02.11.09
Is Windows to Blame for Cracking of Federal Aviation Administration (FAA)?
SEVERAL MONTHS AGO we wrote about the disasters which the FAA had been experiencing, probably due to its reckless choice of Microsoft Windows. Now we’re witnessing planes that are being grounded due to similar problems (Microsoft denies this). But it may all be just be ’small potatoes’ compared to a crack of this scale, which the Associated Press wrongly characterises as “hacking”.
Hackers broke into the Federal Aviation Administration’s computer system last week, accessing the names and Social Security numbers of 45,000 employees and retirees.
Wonderful.
TechDirt has meanwhile gotten around to commenting on related news.
Unpatched, Virus-Infected Windows To Blame For Grounded French Fighter Pilots And Halt To Traffic Arrests In Houston
Reader Calvin sends in two separate stories of government institutions who apparently failed to patch their Windows machines to protect against the Conficker virus — despite the patch being available for many months. First, Houston police have stopped arresting people with outstanding traffic warrants and shut down the municipal court system for a few days to try to deal with their computer systems being overrun by the virus.
Whether a person is troubled by use of Windows or not, the side effects appear not only in billing (damage is compensated for collectively) but also in people’s E-mail. This is made possible owing to massive Windows-based botnets.
Virus authors are attempting to hoodwink unwary and lovestruck internet users with malware that poses as Valentine’s Day-related games and email greetings.
The hacker tactic is a familiar companion to annual holidays, such as Christmas, New Year’s Day and Valentine’s Day. McAfee reports that the Valentine’s Day spam links to URLs pushing the Waledac Trojan, a strain of malware that has copied many of its techniques and features from the infamous Storm Trojan.
Another side effect of these turbulent experiences is being combated by a victim of the very same botnets which it fights, namely DNS. IDG published this report:
OpenDNS has added a feature to its Domain Name System (DNS) services to fight a widespread worm, with help from Russian security company Kaspersky Lab.
OpenDNS has its own network of DNS servers that translate domain names into IP (Internet Protocol) addresses so, for example, Web sites can be displayed in a browser. The company says its system is faster than using the DNS servers run by ISPs (Internet service providers) and provides better protection against phishing as well as other features such as Web content filtering.
As far as Microsoft is concerned, there is no solution to this (not even Vista 7) and some people are meanwhile dying. This is totally preventable because secure platforms like GNU/Linux exist and are readily available. █
“[W]e’re not going to have products that are much more successful than Vista has been.”
“David Smith commented that Gartner will not bash MS if MS chooses to slip Vista.”
Needs Sunlight said,
February 11, 2009 at 12:14 pm
When there was a major, cascading power outage on the east coast of the US, Windows was initially implicated. For about a day, as events unfolded, it looked every hour more and more like Windows was at the bottom. Suddenly all discussion and investigation appeared to stop and no further coverage of the cause was provided afterwards.
So it’s not just now, during the recession that Gates has been putting salt on the wounds, he’s also been helping make the cuts, too.
Ty said,
February 11, 2009 at 10:23 pm
That reminds of of the less serious but similar story about my state government not allowing anyone in the government to go on Myspace or Facebook. NOT because it is a waste of time but because of an uptick in Windows viruses from the sites.
So instead of recommending that staff and officials get Linux or even get some Macs so the officials can post on their myspace and facebook pages, the IT security dept just wholesale blocked those sites and others!
Stupid in my opinion!
Quote:
“We realize that this may be an inconvenience and we apologize,” Office of Legislative Information Systems Director Michael Gaudiello wrote in a note to the affected parties. “But it is essential that the integrity of the Maryland General Assembly computer systems and facilities are protected.”
http://www.baltimoresun.com/news/local/politics/bal-te.facebook07feb07,0,1339786.story
“It puts the General Assembly in the Stone Age” Said Del. Christopher B. Shank (R-Washington).
“This is like China” Said Sen. James C. Rosapepe (D-Prince George’s).
http://mobile.washingtonpost.com/news.jsp?key=348270&rc=tech#___1__
Sad. People don’t learn.
Roy Schestowitz said,
February 11, 2009 at 10:30 pm
For similar reasons, USB devices are banned in some places.
Needs Sunlight said,
February 12, 2009 at 5:50 am
USB devices are only present anyway because Windows got into the infrastructure and makes it impossible to have networked file sharing. So it’s back to good old sneakernet, this time instead of 5.25″ floppies or even 3.5″ floppies its a dog-leash around the neck with a cluster of USB sticks.
It’s damage by M$ from multiple angles there.
Ban M$ products, and penalize the turds that deployed them, and you clear up 99% of today’s security problems. Of course that will mean a greater problem from web 2.0, but throw away all useless client-side scripting, flash and flash-like animations and you will clean up that vector as well.
For years everyone stayed away from client side scripting cause it sucked and was insecure. It still is both. Some say that the only reason web 2.0 is to compensate for the move away from the permeable M$ products and add holes.
Roy Schestowitz said,
February 12, 2009 at 6:35 am
What is “Web 2.0″ really?
Ian said,
February 12, 2009 at 1:00 pm
@Needs Sunlight
Are you serious, or just goofing around?
USB devices are only present anyway because Windows got into the infrastructure and makes it impossible to have networked file sharing.
Have you ever heard of CIFS or SMB or Samba or Windows shares or NFS or FTP or NCP? You do understand that you can transfer files over a network between two Windows boxes or a Windows box and a Linux box..right?
Ban M$ products, and penalize the turds that deployed them, and you clear up 99% of today’s security problems.
That’s an ignorant comment. Does Microsoft have a good history with security? Not really. Will everyone switching to Linux suddenly make admins impervious to leaving services turned on or not configuring firewalls correctly? Don’t make the mistake of thinking Linux boxes don’t get rooted.
Some say that the only reason web 2.0 is to compensate for the move away from the permeable M$ products and add holes.
That doesn’t make any sense. Web 2.0 is nothing more than an evolution of web design. It’s not a Microsoft thing, it’s not a Novell thing, it’s not a Linux thing, it’s not even a Google thing.
Look, you hate Microsoft. That’s fine. But don’t make things up.
Roy Schestowitz said,
February 12, 2009 at 1:28 pm
I think s/he was referring to escape from desktop-bound applications.