Kevin Poulsen, SecurityFocus 2003-08-19
The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned.
Colapse all |
Post comment
Slammer worm crashed Ohio nuke plant network
2003-08-20
JeiAr (1 replies)
JeiAr (1 replies)
Slammer worm crashed Ohio nuke plant network
2003-08-20
Dmitriy <maniac (at) angrycube (dot) com [email concealed]> (4 replies)
Dmitriy <maniac (at) angrycube (dot) com [email concealed]> (4 replies)
If Homer Simpson does work at that plant, I'd say that he is the System Administrator. Leaving servers unpatched like that is pretty sad, especially in a critical place like this. May this be another lesson to all (eventhough no one seems to learn anyway) - patch your systems!...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
Anonymous (1 replies)
Anonymous (1 replies)
Actually a nuclear power plant it about the last place I'd like to see adopt a patch-without-test policy! I think the knee-jerk reaction to automatically update patches works OK on home PCs, and can work in other scenarios as well.
I don?t know anyone who runs a ?mission critical? system that d...
[ more ] [ reply ]
I don?t know anyone who runs a ?mission critical? system that d...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-21
Anonymous System Administrator (1 replies)
Having maintained such systems, I can say that some vendors are very good about testing their products with patches and will advise and assist when critical patches are released.
Other (read: most) vendors are g-dawful, however. The software barely functions on an outdated version of the ope...
[ more ] [ reply ]
Anonymous System Administrator (1 replies)
Having maintained such systems, I can say that some vendors are very good about testing their products with patches and will advise and assist when critical patches are released.
Other (read: most) vendors are g-dawful, however. The software barely functions on an outdated version of the ope...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-24
Anonymous, System Administrator
Anonymous, System Administrator
I also find that the biggest problem facing the IT field, is the lack of RESPECT and communications.
I work in a large hospital, State run, that has NO knowledgable staff at all running their system. The Dept Head is a political appointee with a degree in STATISTICS. To add insult to injury, he i...
[ more ] [ reply ]
I work in a large hospital, State run, that has NO knowledgable staff at all running their system. The Dept Head is a political appointee with a degree in STATISTICS. To add insult to injury, he i...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-21
Anonymous (1 replies)
Anonymous (1 replies)
Slammer worm crashed Ohio nuke plant network
2003-08-22
Ryan Lambert (2 replies)
Ryan Lambert (2 replies)
Go ahead.
Migrate to Linux and forget about viruses. That's the same thing the people who got nailed by Slapper did....
[ more ] [ reply ]
Migrate to Linux and forget about viruses. That's the same thing the people who got nailed by Slapper did....
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-25
Anonymous Geek
Anonymous Geek
Try OpenBSD instead, I still wouldn't be 100% happy with RedHat or similar, unless I was confident I could rip the guts out of it.
Either way such mission critical systems should NEVER be run using Operating Systems which have as many holes as swiss cheese (you know who you are).
After more t...
[ more ] [ reply ]
Either way such mission critical systems should NEVER be run using Operating Systems which have as many holes as swiss cheese (you know who you are).
After more t...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
Anonymous (1 replies)
Anonymous (1 replies)
As usual, the author paints a story that it is unusual for there to be network connections that circumvent "the firewall".
While this is typical, a perimeter is a perimeter, and unless your neighbours are willing to harmonize policies on that common perimeter, your partners should be outside a p...
[ more ] [ reply ]
While this is typical, a perimeter is a perimeter, and unless your neighbours are willing to harmonize policies on that common perimeter, your partners should be outside a p...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
twigles
twigles
Agreed, partners should be treated identically to the internet as far as threat-level. They may get a few port openings or something but they are *not to be trusted*. This Jim Davis guy pisses me off by doing corporate PR spinning in such a dangerous field; this isn't some credit card number leak....
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
Anonymous (1 replies)
Anonymous (1 replies)
THis is further evvidence, that most likely the worm caused the blackout... also i hope this teaches stupid big companies to stop using M$ software, its a piece of shit for serious business. only desktop users should use m$ software cause of the games, entertainment etc. SWITCH TO *nix...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
Anonymous (1 replies)
Anonymous (1 replies)
It just scares me hearing microsoft and powerplant in the same sentence. Atleast if you do, be smart about it, use a firewall + ids + data integrity. There are plenty of options for running insecure software safely....
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
Homer (1 replies)
Homer (1 replies)
Slammer worm crashed Ohio nuke plant network
2003-08-20
Anonymous
Anonymous
Doesn't microsoft eula prevent using it's products on mission critical places like nuclear plants?
how about rerouting that war budget and fixing homeland security first.. imagine what if the plant had been operational.. there would've been another tschernobyl in ohio..
buckle up dorothy, kans...
