EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.09.09

U.S. Federal Aviation Administration (Windows Shop) Gets Cracked Again

Posted in Microsoft, Security, Windows at 6:34 am by Dr. Roy Schestowitz

Loading

Corollary: People may start caring about computer security not when businesses become less productive but when disaster eventually strikes

WE’VE already shown that the U.S. Federal Aviation Administration (FAA) is relying on a great deal of Windows [1, 2], so it’s not surprising to find it getting cracked again. From the news:

i. FAA admits problems with hackers

According to CNET, the US Federal Aviation Administration has admitted that hackers have broken into the air traffic control mission-support systems several times in recent years. In one case they managed to become ‘insiders’ to the network.

ii. Report: Hackers broke into FAA air traffic control systems

Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

Also in the news in recent days:

i. Researchers Release Bootkit Code Targeting Windows 7

Dubbed Vbootkit 2.0, the software was first presented by researchers Vipin Kumar and Nitin Kumar at the Hack In The Box security conference in Dubai in April. At the conference, the two researchers demonstrated how attackers could circumvent security features implemented in the kernel and gain control over Windows 7 (x64).

ii. Microsoft to patch ‘critical’ PowerPoint hole

Microsoft plans to patch a hole in its PowerPoint presentation program, the company said in an advanced bulletin that was notable because it contained only a single update.

iii. Botnet master hits the kill switch, takes down 100,000 PCs

Those behind the Zeus botnet recently decided to press the big red button, bluescreening 100,000 computers around the globe. Security experts aren’t sure why yet, although they have some ideas.

iv. Windows and Viruses – Made for each other

This is the screenshot of the cnet’s download.com which shows the most popular downloads for windows. The first five positions are taken by anti-virus software :-). Sadly there is no ‘Linux’ download section but ‘Mac’ has a place.

v. Microsoft ‘fixes’ its malware problem

Computerworld has an Microsoft WGA/WAT spokesman quoted as saying: “When we went out and talked to customers, we found that activation was the concept that resonated most strongly with them”.

The quote ends there, but may have ended: “…Like memories of the first time they were kicked in the groin.”

In any case, Microsoft’s draconian licensing enforcement ‘technology’ is malware by its own definition. And it’s forced on the user through EULAs of questionable legality.

There is no advantage to it for the user, only advantages for Microsoft. And renaming it won’t make it more attractive to users or any more palatable.

Maybe someday, smart users will stop buying software products that have a built-in remote off switch.

Name changes never resolve problems, except for perceptual problems.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

6 Comments

  1. Needs Sunlight said,

    May 9, 2009 at 7:11 am

    Gravatar

    Keep in mind, the FAA knows better and has experienced at least one Windows- based shutdown of the World’s eighth largest economy:

    http://www.techworld.com/opsys/news/index.cfm?newsid=2275

    http://www.securityfocus.com/news/9729

    http://www.ccsce.com/pdf/Numbers_CA_Rank.pdf

    FWIW, California is ranked just behind Italy.

    Roy Schestowitz Reply:

    Yes, it’s a Windows problem.

    The Los Angeles Times reported that the outage was the result of a worker neglecting to perform a monthly reset of a Windows-based control system, resulting in its automatic shutdown after 49.7 days of operation. A backup system also failed.

    Microsoft server crash nearly causes 800-plane pile-up

    twitter Reply:

    The FAA has made some tennative moves away from M$, but apparently has not made the jump to sanity. In 2006, they moved some servers to Red Hat. In 2007 they said no to Vista and considered dumping Windows completely for GNU/Linux. The FAA’s CIO, David Bowen, was quoted at the time about “business case” and problems with compatibility and continued availability of XP rather than security and freedom. He mentions security here but OS is not part of the discussion. A sane discussion would be about getting Windows out of airports entirely because a single compromised machine can do a lot of damage. Every airport I visit has M$ junk prominently placed, often with big error messages displayed instead of information. The FAA has the authority to fix this and should.

