[cta@hcsin.net: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm']

newer
spam blacklists and lne CDR

older
earthstation 5

Eric Murray

15 Aug 2003 15 Aug '03

4:29 p.m.

Food for thought and grounds for further research: ----- Forwarded message from "Bernie, CTA" -----

Show replies by date

Harmon Seaver

15 Aug 15 Aug

7:49 p.m.

Somehow I have difficulty believing the these people could be so totally lame as to be running mission-critical stuff like this on windoze. Please say it isn't true. Is the military also now dependant on windoze? Bizarre, absolutely bizarre. And here I thought it was probably caused by people with potato guns firing tennis balls filled with concrete, attached to coils of wire cable, dropping them across the power lines and transformer stations. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com

John Young

8:29 p.m.

Are you suggesting the outage was caused by carbon filaments rocketed across transmission lines? If that was done at several points in the grid it would account for the various finger-pointing to incidents which are claimed to have started the usual-suspect "cascade" of the usual-suspect "antiquated" system that was "not supposed to fail but it did." Perhaps a re-inventory of the USAF's storehouse of BLU-114s is needed to double-check that story about lightning strike. Harmon Seaver wrote:

...

Somehow I have difficulty believing the these people could be so totally lame as to be running mission-critical stuff like this on windoze. Please say it isn't true. Is the military also now dependant on windoze? Bizarre, absolutely bizarre. And here I thought it was probably caused by people with potato guns firing tennis balls filled with concrete, attached to coils of wire cable, dropping them across the power lines and transformer stations.

Sunder

17 Aug 17 Aug

2:03 p.m.

New subject: [cta@hcsin.net: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm']

As you probably know by now, there was no lightnight strike and the failure did not start at Nigara. As for our city's reptile of a Mayor he claimed power would be back on in queens by 11pm. It wasn't on until 6am Friday. On Friday night there were still areas that were down in lower Manhattan. Certainly, I'd expect whatever FUD explanation to be most profitable to the NeoCONS to be the eventual reason for the outage, so they can push USPATRIOT V3.0.1 - the one where they add brown alert to the color scheme. Of course CON-Ed would say "Blame Canada." I expect nothing less. Did anyone catch the Shrubbya interview? I think it was on CNNFN or MSNBC or one of those neonews channels... The one where he was busy sweating in the sun's heat in his blue Armani dress shirt while, his face browned from the sun, playing golf. The one where he regurgitated what he had been spoon fed by his PR guys? At one instant he shrugged his shoulders as he said it's an old grid, and it will need to be fixed, and then he went back to golfing. Showing how much he cares about the plight of the east coast. More than likely I suspect the truth is that the grid is indeed outdated and something simply couldn't handle the load. Whenever politicians, and bureaucrats are involved, the outcome is the same: Chief Executive Asshole: "Why should we spend $X million to fix it? It's still running?" Techie: "Because it's running at 95% capacity, and any small spike will cause a big problem." CEA: "But it's been fine for the last 20 years, I'd rather keep the cash and give myself a bonus, and then lay off extraneous employees. We can outsource them to India." Techie: "It's outdated, it will collapse." CEA: "So what? When it does, if it does, we'll hit Uncle Sam for more money, meanwhile I have another yacht to purchase. In any case, it won't likely collapse while I'm still here, and I'll retire soon enough, not my problem... and don't let the door hit your ass on your way out. I don't want ass prints on my brand new gold plated door." ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Fri, 15 Aug 2003, John Young wrote:

...

Are you suggesting the outage was caused by carbon filaments rocketed across transmission lines? If that was done at several points in the grid it would account for the various finger-pointing to incidents which are claimed to have started the usual-suspect "cascade" of the usual-suspect "antiquated" system that was "not supposed to fail but it did."

Chris Kuethe

15 Aug 15 Aug

10:41 p.m.

On Fri, 15 Aug 2003, Harmon Seaver wrote:

...

Somehow I have difficulty believing the these people could be so totally lame as to be running mission-critical stuff like this on windoze. Please say it isn't true.

it's scary just how much mission-critical stuff runs on windows. i'll confess right now to being a unix zealot, so the thought of anything mission critical (beyond hotmail and freecell) on windows is scary. i know of some fairly large installations running control systems for power generation on windows. these same sites then give the vendors access to the system via vpn across the internet. sure there are firewalls, but i don't have faith in the long-term maintenance of the vendor sites.

