Ahh... The classic windows is broken argument. The truth is, all operating systems are vulnerable. The problem is, everyone runs windows so that is where the focus is. If everyone ran bsd, i'd wager there would be more bsd vulnerabilities being published.

But, when i read this article, i see that the problem in _this case_ is not a windows box, but this PLC device, which probably isn't running any standard OS. This device malfunctioned, spewing forth large amounts of traffic. This traffic caused the drive controllers for the recirculation pumps to hang. This device also appears to not be running a standard OS. This is the true problem- these cobbled together solutions that do not know how to handle data it isn't expecting. From the article:

"What is happening in this marketplace is that vendors will build their own (network) stacks to make it cheaper," Peterson said. "And it works, but when (the device) gets anything that it didn't expect, it will gag."

So, keep bashing windows, but realize that in so doing, you are missing the true problem.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11465/34586#34586