SoylentNews is people
SoylentNews
A derivative of Microsoft Windows ransonware, Wannacry, has hit a Boeing production plant in Charleston, South Carolina. An internal memo from Mike VanderWel, chief engineer of Boeing Commercial Airplane production engineering, warned that the company's production systems and airline software were "at risk".
Wannacry was based on Microsoft Windows' CVE 2017-0144 which is used in the EternalBlue exploit kit. EternalBlue was initially utilized in apparent coordination with Microsoft's long delay in patching. Despite massive media spin, Wannacry was found to have hit all recent versions of Microsoft Windows.
From:
The Verge: Boeing production plant hit with WannaCry ransomware attack
The New York Times: Boeing Possibly Hit by ‘WannaCry’ Malware Attack
The Daily Express: Vital Boeing computer network INFECTED with WannaCry VIRUS - is it safe to fly?.
Previously: UK Blames North Korea for WannaCry Attacks, Says NHS Didn't Follow Cybersecurity Guidelines
WannaCry Ransomware Attack Linked to North Korea by Symantec
(Score: 2) by Grishnakh on Thursday March 29 2018, @03:18PM (10 children)
What kind of moron uses Microsoft Windows on critical computing systems? They're getting exactly what they deserve. I hope they go out of business and get acquired by Airbus for pennies on the dollar.
(Score: 2) by Gaaark on Thursday March 29 2018, @03:21PM
And might I just add "Hahahaha hahahaha hahaha.....etc"
Window is a gaming platform at best. Critical systems? Idiots.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Informative) by Anonymous Coward on Thursday March 29 2018, @03:26PM (2 children)
Your boss and his golfing buddies do.
(Score: 2) by Hartree on Thursday March 29 2018, @04:36PM (1 child)
Are you implying Grishnak has a job? ;)
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @05:49PM
Of course not. In spite of it, he still has a boss.
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @04:43PM
i agree. they want to fund slaveware and be like the straw boss on the digital plantation, then they wannacry when they are the slave too. Too bad the people sleeping in the barn don't seem know about the digital underground railroad(FOSS).
(Score: 5, Funny) by bob_super on Thursday March 29 2018, @05:26PM (2 children)
Of all the companies out there, Boeing should be the most aware that the highest risk is when you close the air gap.
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @10:21PM (1 child)
Really? I'd think an airplane sitting on the ground would be fairly safe.
(Score: 2) by bob_super on Thursday March 29 2018, @10:45PM
Ignoring your skipping over the meaning of "when you close", even stopped on the ground can be unsafe:
https://en.wikipedia.org/wiki/Boeing_787_Dreamliner_battery_problems [wikipedia.org]
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @06:27PM
Quite right, they should have put it in the cloud. I put myself in the cloud and everything is serene and secure and perfect. Nothing can go wrong in the cloud.
(Score: 2) by turgid on Thursday March 29 2018, @08:58PM
There are many large companies with crazy IT policies. For example, many I have seen where people are developing software for Linux but their workstation is Windows because "that's the corporate standard" so they have something like cygwin installed and various flaky commercial products to provide things like X and they still use FTP because...
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Insightful) by Anonymous Coward on Thursday March 29 2018, @03:28PM (8 children)
... I have no idea why people use Windows for anything.
With billions of dollars of IP on the line, you'd think that these wealthy corporations would band together to developer an operating system that really appreciates security.
Then again, these wealthy corporations suck on Uncle Sam's golden teat. What do they care? They'll still have an income—they'll probably get a tax break for the losses.
(Score: 3, Insightful) by Nerdfest on Thursday March 29 2018, @04:47PM (5 children)
I will say it again. FOSS does not buy lunches or golf vacations.
(Score: 3, Informative) by Anonymous Coward on Thursday March 29 2018, @04:51PM (3 children)
I'll say it again, too: Engineers ain't getting those lunches or golf vacations, yet they are the ones responsible for getting actual work done.
If it weren't for their sniveling, shy, autistic nature, maybe they'd learn to say "No" to these know-nothing, extroverted, cocaine-snorting "executives".
(Score: 5, Touché) by Anonymous Coward on Thursday March 29 2018, @05:20PM
What's the maxim again? "Dog food isn't marketed to the dogs, it is marketed to their masters?"
(Score: 2) by Nerdfest on Thursday March 29 2018, @07:16PM
I know all too well how it works. The products used generally go against the wishes of developers, when talking about development products. I'd consider them pretty knowledgeable on the subject, yet here we are. Throw the word "enterprise" in print of it, add a couple of zeros and a support contract and break out the martinis. Not that I'm fucking bitter.
(Score: 2, Interesting) by anubi on Friday March 30 2018, @06:16AM
Been there... done that... didn't want the T-shirt... just plain disgusted.
This is how it works...
Engineer shows technical skills of seeing design flaws. If he's ethical, he is apt to be insubordinate if pressured to do it anyway. I mean what engineer in his right mind would design a bridge he knew was likely to fall down, just because someone else was ranking aesthetics above stress analysis?
The manager shows leadership skills of handling insubordinate engineers. An engineer stands up to a manager, he's now on the layoff list. A troublemaker.
Executives show organizational skills of fitting people's roles and corporate goals into an organizational structure.
And, at the very top, are the people who pay each level what they believe each level is worth.
