Trojan-Infected Computer Linked To 2008 Spanair Crash 324
An anonymous reader writes "Two years ago, Spanair flight JK-5022 crashed shortly after takeoff in Madrid, killing 154 of its 172 passengers and crew. El Pais online newspaper reports that the ground computer responsible for triggering an alarm after three failures are reported in a plane failed to do so. The computer was infected with trojans (Google translation of Spanish original)."
Re:Shit. (Score:1, Insightful)
Windows (and all Microshit in general) should be strictly forbidden in every safety-critical application.
I put the blame on governments for not having done it so far. And in the media and taxpayers, for not pressing for it.
MS is evil, but there will always be evil people. It is the fault of the rest for not fighting tirelessly against them.
Re:What operating system was used? (Score:5, Insightful)
What? (Score:5, Insightful)
Who puts Windows on anything even remotely mission critical? If you could blame someone, it should be the person deciding that.
Re:What operating system was used? (Score:2, Insightful)
Re:Shit. (Score:1, Insightful)
We run critical stuff on Windows, they don't have access to the Internet. Deal with it.
Re:Shit. (Score:5, Insightful)
A result of employee loafing (Score:4, Insightful)
1970s:
"I'm sorry, our computers are down." (Reality: our employees are playing NET TREK and DUNGEON on a Friday afternoon.)
2000s:
"I'm sorry, our computer has a trojan." (Reality: our employees finally found an "unused" machine to surf porn, got loaded up with Russian malware, and now it's nobody's fault.)
Re:Shit. (Score:3, Insightful)
So, when... (Score:5, Insightful)
Re:Shit. (Score:4, Insightful)
they don't have access to the Internet.
Hopefully they don't have access to USB keyrings, flash drives, thumb drives and CD/DVD ROMS that have access to the internet, either...
Re:What operating system was used? (Score:3, Insightful)
Are you new to computing? How many Mac or Linux or BSD users do you know who have ever gotten a trojan infection?
Re:What operating system was used? (Score:4, Insightful)
Re:Shit. (Score:4, Insightful)
Anyone, though, using Windows in an environment where it could trivially be infected(ie. internet connected or contractors doing flash drive upgrades) really needs to be shown the door, yesterday. I'm also not sure why there would be "a" computer responsible for raising the alarm. Commodity x86 gear is pretty reliable for what you pay; but it isn't that reliable. If the safety of one or more 100 million+ aircraft, and everybody on board, is at stake, why are there not multiple systems, all independently capable of raising the alarm?
Re:Shit. (Score:4, Insightful)
If the safety of one or more 100 million+ aircraft, and everybody on board, is at stake, why are there not multiple systems, all independently capable of raising the alarm?
You're talking about an industry who would likely charge passengers for use of the bathroom, if they could get away with it. Why do you think there aren't multiple systems?
Catch-22 (Score:3, Insightful)
That pilot should have had his license revoked.
Well, I think the crash took care of that.
Unless the pilot was Captain Orr from Catch-22 . . . then he and all the other passengers would be frolicking in Sweden for the rest of the war . . .
Re:Shit. (Score:5, Insightful)
Re:Shit. (Score:2, Insightful)
Re:Shit. (Score:2, Insightful)
Re:Shit. (Score:3, Insightful)
The savings in hardware and software over aspects of a traditional OS was amazing... and thats how an off-the-shelf OS could get into mission critical area.
Marketing has its lists of areas to wine, dine, seduce and penetrate.
Re:Shit. (Score:5, Insightful)
i think MS also disclaims any responsability, that should tell you enough about windows' fitness for mission-critical stuff
regardless of law, putting any mission critical system (especially when lives depend on it) on a windows machine should be chargeable with criminal negligance, and in this case, manslaughter
Re:Shit. (Score:3, Insightful)
Re:Shit. (Score:3, Insightful)
You're talking about an industry who would likely charge passengers for use of the bathroom, if they could get away with it.
And why would they blame their own, if it's easier to blame it on the OS?
Re:Shit. (Score:3, Insightful)
This is a one-way ticket to the cessation of all innovation in the field of computing.
Rubbish.
Re:Complimentary 7 point Slashdot troll guide... (Score:5, Insightful)
Windows is easier. It's a byproduct of sloppy architecture.
It doesn't mean the others can't be compromised, but it's a fallacy to assume all OS's can be infected with the same level of difficulty.
