On Apr 10, 11:26 pm, Erik Funkenbusch <e...@xxxxxxxxxxxxxxxxxxxxxx>
wrote:
> On Wed, 11 Apr 2007 03:04:40 +0100, Roy Schestowitz wrote:
> > Crash strike caution
> > ,----[ Quote ]
> >| If Microfot's Windows operating system crashes and gives you the "blue
> >| screen of death", it's a pain in the proverbial, but it's hardly
> >| life-threatening. In 1998, however, a United States Navy destroyer, the
> >| USS Yorktown, was left stranded and vulnerable when its Windows
> >| NT-based control system failed.
As Erik has posted, this is an old story, and the facts of the quote
aren't
exactly accurate. There have been several different accounts of the
story,
and several accounts were politically motivated.
Since that article was published, we've had:
Melissa
ILoveYou
NIMDA
Jane's Resume
Bagel
Sky
...
Current estimates is that there are nearly 250,000 viruses that are
capable of corrupting an unprotected computer. Antivirus software
attempts ot identify viruses that have been installed, after they have
been accepted. Many viruses are spread as attachements, which have to
be opened by the user. Some of the most virulant are spread as
ActiveX controls called by VBScript embedded in HTML that only needs
to be previewed in outlook to spread the virus.
Current estimates is that Windows Malware inflicts nearly $60 billion
per year in direct damages - actuall identifiable expenses directly
related to the failure and recovery, identity theft, and other
damages. Secondary damages, such as the hours of personal time trying
to clean up credit history, trying to recover lost data, trying to
back-up/recover files before they are corrupted, computers that become
incredibly slow due to malware that gobbles up 70% or more of the
processor or memory bandwidth, and other related damages, is estimated
at nearly $600 billion per year.
There have been estimates published by various sources that estimate
that anywhere from 80% to 95% of all PCs are infected by some form of
malware at least once a year.
There are some simple ways to reduce the risk of a virus:
Disable ActiveX controls on your browser.
Disable HTML Previewing in your e-mail.
Use Firefox instead of IE whenever possible.
Use Lotus Notes or Thunderbird instead of Outlook.
Use GAIM instead of Microsoft's Instant Messenger.
Use both external and internal firewalls.
Do not accept certificates or cross-certify with senders you don't
know.
Do not allow new Certificate Authorities unless they are your
employer.
Review certificates and certificates frequently.
Use a firewall on Windows - such as I-zone or Symantic (not
Microsoft's).
Use an external firewall/network router.
Always use encryption on WiFi.
Encrypt any password files or any other confidential files.
Get an external USB drive and back up ALL files at least once a month.
Back up personal files to USB driver and/or CD-ROM or DVD-ROM at least
once a week.
Use a versioning system such as CVS to back up critical files every
time they are altered.
Use Tortoise CVS. This will identify any file that has been altered,
with or without your knowledge.
Or you can just use Linux. Even though there are millions, possibly
even hundreds of millions of Linux systems
now deployed, the number of Linux systems that have been successfully
comprimized is very small. Typically, those machines that have been
successfully attacked have been configured in a manner that ignores
all warnings related to such configurations - and this was deliberate
change from the "default" configuration.
If you feel that you have been attacked, successfully or not, notify
your ISP ASAP. If they are using Unix or Linux systems to provide
your access, they can often track down the perpetrator.
> >| [...]
> >|
> >| In fact, such networking could be a security risk. Western nations are
> >| becoming increasingly vulnerable to cyber-attack from hostile nations,
> >| terrorist groups and criminal syndicates, and an increasing reliance in
> >| civilian technologies by intelligence and military agencies is having an
> >| adverse effect on national security.
> > `----
I have posted a few articles that have been purged by Google before
they were published,
because they included warnings about specific types of attacks. It
seems that DHS has
the right to censor posts to BBS boards, including google usenet
groups.
> >http://www.theage.com.au/news/security/crash-strike-caution/2007/04/0...