    When reading these stories, it is difficult to know if the incompetence comes from the reporter or the FAA. Bowen’s background is in economics and business which is decried, somewhat unfairly here. An older CV is published here. No mention of computing languages or development is made, which may be why it has taken him so long to see the value of free software despite managing so many computers over the last 25 years. He has a guilty hand in the health care mess, having come from Blue Shield. Still, we know how well managed most of the press is when it comes to M$ trash. It is no more surprising to find smears against anyone in power who considers moving to GNU/Linux than it is to find complete incompetents in power. At this point, competent people not only realize what a security disaster Windows is, they realize how it is designed to never properly interact with other systems. Competent people do what Lowes did, they migrate completely away and do so at once. Bowes has indicated he thinks this way, but it is impossible to tell through the reporting that I have found.

  2. ricardo nunes said,

    May 9, 2009 at 7:43 am

    Gravatar

    OSOR – The Swiss company Skysoft has started development of Albatross, a set of open source applications for air traffic controllers. The project’s website was unveiled on 16 March.

    The software will be published under a GNU Public Licence. The company has not yet decided which version of the GPL will be used.
    http://www.osor.eu/news/company-opens-development-airport-traffic-management-software

  3. Al said,

    May 12, 2009 at 1:54 am

    Gravatar

    It is the incompetence of the security and administration that causes theese problems everys single time. And you people think running open source is a good idea for these morons?? If they can not properly administer a Windows environment how the hell do you expect them to to deal with Linux or Unix??? Please tell me?? So the Windows bashing may be all well and good but let’s get the facts strait in any one of the cases like this you had incompetent people as the cause.. When a competent staff and sound policy is in place Windows is just as secure as Linux! Is it much more expensive? Yes … Does it offer the freedom? No…. But do not blame Windows for complete incompetence!!!!

    Hey we are talking about government here so incompetence is a given!!!

    Think about it the FAA is bueracracy and the follow the government model…

    Spend way more than neccessary… Hire any moron that is related or a friend the let them give their moron friends and relatives jobs… Next pay them entirely to much for doing far to little … After that let them take off whenever they want, throw in double time and a half holiday pay for every holiday possible…. Then when it goes wrong blame the taxypayers and corporations!!!

    Yet so many seem to embrace this idea shouting while they rob us blind knowing our taxes are going sky high in the future no matter what you make and yet we shout YES WE CAN…

    Give in to the Obama/Gates (General Electric,NBC,Microsoft) connection….

    Roy Schestowitz Reply:

    NBC ‘news’ is a wholly separate issue. :-)

What Else is New


  1. Links 2/6/2015: Black Lab Linux Releases, Krita Fundraiser

    Links for the day



  2. IRC Proceedings: May 17th - May 30th, 2015

    Many IRC logs



  3. Sharp Drop in Microsoft Patents, But Not in Patent Assaults, Coordinated Attacks on Android/Linux, and Googlebombing

    Using patent blackmail (antithetical to the original goal of patents) and other forms of blackmail, Microsoft is desperately trying to crush GNU/Linux and Android, all while Windows 'sales' fall and investors lose confidence



  4. EPO Reluctantly (and Privately) Confirms Giving Public Money for Military-connected 'Control Risks' to Spy on Journalists and Their Sources While Techrights is Under Fresh DDOS Attacks

    The EPO President -- or anyone who is referred to as 'appointing authority' -- finds himself even deeper in a scandal as he silently attacks the very same people whom he pretends to negotiate with by contracting spies from London (to maliciously target British journalists)



  5. Links 1/6/2015: wattOS R9, Tanglu 3

    Links for the day



  6. Supreme Failure: With SCOTUS Approval of Patent Trolls and a Push by Justice Department to Reinforce Copyright on APIs (at SCOTUS Level) the Future Looks Gloomy

    The patent system goes wild in terms of scope, the nature of the plaintiff (merely purchasing patents), and the extension of patents to monopolies on named APIs (by virtue of deranged interpretation of copyright law)



  7. McAfee Associates Free Software and Anonymity With Crime

    Insecurity firm McAfee, whose record on Free software is appalling (it is Windows-centric for its business), continues years of tradition by slinging mud at Tor



  8. The EPO Still Wastes Public Money on Publicity Stunts and 'Reputation Management' Campaigns

    The European Patent Office (EPO) is misusing public funds to manufacture self-congratulatory publicity for itself whilst attacking those who write negative commentary