...

Is the military also now dependant on windoze? Bizarre, absolutely bizarre. And here I thought it was probably caused by people with potato guns firing tennis balls filled with concrete, attached to coils of wire cable, dropping them across the power lines and transformer stations.

the power lines are certainly low-hanging fruit... CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?

Roy M. Silvernail

16 Aug 16 Aug

10:26 a.m.

New subject: [cta@hcsin.net: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm']

On Friday 15 August 2003 22:29, Chris Kuethe wrote:

...

On Fri, 15 Aug 2003, Harmon Seaver wrote:

...
Somehow I have difficulty believing the these people could be so totally lame as to be running mission-critical stuff like this on windoze. Please say it isn't true.

it's scary just how much mission-critical stuff runs on windows. i'll confess right now to being a unix zealot, so the thought of anything mission critical (beyond hotmail and freecell) on windows is scary.

It's not just the reliance on Windows that's scary. It's the mindset of the industrial controls industry, where the concept of security is percieved as a hassle for the end customer, and therefore something to be avoided. 10 years ago, I was developing a data collection and reporting program for the aircraft industry. The project suffered from creeping featurism, and one of the desired features was adding dialup data exchange, so the collection apps could send their data to a central location via modem. When I asked how much security was wanted on the dialup port, I was told that none was necessary because no one would ever attack the system, and anyway, the data were not interesting to outside parties. 10 years ago, perhaps that was an understandable position, though certainly naive. (I still put in a minimal challenge/response layer, if only to discourage the C-64 kids with wardiallers) A few weeks ago, I sat in on a meeting to talk over design of a TCP/IP Ethernet interface for an existing control system. When I asked what security provisions were envisioned for this interface, I was told that the system was not intended for deployment on publicly routed network segments, so there was no need for any security protocol.

...

i know of some fairly large installations running control systems for power generation on windows. these same sites then give the vendors access to the system via vpn across the internet. sure there are firewalls, but i don't have faith in the long-term maintenance of the vendor sites.

I've just returned from an extensive training seminar on OPC controls technology. The acronym stands for "OLE for Process Control", and it's a Microsoft-centric technology built on top of DCOM. Agt the lower end, OPC would let you control a PLC from Excel. Given the compressed schedule of the course (normally three weeks, it was compressed to two for our class) and my previous experiences, I didn't try to discuss security at all. But I noticed no authentication layer at all. Apparently, the security Microsoft natively provides for controlling DCOM traffic is all that such an application has available. And as far as I can tell, that would be none. I suppose I do get a bit of entertainment from the looks on the engineers' faces when I bring up threat models and attack scenarios. Most of them are indifferent. Some are confused. Some are annoyed. And one or two have understood the threat, but told me that I shouldn't talk to corporate about such things because it would make the sales force nervous. The reactions of sales droids (and even management) has been either dismissive (there is no threat) or hostile (I'm the threat). The most entertaining episode was back when UPS was first deploying their DIAD electronic clipboard, and I asked what steps were being taken to protect the signature data in transit. (There was no protection at all; the signature data were retained in the clear and could be dumped by any device that knew the protocol. I believe this is still the case.) That eventually produced a regional manager who visited the small company where I was employed. He was visibly irritated that anyone would even ask about such things, and answered every threat scenario I presented with "That would never happen!" He stalked off in a huff after I asked him how he would feel if his digitized signature, obtained legitimately when he received a package, were to appear at the bottom of an incriminating document faxed to his general manager. Ironically, several of my jobs have included IT duties along with my usual engineering tasks. Those same sales droids and engineers that scoffed at the need for security in their industrial controls applications came running to me frantically when their workstations became infected with SirCam or Klez. Security, as Schneier says, is a process. It's also a mindset, and I think one either has the mindset or he doesn't. And for those that don't have it, it is *very* difficult to impart.

Thomas Shaddack

17 Aug 17 Aug

2:01 a.m.

On Fri, 15 Aug 2003, Harmon Seaver wrote:

...

Somehow I have difficulty believing the these people could be so totally lame as to be running mission-critical stuff like this on windoze. Please say it isn't true.

