08.24.10
What Spanair Crash and BP Disaster Have in Common: Microsoft Windows in Alarm Systems
Summary: The alarm system mentioned in yesterday’s post almost definitely ran Windows, just like the one which failed BP and helped cause the Deepwater Horizon disaster
YESTERDAY we wrote about the Spanair disaster, noting that it was almost certainly Windows’ fault. The alarm system did not work, so it had nothing to do with heavy workloads. Based on this new article which we found, it seems like the alerting software used Windows as an underlying platform, so no wonder it got knocked down by malware. In many ways, this is similar to what happened to BP some months ago. The alarm system, which was intended to prevent such major disasters that end up killing animals, people, and leaking over a million barrels of oil into the ocean, was a Windows-only application and it went into blue screens of death [1, 2, 3, 4].
According to today’s news, “Hacking toolkit publishes DLL hijacking exploit” [via]
The appearance Monday of exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications means hackers will probably start hammering on PCs shortly, security experts argued.
“Once it makes it into Metasploit, it doesn’t take much more to execute an attack,” said Andrew Storms, director of security operations for nCircle Security. “The hard part has already been done for [hackers].”
How long will it take for all alarm systems to abandon Microsoft Windows? Those who put Windows on such mission-critical systems should probably be prosecuted, if not for manslaughter then for willful negligence that caused many deaths. It’s not as though Microsoft’s poor security record is unknown, despite Microsoft hiding the full extent of this problem. █
twitter said,
August 24, 2010 at 11:20 pm
Here’s more implicating Microsoft in the Deepwater Horizon disaster.
While not quite the smoking gun that the bypassed BSoD alarm system, this is significant if the “hot stab” attempts were ongoing before the rig sank. It might be that the blowout preventer could have worked before the sinking sent chunks of pipe through it. There are credible reports of damage to the preventer before hand that made the later efforts fruitless, but we will never know because BP’s email and file sharing system were completely inadequate as are most big dumb company setups where Windows rules the desktop.
Every free software distribution overcomes these problems. OpenSSH, rsync and clients like grsync and konqueror make file transfer trivial and secure. Every free software distribution also comes with a wide range of excellent mail clients and servers. Finally, in a free software world, there’s little need to cap the size of email transfers, unless you have some kind of neolithic administration that worries more about “IP egress” than getting the job done …. that goes hand in hand with Microsoft deployment, no surprise.