear plants and the like. They take a bit more than an "apt-get" to update, but at least there's someone to sue, should they fall over (which they do, every now and then)

Re:What I don't get (1)

watzinaneihm (627119) | about 11 years ago | (#6755482)

No the control equipment itself was probably not running windows. The network the equipment was on had a lot of Windows boxes too, which caused the worm to crash the Network . The article never says the "main box" was running windows. Atleast I hope so.
So a Linux/Unix machine will be of little help.

Re:What I don't get (1)

utexaspunk (527541) | about 11 years ago | (#6755489)

they do it because it's easy, thanks to OPC [opcfoundation.org] (OLE for Process Control). It's very popular for interfacing different computing platforms and control devices using Windows. Just get an OPC driver from the manufacturer of the PLC, analyzer, flow computer, etc. Maybe if there were a comparable Linux/other solution, and manufacturers supported it, the control systems engineers would use it. Until then, expect this kind of stuff...

Re:What I don't get (4, Insightful)

BigGar' (411008) | about 11 years ago | (#6755492)

is why the control computers for a nuke plant are even hooked up to the same network. I can understand the need for the systems to communicate, but for them to have a physical connection to the outside world, firewalled & patched or not, is just plain stupid.

hard to believe it took so long (1)

hedrush999 (585858) | about 11 years ago | (#6755325)

I cant believe that tit took so long for this virus to infiltrate these networks...you think the sysadmins would have known the had dodged the bullet, at least for a while, and patched the hole.

No firewall? Probably not. (4, Insightful)

IvyMike (178408) | about 11 years ago | (#6755326)

This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.

Actually, I suspect that someone unwittingly plugged an infected laptop into the network inside of the firewall.

Re:No firewall? Probably not. (2, Funny)

Basehart (633304) | about 11 years ago | (#6755463)

Most likely the laptop belonging to the guy who drops by every week to make sure the firewall is up and running.

On the bright side... (0)

Anonymous Coward | about 11 years ago | (#6755327)

It's nice to know my computer is a lot more secure than some nuclear power plants?

I guess thats (1)

The Old Burke (679901) | about 11 years ago | (#6755330)

...the price we have to pay in order to get cheap electricity.
If everyone would pay just 10% more each month, we would not have had this problem.
Personally I think the benefits of cheap electricity greatly outruns the downside with only a possibility for some hundred deaths each ten year.

Re:I guess thats (-1, Troll)

Anonymous Coward | about 11 years ago | (#6755448)

It's the price of the deregulation snake oil that the clinton era has been selling the public, and the lack of minimum reliability and accountability in power providers.

Terms of use? (0, Redundant)

jkujawa (56195) | about 11 years ago | (#6755332)

I was under the impression that the Microsoft terms of use specifically state that Windows isn't to be used in things like critical systems in nuclear plants, planes, etc.

I think that a monitoring system would definitely apply here.

Everyone on Slashdot would say that Windows was a bad idea for this ... but Microsoft would probably agree! Someone in charge of instrumentation at that plant needs to be downsized right quick.

Didn't "crash" the plant (5, Informative)

abcxyz (142455) | about 11 years ago | (#6755336)

That reactor had been down since February of 2002 due to a 6" hole in the reactor head.

Maybe it was a VPN problem (1, Insightful)

Anonymous Coward | about 11 years ago | (#6755337)

I know that my company was brought down by one careless user on the VPN. The user in question was working from home and had not followed the company instructions/policy for installing zonealarm pro. The result was that they were infected while working at home over the cable modem and the infection then spread rapidly through the company via the VPN.

-aelfweld

more info (5, Insightful)

blamanj (253811) | about 11 years ago | (#6755341)

I just submitted the same story, it will probably get rejected, so here's some more links:
The Washington Post is reporting [washingtonpost.com] that the Slammer worm crashed the computerized display panel which monitors the most crucial safety indicators (coolant systems, core temperature sensors, and external radiation sensors) at Ohio's Davis-Besse nuclear power [doe.gov] plant in January. No serious problems occured, primarily because the plant has been offline for more than 1-1/2 years.
Davis-Besse is run by FirstEnergy [firstenergycorp.com] , which many people feel may bear much of the responsibility [forbes.com] for last weeks power blackout.

