back to article Let's play... Force off the power to someone else's datacenter systems

It would be relatively easy for miscreants to break into critical datacenter power management gear, shut off electricity supplies to multiple connected devices, and disrupt all kinds of services — from critical infrastructure to business applications — all at the press of a button. This claim was made by Trellix security …

  1. Anonymous Coward
    Anonymous Coward

    A backdoor, in reality

    " Use of hard-coded credentials"

    That's technically a backdoor for the company: They'll always have an access, client can't do anything about that.

    1. Anonymous Coward
      Anonymous Coward

      Re: A backdoor, in reality

      "Use of hard-coded credentials"

      What year is this? Are we sure we are in 2023?

      1. Marcelo Rodrigues
        Trollface

        Re: A backdoor, in reality

        ""Use of hard-coded credentials"

        What year is this? Are we sure we are in 2023?"

        Yes, hard coded passwords are SO 2171...

      2. Stuart Castle Silver badge

        Re: A backdoor, in reality

        It is 2023, and yes, we are still talking about hardcoded credentials. And that's before we even think about all the network attached stuff in the average data centre that's been there years, and is still in use, barely touched (let alone updated) because it just works, so it gets forgotten about.

  2. t245t Silver badge
    Terminator

    Jessica: It's like being stuck in Groundhog Day

    > It would be relatively easy for miscreants to break into critical datacenter power management gear, shut off electricity supplies to multiple connected devices, and disrupt all kinds of services — from critical infrastructure to business applications — all at the press of a button.

    Put your critical infrastructure behind a VPN running on embedded hardware.

    1. Paul Crawford Silver badge
      Facepalm

      Re: Jessica: It's like being stuck in Groundhog Day

      But! but! cloud!

      We must be able to access anything from anywhere by a web browser!

      What can possibly go wrong?

  3. Duncan Macdonald
    Mushroom

    Time for a simple cron job

    Turn the data center power off then on again every 30 seconds - and just see how long it takes to REALLY damage the data center equipment. My guess is less than 10 minutes before things break.

    Icon for the equipment after 30 minutes of power cycling ===========>

    1. Anonymous Coward
      Anonymous Coward

      Re: Time for a simple cron job

      How about cycling the emetgency generators? What damage would that do?

      1. The man with a spanner

        Re: Time for a simple cron job

        The aim I would guess would be to corrupt as much data as possible, trash the hardware and if you are luck set the generators on fire.

    2. Anonymous Anti-ANC South African Coward Bronze badge
      Coat

      Re: Time for a simple cron job

      Simon? Is that you?

      Soical engineering users into powercycling their company equipment, and blowing up said company equipment is always a good one.

      Now, if somebody can do that to a datacenter... imagine what will happen should you need to get spares for a couple of servers all at once...

      ---> on my way to a datacenter to experience a datacenter getting bounced in real life

  4. b0llchit Silver badge
    Joke

    So hard, yet so simple

    In the beginning Security was created. This had made many people very angry and has been widely regarded as a bad move.

    There is a theory which states that if ever anyone discovers exactly how to find and how to patch every Security hole, computing as we know it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened.

    It is known that there are an infinite number of programs, simply because there is an infinite amount of code for them to be in. However, not every one of them contains security flaws. Therefore, there must be a finite number of security flaws. Any finite number divided by infinity is as near to nothing as makes no odds, so the average security flaw density of all the programs in the Universe can be said to be zero. From this it follows that the number of security flaws of the whole Universe is also zero, and that any security flaws you may meet from time to time are merely the products of a deranged imagination.

    1. IanRS

      Re: So hard, yet so simple

      It is said that any piece of software contains at least one bug, and can be optimised to be shorter by at least one CPU instruction. The conclusion is therefore that all software can be reduced to a single instruction, which does not work, so probably NOP.

  5. Will Godfrey Silver badge
    Facepalm

    Again?

    Is there anyone out there paying any attention to these things?

    Actually, this topic itself suggests the answer is NO.

  6. garbski

    21st Century - still 20th Century problems

    30+ years in IT trying to convince people that yes, it is possible for someone to get in the 'back door' and wreck havoc. So I proved it one day to the sysadmin by hacking onto his machine and saying 'Hi Ray' after he was going on and on about everything was locked down and secure (I worked remotely, of course). So at least after that, they listened to me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like