[ more ] [ reply ]
how about rerouting that war budget and fixing homeland security first.. imagine what if the plant had been operational.. there would've been another tschernobyl in ohio..
buckle up dorothy, kans...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
Anonymous (1 replies)
Anonymous (1 replies)
I don't know what you have against Microsoft. I have to agree that the Windows 9x secries and earlier NT versions are terrible, but the Windows 2000 and 2003 series are very stable. The important point here is that no system is safe if the adminstrator does not handle it correctly. Let's not forg...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-21
Anonymous (1 replies)
Anonymous (1 replies)
I don't know what anyone else has against Microsoft but I can tell you what I have against them:
They are a software pirating company that is excellent at deceptive marketing practices (like calling Windows an OS) that is disguised as a big innovative software development company.
The reason t...
[ more ] [ reply ]
They are a software pirating company that is excellent at deceptive marketing practices (like calling Windows an OS) that is disguised as a big innovative software development company.
The reason t...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-27
Anonymous
Anonymous
I agree that it's not right for Microsoft to do that. But let me get back to my main point. Any system is secure behind a firewall, unless the firewall security is not managed correctly. In this scenario, that was the case. It doesn't matter what operating system is behind the firewall. A close...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-20
Anonymous
Anonymous
It appears the main problem in a mission critical environment like this is more related to HR hiring policies. If the IT people did not know about the T1, and left it unfiltered/monitored, then it would appear that they are hiring mere M$ trained technicians rather than properly trained and experie...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-21
mitchshrader
mitchshrader
A consultant* who does not KNOW, (INSIST to know, and INSIST on appropriate documentation of that knowledge) of potential security breaches by his own information access is incompetent, negligent, or both. In in potentially life-endangering task, it is that consultants' responsibility to ascertain t...
[ more ] [ reply ]
[ more ] [ reply ]
Where is the regulation of these people?
2003-08-21
Phylo (1 replies)
Phylo (1 replies)
None of the companys are going to do a thing to change the way that they do busness untill they find themselves regulated to do so. This will not happen unless the United States government has an major change in idiology as far as corprate regulation goes. The US government has embraced the Neo-Cons...
[ more ] [ reply ]
[ more ] [ reply ]
Where is the regulation of these people?
2003-08-25
Anonymous
Anonymous
"...this is not going to change unless there is a change in thinking among US leaders."
The current leaders think it's okay for hundreds of young Americans to die for Iraqi oil, and for millions of American citizens to suffer under bloated, crippling energy costs. They're not going to change the...
[ more ] [ reply ]
The current leaders think it's okay for hundreds of young Americans to die for Iraqi oil, and for millions of American citizens to suffer under bloated, crippling energy costs. They're not going to change the...
[ more ] [ reply ]
Unbelieveably Irresponsible
2003-08-21
Anonymous (1 replies)
Anonymous (1 replies)
First of all, why were critical monitoring systems on the same network that was used for Internet access (presumably email, web browsing, etc.)?
Second, a firewall does no good if there are other routes with no protection. All modems, leased lines, etc. should go through an approval process. Id...
[ more ] [ reply ]
Second, a firewall does no good if there are other routes with no protection. All modems, leased lines, etc. should go through an approval process. Id...
[ more ] [ reply ]
Unbelieveably Irresponsible
2003-08-21
Gallomimia (1 replies)
Gallomimia (1 replies)
True. Anyone who uses an Operating System on a computer that does anything with machinery at all should know what that OS does. Microsoft OS's are vulnerable as a newborn kitten without proper protection.
In addition to those steps I would implement software-firewalls with reporting on all comput...
[ more ] [ reply ]
In addition to those steps I would implement software-firewalls with reporting on all comput...
[ more ] [ reply ]
Unbelieveably inexperienced with these systems
2003-08-22
Anonymous System Administrator
It's really easy for you to comment about what should or should not have been done by the people at the N-plant. But it seems that none of you have actually worked with these systems.
(1) They are not home-grown but commercial systems, so you have little choice as to the operating system or da...
[ more ] [ reply ]
Anonymous System Administrator
It's really easy for you to comment about what should or should not have been done by the people at the N-plant. But it seems that none of you have actually worked with these systems.
(1) They are not home-grown but commercial systems, so you have little choice as to the operating system or da...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-21
Anonymous (1 replies)
Anonymous (1 replies)
When will the CEO's stop listening to M$ and start listening to the people who have to adminster the systems.