The Microsoft salesmen know the coercive sales tactics. The clients' well-being isn't in their interest; their interest is only a new sale. Hence in their world Windows are suitable for just about everything. By exploiting psychological tricks, they are able to convince less technically capable personnel (eg, the management) about their system's alleged superiority. Not that different from eg. car dealers. A friend some time ago complained about having to ditch a Linux webserver because his company managers did some special deal with Microsoft which gave them substantially lower prices if they would run ALL systems exclusively on Windows. But I forgot the details.

...

Is the military also now dependant on windoze?

Some time ago there was a widely publicized incident with Windows NT controlling a battleship. After a crash the ship had to be towed to the port. From then it's known that NT is an acronym for Needs Towing.

...

Bizarre, absolutely bizarre.

And somehow entirely unsurprising.

...

And here I thought it was probably caused by people with potato guns firing tennis balls filled with concrete, attached to coils of wire cable, dropping them across the power lines and transformer stations.

The cable will vaporize at the moment the lightning from the power line hits it, or it will be too heavy to be brought up by anything reasonable. (You don't need even a full contact, getting it to the sparking distance is enough.) That will trigger the breakers and switch the line off for few seconds. But then the power will be switched on again. Then you need to short it the second time. The wire you used will vaporize as well, but the breakers won't switch back on for the second time, claim an error, and an inspection of the power line is required to find the shortcut cause before it can be switched back on, as the electronics then considers the short circuit to be permanent. (I hope I am right here.) Also be aware about the danger of the step voltage at the moment the lightning from the power line hits the ground - you don't want to be anywhere too close, so you will avoid the potato gun and resort to something safer, eg. a suitable rocket engine. In Colombia, the rebels routinely "dark" the cities by blowing up the high voltage masts. If the mast is in a difficult-to-access place, it can take days to build a replacement. There are thousands of miles of power lines, good part of them in less inhabited areas. It is extremely difficult to prevent this kind of attack. To add insult to injury, the adversary can get ahold of the map of the power transmission networks rather easily - they are in all kinds of sources, from tourist maps to maps for pilots, and one can get fairly good idea about the power feeds to a city by just driving around it with open eyes. Underground lines exist, but are more expensive, so they are quite unusual. However, I'd bet that this affair was a plain old Murphy-based cascade failure. On another note, a nice reading about the world of energetics is Arthur Hailey's "Overload".

Ben Laurie

27 Aug 27 Aug

9:11 a.m.

Eric Murray wrote:

...

Food for thought and grounds for further research:

----- Forwarded message from "Bernie, CTA" -----

Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: List-Post: mailto:bugtraq@securityfocus.com List-Help: mailto:bugtraq-help@securityfocus.com List-Unsubscribe: mailto:bugtraq-unsubscribe@securityfocus.com List-Subscribe: mailto:bugtraq-subscribe@securityfocus.com Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com From: "Bernie, CTA" Organization: HCSIN To: bugtraq@securityfocus.com Date: Fri, 15 Aug 2003 14:09:12 -0400 Subject: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm' Priority: normal In-reply-to: <1a6301c362b2$03178680$6401a8c0@satan> X-mailer: Pegasus Mail for Windows (v4.11)

It is ridiculous to accept that a lightning strike could knock out the grid, or the transmission system is over stressed. There are many redundant fault, limit and Voltage-Surge Protection safeguards and related instrumentation and switchgear installed at the distribution centers and sub stations along the Power Grid that would have tripped to prevent or otherwise divert such a major outage.

Yeah, ridiculous. So who remembers what caused the last major power outage in NY? (Hint: it wasn't _one_ lightning strike). -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff

Sunder

5:34 p.m.

New subject: [cta@hcsin.net: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm']

Indeed: http://www.villagevoice.com/issues/0334/barrett.php http://www.villagevoice.com/issues/0334/mondo1.php http://www.villagevoice.com/issues/0334/cotts.php ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Wed, 27 Aug 2003, Ben Laurie wrote:

...

Yeah, ridiculous. So who remembers what caused the last major power outage in NY? (Hint: it wasn't _one_ lightning strike).

7702

Age (days ago)

7714

Last active (days ago)

List overview

Download

8 comments

8 participants

participants (8)

Ben Laurie
Chris Kuethe
Eric Murray
Harmon Seaver
John Young
Roy M. Silvernail
Sunder
Thomas Shaddack