SoylentNews is people
SoylentNews
Recently launched and not yet operational, the HMS Queen Elizabeth's computers are running Windows XP.
The ship's officers defend this, claiming that the ship is secure, but the phrasing of their comments suggests that they really don't have a clue:
"It's not the system itself, of course, that's vulnerable, it's the security that surrounds it.
So the security is vulnerable?
"I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score."
Apparently, where you buy your computers makes Windows XP more secure:
"The ship is well designed and there has been a very, very stringent procurement train that has ensured we are less susceptible to cyber than most."
He added: "We are a very sanitised procurement train. I would say, compared to the NHS buying computers off the shelf, we are probably better than that. If you think more Nasa and less NHS you are probably in the right place."
Didn't they learn from recent events how even air-gapped computers can be compromised?
Also covered at The Register, The Times, and The Guardian.
(Score: 2) by KGIII on Wednesday June 28 2017, @08:25PM (2 children)
Not an issue so long as you control it. The same methods apply to all of them.
One exception, user access control. Pre-XP Windows will be less secure by default, as everyone is an administrator.
It all boils down to access, physical and networked.
"So long and thanks for all the fish."
(Score: 2) by NewNic on Wednesday June 28 2017, @08:56PM (1 child)
No, the same kernel-level protections do not apply to XP.
Someone once said something about this:
I wonder who?
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 3, Interesting) by KGIII on Wednesday June 28 2017, @11:23PM
Me. You're overlooking the basics. You can make XP as secure as any other OS. It even has the built in mechanisms.
This means controlling who has physical access and ensuring the data in and out are controlled. You may think that a more modern OS is somehow more secure but it really isn't. The biggest security risks are in the chair.
Yes, newer OSes have greater protection. No, that doesn't matter - if your goal is security. If you want secure, the user can't install anything. If you want secure, every packet is inspected and routed to only specific addresses. If you want secure, the actual computer is behind a locked door. If you want secure, the user can neither plug in anything nor change a single setting.
Anything less, is not secure. The root OS is insignificant, provided it has user access controls. A newer OS will provide you with greater security without doing those things. That is irrelevant. Without doing those things, you are inherently insecure.
Thus, as I have said; security is a process, not an application.
If you're curious, I used to employ people who gave talks at Defcon and have worked in secure environments with clearance. You can make XP as secure as you can 7, 8.1, 10, or even any flavor of Linux. If I can physically access your system, I own it - and you will not be any wiser for it. Do not let that happen, of security is your goal. If I have time to send malformed packets, I'm going to smash my way out of your virtualization and have escalated privileges. ASR? Chances are, your RAM is pretty well occupied, all I need to do is hop the stack and I now have access to control the memory.
And I'm not even a security professional. However, I've employed a whole lot of them. I've also dabbled quite a bit, but have no formal training.
Once again, control access and you can make XP as secure as 10. By thinking that 10 is more secure than it is, you open yourself up to a world of hurt. It is not if, but when, your data will leave your control. If you want secure, control access - physically and via the network, preferably air gapped. Anything less and you're largely playing a game of chance.
"So long and thanks for all the fish."