×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Cyberattack On German Steel Factory Causes 'Massive Damage'

omglolbah Re:What took them so long? (212 comments)

Virtually all oil and gas rigs in the North Sea are connected (through firewalls of course) to the corporate office network.

Most of them are now moving to "Integrated Operations" which is a buzzword they came up with for "remote control room and maintenance" where the network is extended to vendor locations so that we do not have to send people out to the rig to look at stuff. We just call the rig and ask them to open the 'gate' so to speak and we get full raw network access to the secure network from a dedicated switch at our offices.
This is of course all tunneled across the internet... *sigh*

It is going to go horribly wrong at some point, I just hope I am on-shore when it happens.....

5 days ago
top

Cyberattack On German Steel Factory Causes 'Massive Damage'

omglolbah Re: What took them so long? (212 comments)

A safety valve -should- go into a safe position when power is lost. Virtually all such valves will be hydraulic anyway (at least in the oil/gas business where I work anyway) and can be operated manually with stored pressure.
The issue in the case of the steel plant is knowing what a 'safe' state is for the valves. That requires a proper consequence analysis with a resulting "cause and effect" matrix for executing safe shutdown. It is tedious as fuck, and expensive as all hell, but mostly worth it. Alas people tend to overestimate the rarity of such events and go or the "save us a bit of money now" solution :(

5 days ago
top

Cyberattack On German Steel Factory Causes 'Massive Damage'

omglolbah Re:What took them so long? (212 comments)

With sufficiently 'annoying' security practices, people stop following them.

We were issued password-protect usd sticks for secure use at work, and a month later we got ones without passwords. Why?
People found the encrypted and protected sticks "too cumbersome" and just went out and bought a cheap 16 gig stick for themselves....

I bet the procedures will not be properly followed until one of the oil rigs get taken down. It pains me to know the issues and have zero ways to affect it....

5 days ago
top

Cyberattack On German Steel Factory Causes 'Massive Damage'

omglolbah Re:What took them so long? (212 comments)

Except things that we regularly bring to oil rigs and plug into the 'secure' side of the network: .xlsx and .docx files containing installation instructions and checklists .pdf files with 'red markups' of changed logic .exe files fetched from manufacturer websites with firmware upgrades
A ton of files in proprietary file formats we have no actual way to check the contents of other than trusting the software which created the files.

We essentially have to trust that McAfee and MS endpoint protection will keep stuff out... (office net scans with endpoint, secure side with mcafee)

It is far far faaaar from perfect, and the staff there make it less so by putting usb sticks on their KVM boxes so every time they hop from office->secure and back they re-mount the drives automatically... it is cringeworthy for sure, but nobody sees the issue, or they plain dont care.

5 days ago
top

Hackers Compromise ICANN, Access Zone File Data System

omglolbah Re:fire them (110 comments)

We have a document control system at work, it has grown to such a degree that adding a document is a 3 day process involving a document controller and various other tasks. If the document does not fit a corporate template it may get rejected.

At that point people tend to go "fuck it" and just send around work copies until it is finalized and THEN go through the hassle.

It is unfortunate, but I've seen it happen in two different companies so far... both multinational, both ignoring their own procedures for sensitive data.

about a week ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

omglolbah Re:CS players cheat? (224 comments)

And the next step is kernel module for anti-cheat.. *sigh*

about a month ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

omglolbah Re:CS players cheat? (224 comments)

That is what League of Legends does. The fact that servers send the client more information than it strictly needs is just silly.
Though generating 3d sound from players client-side would require positional data.. so it is a bit tricky

about a month ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

omglolbah Re:Valve does 1 "sweep" and so the fuck what? (224 comments)

VAC catches the people bad at it. Without it we would have a huge number of free hacks floating around. The ones being used now cost money, which limits the user-base somewhat at least.

about a month ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

omglolbah Re:Shocking (224 comments)

Valve has done a huge job in getting rid of those sorts of hacks. But this is and has always been a big arms race.

VAC did defeat most of this crud for quite a while, but there will always be people willing to create new hacks as long as there is money or 'lulz' involved.

