Re: Fw: [IP] Malware kills 154

2010-08-23 Thread Peter Gutmann
Perry E. Metzger pe...@piermont.com forwards:

 Authorities investigating the 2008 crash of Spanair flight 5022
 have discovered a central computer system used to monitor technical
 problems in the aircraft was infected with malware

 http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/?gt1=43001

Sigh, yet another attempt to use the dog ate my homework of computer
problems, if their fly-by-wire was Windows XP then they had bigger things to
worry about than malware.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Fw: [IP] Malware kills 154

2010-08-23 Thread John Levine
 Authorities investigating the 2008 crash of Spanair flight 5022
 have discovered a central computer system used to monitor technical
 problems in the aircraft was infected with malware
 
 http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/?gt1=43001

This was very poorly reported.  The malware was on a ground system that
wouldn't have provided realtime warnings of the configuration problem
that caused the plane to crash anyway.

R's,
John

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Fw: [IP] Malware kills 154

2010-08-23 Thread Thierry Moreau

Peter Gutmann wrote:

Perry E. Metzger pe...@piermont.com forwards:


Authorities investigating the 2008 crash of Spanair flight 5022
have discovered a central computer system used to monitor technical
problems in the aircraft was infected with malware

http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/?gt1=43001


Sigh, yet another attempt to use the dog ate my homework of computer
problems, if their fly-by-wire was Windows XP then they had bigger things to
worry about than malware.



FYI, avionics firmware/software is subject to RTCA DO-178b certification 
and fly-by-wire will inevitably require a level A certification which 
is quite demanding (i mean *QUITE*DEMANDING*) for software development 
process certification. There is no chance that an XP-based 
application/system would ever meet even the lower certification levels 
(but for the lowest one which corresponds to passenger entertainment 
systems).


Commercial avionics certification looks like the most demanding among 
industrial sectors requiring software certification (public 
transportation, high energy incl. nuclear, medical devices, government 
IT security in some countries, electronic payments, lottery and casino 
systems).


--
- Thierry Moreau

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Fw: [IP] Malware kills 154

2010-08-23 Thread John Ioannidis

On 8/23/2010 5:17 PM, Thierry Moreau wrote:



Commercial avionics certification looks like the most demanding among
industrial sectors requiring software certification (public
transportation, high energy incl. nuclear, medical devices, government
IT security in some countries, electronic payments, lottery and casino
systems).



I can't resist pointing out that electronic voting systems are not part 
of that list :(


/ji

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com