  9. The Lessons of Stuxnet: Never Use Microsoft Windows

    Windows is sufficiently 'NSA-compatible' for remote compromise and physical damage (sabotage) to highly sensitive, high-risk equipment



  10. Links 30/5/2015: Wine 1.7.44, Berry Linux 1.20

    Links for the day



  11. White House Intervention Harms Android and Every Software Developer on the Planet

    US Solicitor General Donald Verrilli urges the Supreme Court (SCOTUS) to let APIs be covered by copyrights, rendering almost every program a potential copyright violation



  12. Microsoft Lobbying in India Shoots Down or At Least Weakens Free/Libre Software Policy

    Microsoft's covert efforts (lobbying with the help of public partners like NASSCOM) to eliminate an India-leaning software policy in India is finally paying off



  13. Propaganda Mode for UPC Agreement Whilst EPO Increasingly Grants Patents on Software

    In order to make the Unitary Patent a reality (towards a 'no place to hide' patent approach) misleading claims are being made



  14. Patents Are Not Source Code

    Ford is once again misleading regarding Open Source, mischievously associating a patent pledge with Open Source



  15. Links 29/5/2015: ALT Linux 7.0.5, Google I/O 2015

    Links for the day



  16. Links 28/5/2015: SourceForge Hijack, RIP Marco Pesenti Gritti

    Links for the day



  17. Censorship on Reddit Has Gotten (Condé) Nasty and Silent, Even Actively Silenced

    Condé Nast has turned Reddit into a platform of censorship after the acquisition



  18. The Supreme Court of the United States Helps Patent Trolls

    In an unforeseen kind of ruling, the same court which slapped down a lot of software patents last year is now legitimising the actions of a patent troll



  19. Patent Lawyers Fight Hard for the Future of Software Patents

    Media that is dominated by patent lawyers and targets an audience of patent lawyers refuses to accept the post-Alice reality



  20. Fortune Glorifies Patent Troll Jay Walker (Patent Utility)

    Jay Walker, a patent troll, creates a Web-based trolling/'licensing' service and the corporate media helps him



  21. Stealing Android's Thunder, Making It All About Apple and Microsoft During Google I/O

    Misleading articles and conjoined media/analyst attacks on Android coincide with Google's event where major Android announcements are being made



  22. British Government May be a Step Closer to GNU/Linux (on the Desktops, Not Just Servers)

    The British government stops paying the criminal company that blackmails its members, thereby increasing the possibility of complete escape from proprietary software



  23. Microsoft's Patent Allies LG and Sony Agree to Put Microsoft Inside Android

    LG and Sony (of Rockstar Consortium) follow Samsung and Dell in Microsoft's campaign to turn Android into 'Microsoft Android' using patents-induced pressure/leverage



  24. Yet Another Major Security Deficiency in UEFI

    UEFI is inherently insecure, more so than the alternatives which it strives to replace, including Free/libre ones



  25. Links 27/5/2015: Fedora 22 is Out, Mandriva Liquidated

    Links for the day



  26. Patent Scope at the EPO is Totally Out of Control, UPC Will Make Things Worse

    A look at the practical issues with the EPO, where patent scope and litigation scope have been vastly extended so as to benefit multinational corporations and possibly patent trolls



  27. Links 26/5/2015: Reviews of Kubuntu 15.04, Linux 4.1 RC5

    Links for the day



  28. Süddeutsche Zeitung Says Talking Helps While EPO Management Back-stabs Other Side of the Table

    German media gives the impression that there is peace and harmony now that Benoît Battistelli and his circle of power speaks to staff, but nothing is said about simultaneous (albeit covert) attacks against that staff



  29. Large Corporations Call the Shots in US Patent Reform

    A reminder of where we stand on the issue of patent 'reform' in the US and who is controlling or shaping it



  30. Microsoft Puts Proprietary Windows and Hyper-V Inside the Free Software-Centric OpenStack

    OpenStack, which celebrates rapid growth in this month's event in Canada, is facing a proprietarisation threat from Microsoft


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts