What a bungle... its a pity their 'pre-existing security measures' didnt stop the infection in the first place. This doesnt inspire confidence.
The Ministry of Defence confirmed today that it has suffered virus infections which have shut down "a small number" of MoD systems, most notably including admin networks aboard Royal Navy warships. The Navy computers infected are the NavyStar (N*) system, based on a server cabinet and cable-networked PCs on each warship and …
... before they are a past memory, if remembered at all.
"This meant that some people were without regular IT access (i.e. email, internet). There have been no infections detected on any networks with sensitive information. "
Crikey, you don't think the internet is a sensitive information network? Hello ... Wakey, Wakey, MOD spokesperson.
N* basically being the Admin and Office suite network rather than doing anything crucial to the running of a warship, essentially what you'd get in any company. Different ship's admins have different approaches to what you can do with the system, my favourite basically wouldn't let you use any removable media in any of the computers so it was impossible to get anything on the system without approval from him. A PITA sure, but it did the job.
That doesn't inspire confidence. Even if "windows for warships" is a totally separate system and not network connected to the other one (or the pron/lolcat/wibble delivery system often known as "the internet"), it's still being run by people who don't seem to have a grasp of basic computer security.
There has to be a virus called WoPR, Strangelove or SkyNet out there somewhere, just waiting for some Royal Navy moron to "turn it off and on again"
... that the military buffs said they can save money and time with this total Windows for Warships and was going to be headache free? Will they ever learn? I hope they use Linux for the Mail server with ClamAV to catch this pesky virus before it hits their critical systems and nuke an EU neighbor! This windows roll out should be put into a torpedo and used to infect the Somalia pirate ships instead of infecting the Royal Navy!
Creating another boat anchor one ship at a time with love from Bill Gates.
>Ah, that will be the ruggedized PC with a touch pad that they're expected to use in 20 metre waves.
Yes! ... I mean... NO!
Tried this on a military map/tracking system.
Is it really so difficult to install a USB trackball? Even when told repeatedly that touch pads really really don't work in an environment that is unstable in all three dimensons?
Try opening a menu and scrolling down to the option you want when your finger is repeatedly lifted and slammed into the pad. (Can't turn off just the click-functionality of the pad, oh no.)
There are no keyboard shortcuts.
Any wrong option chosen turns on some function that renders the map unviewable/cluttered, and is a PITA to turn off again. The option you want is on the bottom of the list, and if the cursor passes outside the menu, well then the menu disappears. Oh, and your're a little sea sick as well.
"@amanfromMars, Get new drugs. You're growing resistant to your current batch and are dangerously close to making sense." ..... By raving angry loony Posted Thursday 15th January 2009 17:49 GMT
Err, if you think making sense, raving angry loony, is dangerous might I suggest that your current drugs batch be ditched in favour of the one you imagine to be mine, although of course, with everyone being unique there is no guarantee that one size fits all or that works wonders for some will not floor another.
I am intrigued though to think on the bits which rendered it to you as nonsense as "dangerously close to making sense" would imply. Ah well, had a think and dismissed the thought as not making sense.
Considering the judgements and actions taken be those who would think that they are in Control, it is highly probable that they are taking drugs which they cannot control and which renders them victims to its chemical power/ hooked junkies thinking only of themselves and their survival at the expense of the Public Purse.
Is there a Random Drugs Screening regime in the Palace of Westminster or can any old Junk just crash out in there. And that is a question they really don't like being asked, so let's ask it anyway. They can always waffle their way through a reply and tell us nothing thus to confirm the suspicion and expose their contempt of their Employers/the Public they think to Screw with Taxes for Services which Others Deliver all too badly.
"I hope they use Linux for the Mail server with ClamAV to catch this pesky virus before it hits their critical systems and nuke an EU neighbor!"
No, a hacker will just use an as-yet unfound vulnerability in the Linux kernel.
The thing to remember with e-mail and AV is that a) You can never protect against stupid users and b) AV never detects every single infection.
AC because Linux fanboys are even more deluded then Mac ones.
It's not Windows for Warships that was affected... It was the admin network. So someone was probably downloading pr0n or something like that and infected their machine. Or picked up a virus the same way as anyone else does. The BMS (or whatever the navy term is for a battlefield management system) is completely seperate and isolated. Obiously.
Experience tells me that a virus is a very convenient scapegoat. Whenever a sysadmin does something stupid, it's much easier (easier on their careers, that is) to blame any damage on a mysterious, yet familiar and if we believe what we are told - ubiquitous, danger that infests every PC, all the time.
Almost always there is no-one, either on-board a warship, or in an office environment who is in a position to independently verify these claims. Nor can they get to the real root-cause. that makes it conveniently impossible to say if the "culprit" is a real virus, or merely carelessness or lack of ability on the part of those entrusted with keeping the stuff running.
Occam's razor would suggest that these systems are (hopefully) designed with the tightest security foremost, with up-to-date anti-virus, anti-malware and anti-intrusion layers. However they are still dependent on the same sys-admins who have only been on the same courses as everyone else and that this is the common element between failures on security hardened military systems and run-of-the-mill PCs found in every school, home and office.
Email with operational stuff has been sent across the civvy systems in the past when the secure systems have been down. Not ideal but better than no comms at all.