> > What O/S did Britain's nuclear subs choose to run again...?
> > Open source software is the only solution here. Visibility is trust.
> Man, this old hat never seems to die.
It dramatically illustrates something that most users have been aware
of for decades.
> First, it did not happen in 1998. It happened in 1997.
> Second, They did not send out tugs to tow it in to port,
Actually, they would have used tugs to bring it into port. This is
standard
operating procedure for ANY large ship as it is being guided through
the narrow channels and harbors to it's final docking point.
> the Yorktown had auxillary
> propulsion systems it used to return under power.
Yes. The navy still has manual overrides for almost everything.
That's why they still have the acoustical pipes, in addition to
elecronic and fiber-optic intercom systems. This is an endorsement of
the US Navy ship design, not Windows.
> Third, The incident was largely blown out of proportion due to misquoting by the Government
> Computer News magazine.
Actually, it shouldn't have been "leaked" at all. There was a very
rapid attempt to do damage control.
Most military equipment, especially new military equipment is
classified.
> Also, the Yorktown was running an out of date, and obsolete version of the
> SMCS software with the data safeguards deliberately disabled.
There seem to have been several different, and conflicting stories as
to the cause.
One account suggested that it was a "divide by zero" error.
Another suggested incompatible software.
This would have been Windows NT 4.0 Service pack 3.
NT 4.0 eventually reached Service pack 6 before it became obsolete.
Windows 2000 had a number of enhancements which improved performance
and reliability (incorporating many concepts from Unix), but
applications needed to be
rewritten using new Microsoft APIs to get that.
Windows 2003 with SQL Server 2005 has been much more successful and
much more reliable.
It's still not the PRIMARY database, but it's used to report FTSE
quotes which are collected from
the "real" trade server that feeds real-time quotes to an array of
Windows 2003/SQL Server 2005 databases.
The databases are then connected to IIS servers running .NET.
Microsoft is quite proud of it's accomplishement.
Meanwhile, the AMEX trading system is switching to Linux.
> http://www.gcn.com/print/17_32/33639-1.html?topic=news
> From that article:
>
> "NT played no role in the Yorktown¢s LAN crash, Baker said."
Again, this was part of the "damage control" that was orchestrated
a few days after the incident. Baker was an officer and wasn't even
on the ship. The initial incident was reported by a Chief - the guys
who actually "run the engine room".
> Further, the source of the story, Anthony DiGiorgio, claims he was
> misquoted and never said the things the author claims he said.
After the incident, the officers, all the way up to the admiral,
decided
that this was a classified incident. They can't confirm or deny
anything.
To do so would mean a 10 year prison sentence for public disclosure
of classified information.
> http://www.gcn.com/print/17_20/33292-1.html
Windows is still used by the military in some aspects of some
operations.
But then again, so is Linux and other Unix variants. Often the field
laptops being used by the ground units are running Windows. The
tactical computers used to monitor and coordinate those ground units
are usually running Linux and Unix.
The NSA has audited Linux and has a preferred configuration that
is "Secure but not too secure" and another that's "Too secure for
public use".
Microsoft loves to point at all of the potential frame buffer overrun
errors.
These are great academic exercises. Most are related to gets() and
strcpy()
and are only vulnerabilities if there has been no attempt at any
higher level
to prevent a bogus message (something with say, 10,000 characters,
none of which
can be a null or line feed), which might contain return values to
executable code
that could do something bad.
The problem is that Linux kernels themselves are recompiled, as are
most of the
libraries. The stack would be unpredictable at best. In most cases,
you would get
a "segmentation fault" which could result in a core dump. The core
dump could then
be used to trace the offending message back to the perpetrator.
One of the reasons that so few people mess with Linux is because you
have a much
better chance of getting caught, and spending time in Jail. Breaking
into a Linux
computer is a federal crime. The minimum penalty for computer
trespassing, if convicted,
is 5 years in federal prison, with no possibility of parole.
In most cases, the perpetrator's lawyer advises a plea bargain.
|
|