M$ does not belong in mission critical operations - not even on the desktop.
no gui's on mission critical server and firewall on every box that is mission critical.
Let see - what fits...
[ more ] [ reply ]
M$ does not belong in mission critical operations - not even on the desktop.
no gui's on mission critical server and firewall on every box that is mission critical.
Let see - what fits...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-21
Anonymous
Anonymous
I could not agree more. CEOs think it is about sys admin guys being jealous of Bill because they would like to be him.
With all the shit crashing everywhere on Windows, I don't care how much money you gave me, I WOULD NOT want to be Bill Gates, who is looking more and more like the next Bernard E...
[ more ] [ reply ]
With all the shit crashing everywhere on Windows, I don't care how much money you gave me, I WOULD NOT want to be Bill Gates, who is looking more and more like the next Bernard E...
[ more ] [ reply ]
MS Windows in a nuke plant?
2003-08-21
Ross Currie (1 replies)
Ross Currie (1 replies)
stupid, stupid, stupid.
Sure it's important to be properly firewalled.
But it's MORE important to not be running systems with critical flaws that need to be coddled and protected from other systems.
Systems like those described in this article should be running on BSD.
Or at the very least l...
[ more ] [ reply ]
Sure it's important to be properly firewalled.
But it's MORE important to not be running systems with critical flaws that need to be coddled and protected from other systems.
Systems like those described in this article should be running on BSD.
Or at the very least l...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-21
Anonymous (1 replies)
Anonymous (1 replies)
Have to agree with you. As the owner of a small computer shop where I have been fixin' for 18 years, I don't see how ANYONE can trust an MS product in a high-security function. The MS rush-to-market of new products is based on pure greed and speed, not quality. MS has NEVER produced a tight, high qu...
[ more ] [ reply ]
[ more ] [ reply ]
MS Windows && Powerplants
2003-08-22
Alex (2 replies)
Alex (2 replies)
Apparently nobody has heard about QNX... Or is it just "non-patriotic" to use a Canadian product in US powerplant...
MS Windows with more bugs than a city sewer is surely a solution here. The overall problem underlies in the management's position and honestly I would suggest to the management to m...
[ more ] [ reply ]
MS Windows with more bugs than a city sewer is surely a solution here. The overall problem underlies in the management's position and honestly I would suggest to the management to m...
[ more ] [ reply ]
MS Windows && Powerplants
2003-08-23
Anonymous
Anonymous
Well, I know a story of what did IBM engineers use in a nuclear power plant project in Ukraine (yes, Tschernobil is in Ukraine, but this is another story...). It was not UNIX nor Windows (I don't even consider linux in such environment) but merely QNX. None of the unices would sustain that mission c...
[ more ] [ reply ]
[ more ] [ reply ]
What they should have done if they weren't appallingly negligent
2003-09-01
Roger
Roger
Alex makes a good point in "MS Windows && Powerplants". A lot of people here are saying "they should have used Unix". While Unix would have been a much better choice, it is still marginal for mission critical tasks of this degree of sensitivity. Indeed, most if not all Unices come with a disclaimer ...
[ more ] [ reply ]
[ more ] [ reply ]
Microsoft Windows in Mission Critical Environments
2003-08-22
Ryan Lambert (8 replies)
Ryan Lambert (8 replies)
I tire of reading the posts about the "media and government are blind to the facts", Windows bashing. It's really getting old. And most of it is even untrue. Does anyone know why the first worm was created on Unix? It was honey. The most widely available system out there. Does anyone know why now th...
[ more ] [ reply ]
[ more ] [ reply ]
Real World Example
2003-08-23
Network Admin (1 replies)
Network Admin (1 replies)
I work at a power plant that has a digital control system, DCS (Distributed Control System), tied to the corporate LAN which is tied to the Internet. We of course have a firewall between the two networks; UNIX on both sides of the firewall (DCS is 100% UNIX), then it ties to the corp LAN, and then i...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Real World Example
2006-10-17
A Concerned Info Sec Pro
A Concerned Info Sec Pro
Please do not post information about your defensive strategy configurations! This kind of info fuels the reconnaissance and data harvesting of the bad guys! While not specific to the point of versions, etc... it is just NOT a good practice and can be VERY dangerous to your IS environment - and OUR ...
[ more ] [ reply ]
[ more ] [ reply ]
Microsoft Windows in Mission Critical Environments
2003-08-24
jerzy
jerzy
Your comment about the popular systems being the ones that draw the exploits is on the mark, but:
1. The first worm (Morris) was a long time ago, by definition in a climate when the threat was not understood, and UNIX was an OS geared more toward research than commercial environments; while
2....