Best we can really do is be vigilant and weed out those who ruin the game for the rest. Be it with hacks or just general asshatesque behavior.

about a month ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

omglolbah Re:Various hacking tools? (224 comments)

Wall-hacking and tracking stuff mostly. Since your client knows the location of all the players for the purpose of generating 3d sound etc you can extract that info. These hacks were distributed through steam workshop due to a flaw in that system, and were thought to be hidden from VAC.. until the bans hit ;)

about a month ago
top

Nearly 2,000 Chicago Flights Canceled After Worker Sets Fire At Radar Center

omglolbah Re:Backups? (223 comments)

"Load balancing" the work like that works nicely.. until you run at 90% load all the time, and you suddenly lose 15% of your capacity.

about 3 months ago
top

Say Goodbye To That Unwanted U2 Album

omglolbah Re:Downloading music for free? Scandelous! (323 comments)

If I buy something and have my library set to sync I am fine with the download.

If they decided to give me something like this, let me opt-in to the download.
Data is not free.

about 3 months ago
top

Can ISO 29119 Software Testing "Standard" Really Be a Standard?

omglolbah Re:Automated test in is a minimum (152 comments)

You would love the control system software we use at work... (world leading platform for the industry).

No revision control. You have 'current' revision. That is it.

Integrated code editor that has no syntax highlighting.

Patches to the system will break components that are not considered 'core'. Which forces updates of ALL components in the system. This has lead to bugs persisting at sites for years with no patch because nobody wants to fix bugs when it costs tens of millions of dollars to do so.

No automatic testing. Of anything. When we update a component everything has to be tested manually. Someone will sit for 2 weeks and check every state of GUI symbols for the whole HMI. Oh joy...

If you change ANYTHING in code, you can no longer connect to controllers to view live data. You need to do a download to the control with the code changes before live data can be observed. This means that as soon as you make changes, you lose the ability to view the old code running. There is no way to have both a 'online capable' version of the code and a changed codebase in the same control system. We operate two separate virtual environments and switch VLANs or just move a cat6 when testing...

This is for oil rig control systems. There is no automated testing of any kind, even for critical emergency shutdown systems. Every test is done manually.
The ESD systems are usually a complex matrix of casues and effects with hundreds of inputs, hundreds of outputs... This is all tested manually as the software does not support any reasonable simulation of the controller input/output systems.

Enjoy that little gem.

about 4 months ago
top

UK Computing Student Jailed After Failing To Hand Over Crypto Keys

omglolbah Re:Seems appropriate (353 comments)

How do you prove that you cannot remember something?

How do you prove that they destroyed it?

The issue here is that you have to prove your innocence, and there is no viable way to do so.

about 6 months ago
top

Industry-Wide Smartphone "Kill Switch" Closer To Reality

omglolbah Re:Yay for government!!! (139 comments)

The issue is that a lot of the phones stolen make their way out of those countries to a place where they CAN be used.

China is supposedly a big place to sell stolen phones (big shock).

about 8 months ago
top

oVirt 3.4 Means Management, VMs Can Live On the Same Machine

omglolbah Re:Still trying to wrap my head... (51 comments)

Well, one reason is when you have a vendor which does not support your system -at all- if you install any unauthorized software packages or even OS updates that have not been cleared.

At that point you want 'clean' VMs that follow the vendor spec exactly.

about 9 months ago
top

Full-Disclosure Security List Suspended Indefinitely

omglolbah Re:Nonsense. (162 comments)

Air gaps are fun.

Engineering workstation on the air-gapped system is connected to the same keyboard and monitor as an office machine.
Space constraints in the office on an oil rig.

The same engineer who went around pushing orange 'locks' in all the usb ports on the whole damn plant, including on the switches etc also created this gem.
Unlock the USb port on the KVM, add a usb stick. That way he could easily 'move files between the systems without looking for a stick'.....

You cannot fix stupid.

about 9 months ago
top

Blizzard To Sell Level 90 WoW Characters For $60

omglolbah Re:Wut? (253 comments)

Some players enjoy leveling, others do not.

about 10 months ago

Submissions

omglolbah hasn't submitted any stories.

Journals

omglolbah has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?