This is not looking good... (5, Funny)

JohnGrahamCumming (684871) | about 11 years ago | (#6755345)

1. Worms infect Internet taking control of nuclear power stations and public transport
2. Japan announces 30 year program to build intelligent robots
3. New Scientist reports self-healing robots a reality, can survive battle damage
4. Arnold announces "I will go to Sacramento and I will clean house".

All I can say is that I hope the next /. story is about someone inventing 2 million sunblock or we're all going to have a really bad day.

John.

Blackout? (2, Interesting)

deepvoid (175028) | about 11 years ago | (#6755346)

There is a good chance that the worm also disabled systems normally used to switch power, or route around surges. Just a thought.

Someday hopefully reason will prevail... (2, Insightful)

motorsabbath (243336) | about 11 years ago | (#6755352)

... and people will stop using Windows in critical systems where failure can have catastrophic results. The only thing Windows does reliably is fail. Whoever decides to run a nuclear plant's safety monitoring system or a civil rail's monitoring and safety system on a Windows platform should be dragged into the street, shot, burned, pissed on, disemboweled and then hanged.

People are morons.

Speaking of the Blackout (4, Interesting)

dgenr8 (9462) | about 11 years ago | (#6755353)

Funny you should mention the Blackout. The timing DOES seem interesting. I wonder just what functions inside the electric utilities depend on Microsoft Windows. If it's good enough for the nuclear industry, would anyone be surprised if failure of a critical set of Windows systems were responsible for the Blackout?

You have worms! (1)

Chess_the_cat (653159) | about 11 years ago | (#6755354)

It's all fun and games until private computer networks at nuclear power plants have their safety monitoring systems disabled for nearly five hours.

Laptops breach firewalls (2)

GGardner (97375) | about 11 years ago | (#6755362)

I've seen networks with effective firewalls still just down by worms. Laptops are a very effective way to breach firewalls -- if a laptop user connects at home, or on the road without a firewall, and gets the worm, it is trivial to bring that same computer into work, and start spreading it behind the firewall.

Time to fire someone? (1)

random_rabbit (647072) | about 11 years ago | (#6755365)

Perhaps the network admins should have a chat to Ernie Ball, and ask him how this worm is affecting his business/reactor core.

Who is responsible (1)

Azureflare (645778) | about 11 years ago | (#6755366)

Who is responsible for these events? Microsoft, who allowed these security breaches through their code, or the people that wrote the worms themselves? Or maybe the sysadmins who didn't have firewalls installed?

Something needs to be done, to hold someone accountable. This can't keep happening. Microsoft can't keep saying "Oh, we're concentrating on security *snigger*." Either that or the worm writers need to be held accountable.

I find it incredible that people just seem to think there's no way of solving the situation, so just leave it as it is.

Oh well, at least I have my linux box, though I'm sure as many people say, if linux was more predominant, then we'd have our fair share of worms.

They probably have a firewall (0)

slash-tard (689130) | about 11 years ago | (#6755367)

But assume it will protect them from everything. Security is more then a firewall.

If a laptop user gets infected he can easily infect the coporate network.

Most networks I have seen have a firewall at the edge to protect from internet traffic but nothing to keep internal users from infecting internal production systems.

Why rely mission-critical systems on MS products? (1)

romcabrera (699616) | about 11 years ago | (#6755381)

That is the error really. What made these people think MS servers are trustworthy and reliable enough to take care or mission-critical systems?

Backups (1)

CaptBubba (696284) | about 11 years ago | (#6755390)

Good thing the plant had analog backups. I think this is a good indication why total reliance upon computers in some cases would be very bad. I wonder how "l33t" the person who wrote the virus would have felt if instead of hurting MS with a DOS attack, they killed hundreds of people in a train collision.

David-Besse Plant Problems (3, Informative)

SparafucileMan (544171) | about 11 years ago | (#6755391)

There have already been numerous security and maintenance problems with the David-Besse Nuclear Plant...the plant has come much closer to melting down before this stupid event. See http://www.ohiocitizen.org/campaigns/electric/nucf ront.html [ohiocitizen.org] .

