I still think Blaster played a role in the blackout. Until someone shows evidence to the contrary, I will still stand by my opinion that M$ has no business anywhere near any critical infrastructure. Whether it be government or private.
Shannon Begin forwarded message: > From: Dan Ellis <[EMAIL PROTECTED]> > Date: December 10, 2003 8:08:41 PM CST > To: Worms Interest Group <[EMAIL PROTECTED]> > Subject: [worms] More infocon articles... > > > > Title: Internet worms and critical infrastructure > Source: news.com.com > Date Written: December 9, 2003 > Date Collected: December 10, 2003 > Bruce Schneier, chief technology officer of Counterpane Internet > Security, questions investigators' conclusion that the MSBlast worm did > not contribute to the August 14, 2003 blackout of the American > northeast. A November interim report by government and industry > officials investigating the blackout outlines a series of computer and > human failures that lead to the outage. At 2:14 pm, an alarm and > logging > system failed, preventing control room workers at FirstEnergy from > discovering the beginning of the blackout and reacting. Several remote > consoles failed at 2:20. The primary server that hosted the alarm > function failed at 2:41. A backup server picked up the alarm functions, > then failed at 2:54 pm. Control room workers were thus unaware both of > the mounting power transmission problems and the failure of the alert > systems, though computer staff were busy reacting to the failures. > Though the report found "no indication that worm/virus activity had a > significant effect on the power generation and delivery systems," Mr. > Schneier points out that the alarm computers failed as MSBlast was > crashing Windows machines all over North America. Though MSBlast may > not > have caused the blackout, the worm may have contributed to it by > crashing the alert systems. Researchers need to know what operating > systems the computers were running, and what if any network connections > they had. As more critical infrastructures are networked with > commercial > operating systems, such cascade failures may become more frequent. > > http://rss.com.com/2010-7343-5117862.html?tag=nefd_gutspro > > > Title: Flaw could unleash another Slammer > Source: news.com.com > Date Written: December 9, 2003 > Date Collected: December 10, 2003 > Researchers from Core Security Technologies warn computer users that a > recently patched flaw found in Microsoft Workstation could be exploited > by a rapid-spreading worm, similar to January 2003's SQL Slammer, which > spread throughout the Internet in just minutes. Proposed workarounds > for > the flaw would not adequately close the hole for such a worm to > exploit. > The possible worm could also target flaws in the Windows Messenger > service, exploited by the MSBlast worm in August of 2003. SQL Slammer > spread via the user datagram protocol (UDP), which does not require two > computers to establish a connection. This allowed the worm to broadcast > itself rather than target individual computers. Both Microsoft and Core > Security strongly urge users to apply the patch, which will close the > holes a worm might exploit. > > http://news.com.com/2100-7349_3-5118580.html?tag=nefd_top > Also - > http://www.eweek.com/article2/0,3959,1408899,00.asp? > kc=EWRSS03119TX1K0000594 > > > > -- > ------------------------------- > Dan Ellis > MITRE Infosec Eng/Scientist, Sr > work (703) 883-5807 > fax (703) 883-1397 > Shannon Roddy LIGO - Caltech 225.686.3106 (work) 225.933.7821 (cell) [EMAIL PROTECTED]
