Posts by Brian 47

Makes me want to gleefully say....

"Suck it Apple!"

The Android growth line (if it holds) is appears to be worse than when Steve got pwned by Windows. Of course the Google twins aren't nearly as uber cool as Bill G was. Does anyone else ever ponder if Sergey and Larry tap fists and exlaim "Wonder Twin Powers Activate!"

This might have been a little harder to find physically than you might think?

OK, 3 weeks is a little protracted, but you can figure a few days before anyone even processed the original message warning about the infected IP. (I'm betting M$ gets a lot of "warnings" and just sifting through all of them for real issues is a challenge. Once you start processing a given message, you still have to actually validate that it is actually legitimate). Once you know something is legitimate, you have to give it to someone to actually chase it down - 2 devices in a company that probably has a couple hundred thousand machines - that's pretty freaking trivial.

Also, If this thing was some sort of ADSL router / user appliance it is pretty small. They may have struggled just to identify the physical location of the hardware. I mean they should have been able to trace it back to the specific managed switch above it via the network. Of course once you know that specific switch, you have to locate it physically, which may be easier said than done in a building with a high density of network equipment. Once you identified the physical location of said switch and hopefully the associated physical port the devices were connected into, you stil have to trace it down to through any un-managed switches, network cabling, etc. (assuming there are no random wireless links thrown in there) - one bad installation contractor with a dyslexic technician and you have a cabling nightmare (I have experienced this first hand). Let's assume they get through all those hurdles fairly easily - have you guys ever seen a typical hardware testing lab? The guy looking for these pwnd devices likely didn't know what he was physically looking for - he just had an IP address. You could look over a small consumer device several times because you were thinking you were looking for a computer/workstation/server. (If you are a network admin used to managing Windows machines and you are looking for a malfunctioning "device" are you even thinking about a small consumer appliance running Linux?) Heck, that is of course assuming these units were even clearly visible in the testing lab - if they were small, their physical location could be obfuscated.

I'm betting 2 machines were a pretty minor worry in the grand scheme of things.

The control system isn't Windows...

A high level observation here - the actual control system is PLC (or PAC in the case of S7) based not "Windows-based" (which means a propretary OS running on industrially rated hardware. Only the operator and programming interfaces that are Windows based. A good PLC/PAC/DCS configuration is implemented that allows the system to operate without user interface in the event that the operator interface (potentially running on a Windows machine) were to crash. Most serious / dangerous systems also have manual control backups / safety systems (in case the PLC/PAC/DCS system fails).

The above point aside, the issues that we are talking about here - a highly skilled / knowledgeable group developing a clearly targeted, malicious worm/virus - are not "Windows" specific. It wouldn't matter what the interface system was - ALL of them have potential exploit opportunities...UNIX, QNX, LINUX, Windows, OSX, etc. - every single operating system you could select has potential vulnerabilities due to the complexities of producing a machine with a modern GUI, network stack, etc. The point here being, that whatever the control system and associated operating system used for the configuration/programming interface, the party responsible for financing this software would have found exploits. Mindlessly blaiming M$ and proclaiming the wonders of <insert favorite fanboy OS here> is being either naive or disingenuous.

Incidentally, for those of you who can not fathom why all of these vendors would have used Windows as a platform - All you need to understand the fundamental economics of software development for industry. 1) End-customers don't want to spend rediculous sums of cash for hardware. 2) Software development is expensive. Therefore, when most of these MFGs moved to Windows and away from the proprietary hardware they all used in the infancy of computing; they initially selected DOS and migrated to Windows for there programming software. Same thing for their GUI operator interfaces. They guys who based their system on UNIX either died or migrated because the cost of UNIX implementations were not cost competitive / attractive to customers. In this same timeframe, Apple was a joke, spiralling down and LINUX didn't really exist and/or wasn't reliable. (Nobody in their right mind would have developed on LINUX because you couldn't know if your particular flavor of LINUX was going to be around the following year - Actually a few people did try and many learned the hard way that the OS they developed under was too much of a moving target and/or disappeared on them). So, Windows was the ONLY logical choice based on the economics.

So the question is what should these companies do now. Do any of you really believe that there is an unexploitable OS out there? Stop being delusional. It wouldn't matter what the OS was, all of these systems are networked and software programmers are human - exploits will exist. The cost of moving code to a different OS would be pointless - there would be potential exploits on the new OS too - and the networking allows nice vectors for propogation.

Oh and before someone starts bitching again about networked control systems - expecting them to not be networked is pretty naive too. Plant operational staffs are smaller and smaller - the networking, associated data collection, and data analysis are necessary for operation under reducing staff levels. Why reduced staff? So that our electricity or latest widget or packaged food product is as cheap as possible to be as competitive as possible. Without increases in productivity, inflation would be a b and we all tend to select based on price - if you have two products on the shelf, both good, and one is cheaper - which one do you buy?

Where's the problem?

As far as I can tell legislation to keep drivers alert makes sense - motor vehicles can cause quite a bit of damage to other objects when they impact them - so you try to make sure that distracted drivers don't harm innocent bystanders, other motorists, etc.

On the other hand, the average pedestrian isn't going to do much damage if they walk into something. So I see legislation to "warn" them about the dangers of walking while sonically impared as something like legislation to prevent natural selection taking place? What the.....?!?!?!? Shouldn't pedestrians be able to exercise their God-given right to play traffic rhoulette?

FAIL because people should be allowed to get pwned by motor vehicles if they want to.