[ more ] [ reply ]
1. The first worm (Morris) was a long time ago, by definition in a climate when the threat was not understood, and UNIX was an OS geared more toward research than commercial environments; while
2....
[ more ] [ reply ]
Microsoft Windows in Mission Critical Environments
2003-08-24
Anonymous
Amen Brother!!!
If you want an example of how STUPID users are, look at Sobig.F:
it SPREADS BECAUSE AND ONLY IDIOTS KEEP ON CLICKING ON ATTACHMENTS!
Have these morons been asleep for the past three years?
The only reason that we don't see e-mail worms for Unix machines is because there...
[ more ] [ reply ]
Anonymous
Amen Brother!!!
If you want an example of how STUPID users are, look at Sobig.F:
it SPREADS BECAUSE AND ONLY IDIOTS KEEP ON CLICKING ON ATTACHMENTS!
Have these morons been asleep for the past three years?
The only reason that we don't see e-mail worms for Unix machines is because there...
[ more ] [ reply ]
Microsoft Windows in Mission Critical Environments
2003-08-25
Anonymous
Anonymous
absolutely agreed upon.
there are (and shall be) more microsoft related worms coming out then any other because:
a. microsoft products are widely used and hence easy to target in order to effectively and rapidly affect large #s of hosts on the internet
b. the hatred against microsoft is another k...
[ more ] [ reply ]
there are (and shall be) more microsoft related worms coming out then any other because:
a. microsoft products are widely used and hence easy to target in order to effectively and rapidly affect large #s of hosts on the internet
b. the hatred against microsoft is another k...
[ more ] [ reply ]
Microsoft Windows in Mission Critical Environments
2003-08-27
Anonymous
Anonymous
So, what's your job, sysadmin ?
Patching and patching, whole day long, every week again and again...
What about the 'other' work ? If you buy a car, you can normally drive away in it immediately, and don't have to patch the holes in it whole the time.
I guess you do agree that this will infl...
[ more ] [ reply ]
Patching and patching, whole day long, every week again and again...
What about the 'other' work ? If you buy a car, you can normally drive away in it immediately, and don't have to patch the holes in it whole the time.
I guess you do agree that this will infl...
[ more ] [ reply ]
Microsoft Windows in Mission Critical Environments
2003-08-27
Anonymous
Anonymous
I agree with "stop using microsoft...and do your job properly."
I only design analog and OS-less digital systems.
They never get viruses, and they can even instantly recover
from a pile of screws dumped on the motherboard!
First there was the nice healthy typewriter...
then the teletype...
the...
[ more ] [ reply ]
I only design analog and OS-less digital systems.
They never get viruses, and they can even instantly recover
from a pile of screws dumped on the motherboard!
First there was the nice healthy typewriter...
then the teletype...
the...
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-23
Basil
Basil
I have to agree that Microsoft is not at fault here.(The patch was there 6 months ago) I use windows and also linux,solaris, and netware if any of these are left unpatched they can leave me open to just as much damage as an unpatched windows system. The hole that caused this problem was not an OS pr...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-25
Jason Webster
Jason Webster
Replicators, whether they be in software or the kind that infect real cells, need a predictable niche in which to operate. Viruses don't really make copies of themselves, they just push their instructions into a space where the host cell (or computer) executes them blindly. It takes a particular i...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2003-08-28
Anonymous
Anonymous
Well said Ryan. I am not a professional IT, but I do know that the person installing the product has more responsibility than just installing it. If you don't educate your operators on security issues, it won't matter what product you use. My installer taught me the "how, when, why, what for, and...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer Worm? Guess Again
2003-08-30
Anonymous
Anonymous
The Nuclear Regulatory Commission staff will hold one meeting on Thursday, August 15, in Lisle, Illinois, and two meetings on Tuesday, August 20, in Oak Harbor, Ohio, to review the status of activities at the Davis-Besse Nuclear Power Station as a result of the corrosion damage to the reactor vessel...
[ more ] [ reply ]
[ more ] [ reply ]
Slammer worm crashed Ohio nuke plant network
2007-05-19
mg (at) alienmicro (dot) com [email concealed]
mg (at) alienmicro (dot) com [email concealed]
Slammer worm crashed Ohio nuke plant network
2008-01-31
Anonymous
Anonymous
This report fails to note that no control over plant operations is provided by the computer system. The computers are only used for indication of system values (temps, pressures, etc). Side by side with these "hackable" displays are the analog indications which have been used since construction ie...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]