The virus, dubbed Stuxnet, is spread by devices plugged into USB computer ports. .... ]
(off-topic crosspost)
Cliff wrote:
Hmm. I wonder how many good paying jobs Siemens has outsourced/exported to India. Oh well.
that is a seriously dangerous development
If true no one should be surprised, Siemens control systems run on Micro $oft products.
it was forecast long ago that hackers/ terrorists will attack manufacturing through the computerized control systems- force a plant to shut down to either pay a blackmailer's fee or bring in it antivirus experts to clean their systems; altering part geometry that might cause a critical component to fail- the possibilities and potiential are almost endless
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Yup, the industry has had a decade to prepare. Many have, some have even jettisoned Micro$oft.
this is not a microsoft problem - you put a program on a machine and allow me access, I'll change it. There is no reason that any USB port on any production machine should be open. There is no reason that any production facility should have a pathway to the internet - there should always be an air gap. The simplest possible security practices completely eliminate this threat
not just usb ports; some shops are using wireless networking
using wireless is asking for trouble. using wireless with weak or no encryption is guaranteeing trouble
Energy providers *require* internet connection.
I also challenge you to hack an OpenBSD system.
Even with a user account.
wireless is important for shops with many machines on numerous different parts; wired brings in a whole host of networking problems caused by rf; also robots are helping to move stuff around too - I know of one shop hereabouts that has gone this direction. even at home my desktop cnc is running off a laptop with wireless network which I use to transfer my programs; even just at home I have too many LAN cables requirements that necessitate wireless. wireless is easier for IT to deal with than copper.
">> >> > --
of course wireless is easier, so is not having locks on the door - but both leave you open to intrusion - wireless can be secure, but many folks don't take the time to do so - as for RFI or EMI - wired includes fiber cable, and that is pretty immune to RFI. Certainly if you are running a wireless network, I'd configure the security so that only computers already known to you have access to the network.
Industrial control systems like those that manage water, sewer, electric infrastructure.
Yup. Rule one of security "deny them access".
Hell, my engineers don't want my assembly cells connected to the corporate network. Do you have any idea how disruptive it is when some pin head at corporate decides to push out a patch to a system running production? I had a cell a few years ago that died every patch tuesday at 11:50 PM. Updating a winbox while programming asics isn't a great idea. Nor is it a great idea when testing the performance of said asics in the next station using another winbox.
Here is another corporate brain storm. PC's used to access the corporate network must have a screen saver installed with a corporate mandated timeout value. Really sucks when the PC is connected to air gaging and the operator has to do the mouse shake to gage parts after he can see the screen again. LCD screens, how much are they saving? We got the microsoft windows crawly thing going on so even the backlight is powered up.
We can't get that one changed. They have software that enforces corporate registry settings.
Wes
-- "Additionally as a security officer, I carry a gun to protect government officials but my life isn't worth protecting at home in their eyes." Dick Anthony Heller
Might not a virus spread even easier & faster that way? Depends on handshaking protoclls suppose .. do you have a secret or encrypted one? IIRC the first IP address to reply that it IS that specific IP gets the traffic (& cable TV networks are easy to abuse if the forged IP is upstream of the real one).
that is why you don't do it by IP address - you use the MAC address - when I said "computer known to you" I specifically DID NOT mean an IP address
And when, exactly, were all the protocalls & standards changed? Defined?
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.