OT: Stuxnet worm hit industrial PLC systems

game on that PC.

Simple. It was a poorly designed and implemented system.

Seeing as how Stuxnet attacks the Windows programming and control end of these systems, its another fine example of 'Redmond engineering'.

l A.

hael A.

net_worm_h...

setup,

happen of course,

icrosoft PC,

most COTS PCs for industrial use come with ports, dumbfuck. It only takes a committee of one to assess you as being the pompous, retarded, dated, old methodology mentality dipshit that you obviously are.

On a sunny day (Thu, 16 Sep 2010 15:12:40 -0400) it happened "Michael A. Terrell" wrote in :

You seem to have limited experience with big systems. It is quite common to have some PC with one or more monitors where the operators can see the process flow, and influence it. Not just simple drill, but for example control of a whole chemical plant.

Proof of the lack of meaningful, useful information and opinions when dealing with an outdated old fucktard.

Of course, he wants a half $M project to cost $10M and cause your energy rates to triple as a result of making a custom control machine instead of simply going with COTS like the mil and gov boys have done.

Guess what? They know more about it than the Terrell retard does too.

A committee of one is all it takes to shoot down the stupid assessments made by a stupid ass, hellbent and hellstuck in his retarded, stubborn ways.

That ass is you, Terrell.

Do YOU even know the difference between a modern PLC and a modern PC?

I know the difference between an intelligent community member and a complete pompous ass, like you, Terrell.

of course,

PC,

So you are still programming PLCs using front panel switches or paper tapes ?

course,

What could possess anyone to connect an industrial control unit to the freakin' internet?

Thanks, Rich

course,

Siemens PLCs.

The answer is so simple that people can't grasp it. Write your program on the PC. 2. Unplug the PC from the internet. 3. Plug the PC into the PLC and upload the program.

I mean, how DUH are people getting these days?

Thanks, Rich

PC,

So, who takes an unknown USB stick, and plugs it into the computer they use to program the PLC's?

Idiots should suffer the consequences of their own negligence - how else is anybody ever going to learn anything?

Thanks, Rich

game on that PC.

If I were the owner of the machinery, I'd have summarily fired them on the spot.

Good Luck! Rich

Microsoft PC,

I don't have a problem with USB sticks, the problem is that some idiot OS makers at Redmond insist of having autoplay/autorun selected by default.

Such stupid features enables criminals like Sony to install rootkits, when someone wants to play a legally obtained CD on a computer.

Though it is fairly simple to make a PC so that nothing can ever execute from mounting a USB stick, CD or DVD (and stupid to permit it). According to the article that is how Stuxnet propagates. Some places that are truly secure make it so that you cannot even mount them at all to avoid critical corporate data from going AWOL. Given that you can now carry multi GB of data out on something smaller than a postage stamp there is good reason for the security guys to be worried.

We have to hope that they never get control of something really toxic like a phosgene plant or something inclined to go whoosh like Bunsford.

Unfortunately the way the worm works to attack the PLCs is *exactly* the same as the mechanism used by world enemy #1. The unfortunate UK hacker McKinnon currently awaiting extradition to the US. He was looking for evidence UFOs on highly classified US military systems that still had their supervisor and engineering privileged passwords set to well known manufacturers defaults. It seems some people never learn.

For my money we should give him a job at GCHQ.

Never leave well known default passwords set on mission critical and secure systems. This is reminiscent of the Feynman and the safe with the nuclear bomb plans in (which also had manufacturers default codes). The solution they adopted (according to him) was to keep Feynman away from the safe - they didn't alter the safes open code!!!!

Any competent safe cracker would know those magic numbers...

Regards, Martin Brown

of course,

Microsoft PC,

No. There is no need for the computer to be connected to the outside world, once it's set up.

Yawn. That's why you NEVER have updates for Linux, isn't it?

Microsoft PC,

Unfortunately the effects of a chemical plant going bang due to control failure can be rather more far reaching.

In a corporate environment the fault lies with the systems people who were too dumb to disable this insane "feature" and so fuckwitted that they forgot to change the passwords on the PLCs from the manufacturers defaults. It is scary that the world is so full of mindless idiots.

The same problem afflicts the US military in spades. They are currently seeking the extradition of a UK guy for hacking their hopelessly insecure military systems when they should really be giving him a medal and shooting some of their own useless sysops.

Regards, Martin Brown

You seem to give consistently stupid replies. It isn't difficult to design the control system into a locked, ventilated cabinet that prevents access to the drives or any ports other than the keyboard or mouse. Any attempt to enter that cabinet shout set off alarms, and require the offender be fired.

On a sunny day (Thu, 16 Sep 2010 12:41:04 -0700) it happened Rich Grise wrote in :

That reminds me of something. Do you have a design for the mars trip too?

course,

Siemens PLCs.

Ladder logic vs C++ and Java.

John

Microsoft PC,

Cute trick: people program trojans onto memory sticks and drop them into the parking lots of target organizations.

John