Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Another Linux "success story"

  • Subject: Re: Another Linux "success story"
  • From: "[H]omer" <spam@xxxxxxx>
  • Date: Tue, 03 Oct 2006 02:00:29 +0100
  • In-reply-to: <pan.2006.>
  • Newsgroups: comp.os.linux.advocacy
  • Openpgp: id=443DC67A; url=http://www.genesis-x.nildram.co.uk/filez/homer.asc
  • Organization: Slated.org
  • References: <1159809600.532397.84520@e3g2000cwe.googlegroups.com> <1159825699.420229.138870@b28g2000cwb.googlegroups.com> <pan.2006.>
  • User-agent: Thunderbird (X11/20060913)
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1163537
Meat Plow wrote:
> On Mon, 02 Oct 2006 14:48:19 -0700, Ramon F Herrera Has Frothed:
>> In January 2003, the power industry got a wake-up call.
>> An event in Ohio "illustrated how accessible and vulnerable SCADA
>> systems are at nuclear power plants," the SANS Institute's Paller
>> told a House subcommittee last fall.
>> He testified that a computer worm circulating on the Internet had
>> infected Microsoft database software used by a contractor at the
>> Davis-Besse nuclear plant near Toledo, Ohio.
>> Bypassed firewall

This is misleading FUD, taken out of context.

That phrase "Bypassed firewall" just sitting there with no context
looks doctored somehow; it's not even a sentence. Further research
explains why. Basically the lack of context is a deliberate attempt to
obfuscate the truth.

The *truth* is:

| The Slammer worm entered the Davis-Besse plant through a circuitous
| route. It began by penetrating the unsecured network of an unnamed
| Davis-Besse contractor, then squirmed through a T1 line bridging that
| network and Davis-Besse's corporate network. The T1 line,
| investigators later found, was one of multiple ingresses into
| Davis-Besse's business network that completely bypassed the plant's
| firewall, which was programmed to block the port Slammer used to
| spread.
| "This is in essence a backdoor from the Internet to the Corporate
| internal network that was not monitored by Corporate personnel,"
| reads the April NRC filing by FirstEnergy's Dale Wuokko. "[S]ome
| people in Corporate's Network Services department were aware of this
| T1 connection and some were not."
| Users noticed slow performance on Davis-Besse's business network at
| 9:00 a.m., Saturday, January 25th, at the same time Slammer began
| hitting networks around the world. From the business network, the
| worm spread to the plant network, where it found purchase in at least
| one unpatched Windows server. According to the reports, plant
| computer engineers hadn't installed the patch for the MS-SQL
| vulnerability that Slammer exploited. In fact, they didn't know there
| was a patch, which Microsoft released six months before Slammer
| struck.

 - http://www.securityfocus.com/news/6767

So a *Windows* worm used an *unsecured* line to attack *Windows*
machines. It wasn't the *worm* that "bypassed" the firewall, it was
the *T1* line that *wasn't firewalled*.

> And the firewall was Linux based.

Irrelevant, since the T1 line was not covered by the firewall.

And where exactly in that article is the word "Linux"?

I'd say that whole article is just yet more evidence that deploying
Windows in mission critical environments is suicide.

http://slated.org - Slated, Rated & Blogged

| L.A. town is falling down, while the ground moves around.
| We won't let it get us down; we're Californians!
 - Animaniacs ( http://youtube.com/watch?v=XKcgTnfoM9Q )

Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.16-1.2133_FC5
 01:58:46 up 107 days,  2:15,  3 users,  load average: 0.61, 0.35, 0.31

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index