Theory... (1)

Mr.Gibs (637393) | about 11 years ago | (#6755398)

So any conspiracy theorists out there want to come up with a theory about how hackers were able to kill the electrical grid in the northeast by tampering with one or a few power plants and causing the massive chain reaction???

Don't overreact (4, Insightful)

stratjakt (596332) | about 11 years ago | (#6755400)

Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters.

Thats why trains have human engineers and brakes. It's why people should use good judgement and observation. If you approach an intersection, and see that the traffic lights in all directions are green, use your head and stop, because something's wrong. Of course this is impossible, theres a mechanical failsafe that will make all lights blink red if that happened - making a 4 way stop, similar mechanical fallbacks are employed in the railroads. This is all besides the point.

Techies tend to overestimate the role of technology in day to day life. MARC was shut down more because the clerks were having a hard time selling tickets, since they cant do simple math in their heads.

Indemnification! (1)

Chmarr (18662) | about 11 years ago | (#6755412)

Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters.

Will Microsoft's new 'Indemnification push' cover the legal costs for something like this, I wonder? :)

Come on now (1)

konfoo (677366) | about 11 years ago | (#6755414)

The operative word is *a* safety system. I can't think of a single plant that relies 100% on 'computer' based monitoring and control. All have *multiple* redundant analog and manual measurement and control systems. What would really be cause for concern is if one of them announces to go 100% to computer-controlled monitoring/control/measurement.

The I.luv.when.things.go.kablooie worm? (1)

Chas (5144) | about 11 years ago | (#6755418)

A nuclear plant...

Wonderful!

Hope this REALLY scares the fuck out of people and makes them REALLY start taking notice.

At the same time, when I start thinking of "nuclear plant", "worm", and "system crash" in the same vein, I get a very nasty chill running down my spine.

*Checks to make sure tinfoil-lined jock-strap is in place to protect the "heirlooms".

Nobody ever got fired for choosing Microsoft... (2, Funny)

Synesthesiatic (679680) | about 11 years ago | (#6755420)

but the 120 mile crater in Ohio speaks for itself.

Railroad signalling affected? (2, Informative)

Pig Hogger (10379) | about 11 years ago | (#6755428)

This is higly unprobable.

Perhaps an accessory system was involved, but rail signalling involves quite proprietary and LOW-SPEED networking (on the order of 30 baud) on TOTALLY private wires.

Rail signalling was gradually developped over the last 150 years, and the earliest remote-control and automatic operations were developped almost 100 years ago.

From the onset, reduntancy and feedback was employed (for example, whenever a switch is automated, a separate sensor arm is attached to the switch points, as to monitor the exact switch position, as opposed as the switch motor actuating arm position), and the technology is extremely conservative (gravity-actuated relays with extremely big coils to pick-up the heavy armatures, contacts made out of special alloys that are guaranteed not to stick in case of arcing - why would they, they are overwhelmingly oversized for the current they carry- and the whole thing is mounted on heavy coil-springs to insure immunity to vibrations).

For compatibility purposes, whenever solid-state components are used, they are absolutely electrically compatible (and opto-isolated) with the older electromechanical relays.

And finally, everything runs on #8 gauge wire and the nominal voltage is 10 volts.

Such an overdesigned system can withstand quite a lot of punishment. So the idea of a worm bringing down signalling is laughable at best.

But if the suits insist on using a paperwork system that is vulnerable to worms, then, such lunacy can explain the outages...

Fail Safe (4, Interesting)

FTL (112112) | about 11 years ago | (#6755435)

> Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters.

No. Taken to the extreme, this exploitation could cause the train system to stop. Which is what it did.

Ever since the Victorian era, trains are designed to stop if there's a failure. That's what "fail safe" means, not that it is "safe from failure" but that "when it fails, it is safe".

For a simple example [fraser.name] , take a look at the _mechanical_ switching gear on the tracks behind my office. More modern electronic or computerised equipment is exactly the same in terms of how it reacts to failures.

Sometimes firewalls aren't enough. (2, Informative)

Trick (3648) | about 11 years ago | (#6755441)

From the submission: "This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked."

As most people who had to fight this worm already know, a firewall doesn't do you a whole lot of good if you have users with laptops who plug in at home, then bring in their infected PCs and plug them into your internal network.