I personally would like to have heard that the cab contained a solaris box as the server and some windows pc's if they must dotted round to access it. But hey, this is DII and unix admins/ta's cost money and the consortium won on price rather than merit, so lets embrace microsoft regardless that the unix infrastructure was working fine...
The official line seems to be: ''It is only the email system, not the 'windows-for-warships command and control' so it doesn't really matter.''
It is only a matter of time before a file is transferred by hand (for perfectly good reasons) from the email to W4W system and infects that. Using MS Windows for critical miliraty systems should be considered sabotage and treason.
Apparently you don't get viruses on Macs (why has nobody risen to that challenge yet, I find it amazing) , they could edit the funny videos they have on it and then upload them to youtube.
WFW could lead to a whole new meaning to BSOD. I connected my USB laser guided missile to it and it launched everything we have at that little country over there.
Seems as if the Military have a Systemic Problem with Assymetric Networks of Countering Contrary Intelligence.
How very remiss of them not have an ESPecial Force to either Swat the IMPertinence [which would require them having the Knowledge to know what they are facing] or Develop ITs IMPudence [with those whom they might identify as causing or being capable of causing them Problems]
"no classified or personal data has been or will be at risk of compromise", is exactly what I would have expected them to say.
If, and I say if mission critical and or sensitive systems were compromised can one imagine the RN spokesperson stating:
"Yes, all our hardened and secure mission critical systems were infected. Classified and personal data has been compromised. We cannot tell which, or how much data has been packaged and transmitted to servers in Azerbaijan via key loggers the virus installed on our systems. Nor do we know how long the back doors the virus planted in our systems have been active".
I guess not.
"Or picked up a virus the same way as anyone else does."
BS. I've never had a single virus, trojan or malware on PC despite having precisely zero AV security measures in place. Want to know why? I run Linux.
If you install a totally compromised operating system (from a security point of view) like Windows you get whats coming. Perhaps you should use something other than Windows and then you'll find out why the rest of the computing world looks down on it and fires potshots at times like this.
Why would ANYONE in their right mind put ANY copy of the most INSECURE, UNSTABLE, UNTRUSTED, MOST VULNERABLE O/S, for ANY intended purpose, on ANY military vessel or aircraft in ANY country in the free world, instead of Linux, BSD, and/or Mac based computers.
And people wonder why "Military Intelligence" is an oxymoron! ;^)
I would love the opportunity to make a presentation to the Ministry of Defense as to why they have made such a foolish choice of technology, thereby potentially endangering the lives of every citizen in the UK, the US, and the rest of the free world!
"really a virus, or just plain stupidity"
By Pete Posted Friday 16th January 2009 09:30 GMT
- a viral stupidity.
"What those guys do is excellent, inspite of inventing cookies. Many Thanks to their free lessons. They let people read different stuff, e.g., like this one below:
"call from those who front each other but they the one shall be heard in waters seven whales shall pour their fountains at head and feet of goddess she will find pleasure relief will release the shield will cry her tears away meeting kiss of one was her beloved enemy will open herself for new life"
This msg is deciphered, pardon for poor input (-:
...when people piously claim "I've never had a virus"... really, well how the hell do you know that???
You may not have had overt malware that splatters icons and popups all over your desktop but really, tell me how you KNOW you've never had, for example, a keylogger? Because you had Norton? Because you ran Linux? Bots don't want to be found and good rootkits are extremely difficult to detect no matter what the AV vendors (or Chkrootkit or RKhunter) tell you.
There are no silver bullets, no-one who has a modern computer hooked up to the internet can say they are entirely _safe_. You have no idea how many zero day firewall / kernel / tcpip / torrent / browser hacks are out there waiting for you but going on last year alone it's enought to be worried about and you have no way to say for sure you haven't been compromised.
I run Linux but I'm not naive enough to claim it's unhackable like some do on here, it gets hacked all the time on webservers and many of those are supposedly hardened. All it takes is an out of date library, a weak ssh key, yada yada yada, same shit as it does on Windows and Mac.
without expressing angst towards fanboys. Surely they can be moderated out?
I guess a linux-based office solution COULD be made more secure, but this may well be more expensive, and sacrifices ease of use and integration.
Security can be measured in pounds and pence, even in the MoD. Do TCOs of Windows vs. Linux include cost of downtime due to Windows viruses, cost of data loss/theft/recovery, and any other impact due to viruses? Surely this is the bottom line?
To passionate indifference:
> I guess a linux-based office solution COULD be made
> more secure, but this may well be more expensive, and
> sacrifices ease of use and integration.
You need to learn a little more about Linux before post a comment such as this. I can download a copy of several Distro's (Distribution) of Linux (Debian, Fedora, CentOS, ...), all FREE of charge, and most are more secure "Out of the box", than Windows ever thought of being! Then if that is not secure enough for you, SELinux (Security Enhanced Linux) can be applied to the Distro, again at no charge. See: http://www.nsa.gov/research/selinux/index.shtml Other options are also available to increase the security of any Distro!
The TCO of Linux over Mickey$oft is VERY obvious to most people, unless you read and believe the FUD (Fear, Uncertainty, and Doubt) Mickey$oft and it's shills spew out daily!
Biting the hand that feeds IT © 1998–2021