Some really bad decisions get made when the people empowered to spend did not have to earn it themselves, instead chartered with the authority to demand funds from someone else. These people may have no use whatsoever for the good in the first place... the whole affair is nothing more than theater to transfer public wealth into private hands, legally, through tax law and disbursement channels.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Grishnakh on Thursday March 29 2018, @05:57PM
>I will say it again. FOSS does not buy lunches or golf vacations.
I don't know about golf vacations, but Red Hat is a multi-billion dollar corporation whose largest customer is the US Government, and whose FOSS products are used extensively in that government.
There is simply no excuse for using Windows for anything requiring security. Alternatives exist, and at least one of those has plenty of money for salespeople, marketing, etc., and even works with the NSA. (I don't think Boeing is too worried about being spied on by the USG, if you're thinking along those lines; they're a major defense contractor.)
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @07:02PM (1 child)
Can we leave these kind of comments to the other site?
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @07:40PM
What is it that bothers you so much?
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @04:02PM (4 children)
I'm surprised they didn't use any security paranoid system.
(Score: 4, Insightful) by DannyB on Thursday March 29 2018, @05:35PM (3 children)
Security is the enemy of convenience.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @06:12PM (2 children)
Not when your internal systems burned down. Perhaps this is horseshoe theory in action?
(Score: 2) by Azuma Hazuki on Thursday March 29 2018, @07:21PM (1 child)
No, this is what happens when jackoffs who think golf is a sport and cocaine is a food group think they know better than their engineers and developers. I say fuck 'em, serves 'em right, and as an earlier poster said, hope Airbus eats them alive.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Friday March 30 2018, @09:07AM
(Score: 2) by Justin Case on Thursday March 29 2018, @04:45PM (1 child)
Every time life-critical systems are discussed some apologist will pipe up and say "they're not your typical Ctrl-Alt-Delete jockeys; they know human lives are on the line so they do super professional work".
And why should we believe this? Ever? Anywhere?
(Score: 2) by turgid on Thursday March 29 2018, @09:00PM
Because THEY say so and THEY are Professionals(TM).
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Insightful) by DeathMonkey on Thursday March 29 2018, @05:20PM (3 children)
What made WannaCry so much more destructive, security experts discovered during last year’s outbreak, was that it employed an automated tool that was first developed at the National Security Agency and later dumped online in 2016 by mysterious hackers called the “Shadow Brokers.”
I know I'm preaching to the choir here but maybe the National Security Agency should focus on making the nation more secure?
(Score: 2) by DannyB on Thursday March 29 2018, @05:38PM (1 child)
I really don't think this rises to the level of a national security issue. Do you?
U.S. blames North Korea for 'WannaCry' cyber attack [reuters.com]
U.S. declares North Korea carried out massive WannaCry cyberattack [washingtonpost.com]
Cyber-attack: US and UK blame North Korea for WannaCry [bbc.com]
The lower I set my standards the more accomplishments I have.
(Score: 5, Touché) by DeathMonkey on Thursday March 29 2018, @05:52PM
It's like blaming the toddler for finding a loaded gun and shooting his brother.
(Score: 2) by Justin Case on Thursday March 29 2018, @09:34PM
Perhaps you misinterpreted the word "nation".
Hint: It is what the NSA protects.
(Score: 2) by SomeGuy on Thursday March 29 2018, @05:46PM (2 children)
So in other words, they were all running the absolute latest and greatest and were still vulnerable.
Because up to date + using HTTPS = Perfect security!
Duh.
People bitch and wine about Windows XP or old browsers, but remember: Whatever up-to-date OS you are using has security vulnerabilities RIGHT NOW. And there is good chance the bad guys already know about them. Don't believe me, come back in a year and see how many vulnerabilities get documented. (Right, but you won't care because you have moved on to an even more "up-to-date" system that still has security vulnerabilities but you just don't know about them, and besides the new thing-a-majig has even brighter bluer LEDs!)
It doesn't matter if you are running Windows Eleventeen or whatever, pretend that you are running Windows 95 and take extra security precautions.
Some of the follow up news after the City of Atlanta ransomware mentioned city employees were switching their computer to use public Wifi hotspots for internet access because the internal networks were shut down. My face is still bruised from the epic face palm.
(Score: 1) by anubi on Friday March 30 2018, @06:21AM
I have a system still running WIN95. It works perfectly... Why change it?
Still have the same garage door too.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Sunday April 01 2018, @05:52AM
While this creed certainly does have some merit as in new systems will have bugs too it's still crazy to use an OS that is so old that the bugs are public knowledge. In that case not only the richest criminal syndicates and national states can attack you but literally anybody in the world and their dog.
I agree about killing blue LEDs and defense in depth. Maybe don't real any news for awhile so your face gets to heal... :)
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @07:29PM (2 children)
A new variant of ransomware was renamed "WannaFly?" In related news, Betteridge's law of headlines replied with a definite "No!".
(Score: 2) by MostCynical on Thursday March 29 2018, @09:26PM (1 child)
Multibillion dollar company doesn't airgap production systems.
Likely because the software updates can't be distributed by CD or Portable hard drive (becuase the coders are too young to know how to do that, or like because "internet!")
Do they even have prod/dev/test/train anymore, or is everything "prod-and-hope-last-backup-worked"?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1) by anubi on Friday March 30 2018, @06:24AM
There was a day when code was code... now its a bunch of calls to blobs.
And I do not trust the blobs.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]