I'm not saying there aren't still ways to prevent the spread of worms, but an internal infection is in no way proof that there's no firewall. In many cases, it's just a clueless PHB who refuses to let the IT department lock down his laptop or install a personal firewall on it.

Good Question (1)

crymeph0 (682581) | about 11 years ago | (#6755451)

From the Reg:

Jim Davis, director of operations at the Nuclear Energy Institute, an industry association, says those concerns are overblown. "If you break all the connections and allow no data to pass from anywhere to anywhere, you've got great security - but why'd you put the digital systems in the first place?," says Davis.

Yes, why are you putting digital systems in in the first place, if the price is laxer security?

Security in Post 9-11 (3, Insightful)

Prien715 (251944) | about 11 years ago | (#6755455)

I don't care if you're running MS, Linux, or FreeBSD. That damn port should've been firewalled and the software should've been patched. What's scary is imagining what could've happened if someone intentionally tried to hack the power plant. Some terrorist cell could cause a nuclear meltdown without ever setting foot in the US.

That was a bad conclusion (5, Insightful)

dbarclay10 (70443) | about 11 years ago | (#6755462)

his indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.

That is a silly conclusion to come to. Presumably they're also implying the same about the power grid.

I have first-hand experience with Ontario Hydro's IT nework (now Hydro One's IT network ;) and I gotta say - they have firewalls up the wazoo. And this is the problem. They rely on border security. However, on networks as large as the ones being discussed, border security doesn't cut it. There are too many entry vectors. People reading email, people browsing the web, and oh my god people with laptops - the pain the pain.

So before you go thinking "they aren't even taking precautions that would have saved them! Fire them!" understand that it's *exactly* that attitude which caused the networks to go down in the first place - the common misconception the a firewall is a magic wand that will solve all their ills.

Border security does NOT cut it when you run insecure software on the inside, boys and girls. And you can take that to the bank.

BSOD? (0, Redundant)

cjustus (601772) | about 11 years ago | (#6755470)

Kind of gives "Blue Screen of Death" a whole new spin, eh?

In other news.... (5, Funny)

smartin (942) | about 11 years ago | (#6755473)

Microsoft announced today that they are in talks to use Homer Simpson as a spokes person.

Blackout (1)

swtaarrs (640506) | about 11 years ago | (#6755475)

I was in Ontario during the blackout, and it was pretty miserable. Everything was closed, and all we had for light in my hotel room was a small candle and my GBA worm light. If the blackout is ever traced back to M$ is any way, that will probably be all I need to permanently switch to Linux (I dual boot Gentoo and XP right now).

uh! (0)

Anonymous Coward | about 11 years ago | (#6755480)

ok first why the hell is this system on the 'net! this is totally uncalled for, and no it shouldnt even be behind a firewall, thouse can be hacked 2! and if they need to transfer statistics it should be on a private network.

2) why isnt this running a custom linear os thats designed to just do one thing, and thats check vital signs..

bad guys (0, Flamebait)

neorf (223036) | about 11 years ago | (#6755486)

and i bet most of you linux-loving slashdot readers will read this story and think that microsoft are the bad guys here.

think again.

Bugtraq had a similar thread... (2, Interesting)

Saint Aardvark (159009) | about 11 years ago | (#6755496)

here [securityfocus.com] . Surprised this hasn't shown up on Slashdot yet.

Hire competent IT people... (0, Flamebait)

winkydink (650484) | about 11 years ago | (#6755504)

not some zit-stain who just graduated from a 6-month MCSE course

not some fat, smelly dweeb who thinks Linux is epitome of operating system evolution

not some idiotic bigot who starts ranting about how everything from Redmond sucks anytime somebody mentions the word Microsoft

...in short, hire clueful, open-minded people

Remarkable stupidity by the engineers (0)

Anonymous Coward | about 11 years ago | (#6755508)

It is impossible to overstate the stupidity of engineers who would use _any_ version of the Windows operating system to monitor operations at a nuclear power plant.

Wasn't Ohio also blamed for the blackout? (1)

192939495969798999 (58312) | about 11 years ago | (#6755511)

I would love to hear that Microsoft's little craphole on port 135 caused the big blackout of 2003, and that this plant was the key infectee.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>