Re:Complimentary 7 point Slashdot troll guide... (Score:3, Insightful)
https://launchpad.net/bugs/+bugs?field.searchtext=remote+code+execution&search=Search+Bug+Reports&field.scope=all&field.scope.target= [launchpad.net]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1252 [redhat.com]
http://news.softpedia.com/news/Critical-Vulnerability-Silently-Patched-in-Linux-Kernel-152678.shtml [softpedia.com]
http://projects.info-pull.com/moab/MOAB-20-01-2007.html [info-pull.com]
http://projects.info-pull.com/moab/MOAB-14-01-2007.html [info-pull.com]
http://projects.info-pull.com/moab/MOAB-01-01-2007.html [info-pull.com]
http://projects.info-pull.com/moab/MOAB-01-01-2007.html [info-pull.com]
Re:Shit. (Score:2, Insightful)
they don't have access to the Internet.
Hopefully they don't have access to USB keyrings, flash drives, thumb drives and CD/DVD ROMS that have access to the internet, either...
USB keyrings, flash drives (same thing), thumb drives (Same thing again).
Do you just type things to make your post look longer so that people will have the belief implanted into their head that you are not dumb.
Re:Shit. (Score:5, Insightful)
Re:Shit. (Score:1, Insightful)
Right. We should all use Ubuntu and OS X. I'm sure Canonical and Apple would be more than happy to accept liability for any damage caused by users installing malware onto the respective operating systems.
Re:Complimentary 7 point Slashdot troll guide... (Score:1, Insightful)
He forgot # 8: When a news article mentions a computer fault without going into specific details, assume it must have been Windows, because every other OS is of course perfect.
Re:Shit. (Score:3, Insightful)
If they couldn't properly isolate a mission critical windows system, guess what? They almost certainly wouldn't be able to properly secure a Linux or OSX system either. Relying on the small amount of Linux based malware for security? That sounds an awful lot like security by obscurity to me. Relying on the rights system? There's plenty that you could do without admin rights that would potential suppress or interfere with an alarm.
Re:Shit. (Score:2, Insightful)
Re:Shit. (Score:5, Insightful)
Considering that 154 people died because this system did not issue the warning it was supposed to, I would say it most certainly IS a mission critical system, it just isn't treated as one.
Of course, it sounds like the whole thing was a tragedy of errors. The pilot should have seen that slats and flaps were in the wrong position, the computer in question should have flagged the plane for grounding, the on board computer should have raised the alarm. There should have been maintenance records independent of the computer that should have raised the flag on pre-flight. Not one of those things happened and people died as a result.
I would call it a comedy of errors except that it's hard to call 154 deaths a comedy.
Re:Shit. (Score:4, Insightful)
It's odd to me how easily you write off a system that caused the death of ~150 people as "not really ... mission critical."
Re:Shit. (Score:3, Insightful)
Work with me here. This is complicated.
Someone posted:
"That's not regulation, that's cost minimization. (A free toilet is significantly cheaper than cleaning up after the alternative...)"
Flight safety and maintenance are not cost issues per se. For an airline with a clue, they are about maximizing profit and reducing inefficiency.
If a plane crashes due to maintenance issues, you have these consequences:
- Lost revenue. Passengers will be wanting refunds. The aircraft is not available for future flights, which will reduce revenue. Many airlines don't have capacity problems today, so this is not a big issue for them right now. Others however are sensitive to equipment availability.
- Inefficiency. It's generally cheaper to maintain the equipment than it is to replace it, insurance and spare equipment notwithstanding.
- Lost business. Perceptions of poor maintenance can lead to public image issues and potentially lost revenue. This is very hard to recover from. Note that the industry as a whole agrees to avoid taking advantage of competitors' safety issues to gain market share. Sharks apparently also do not eat each other, except in dire circumstances.
This particular incident is , at the root of it, not much different than a credit-card data disclosure, or dropping the bakcup tapes down the stairs, or failing to submit a bid because the computer crashed due to some malware. With the salient exception that people died. More reason to have redundant systems, backup manual processes, and even more rigorous IT security practices. We might, just might, see an effort by the FAA and aircraft manufacturers to require airlines and other operators to take aditional steps to secure their critical ground systems.
???
Re:Mission Critical (Score:3, Insightful)
A computer controlling in-flight operations infected with trojans translates to a computer running MS windows. Why the fuck would anyone even think of this? This is like building a suspension bridge using legos and 6 year olds doing the assembly.
So when I fly, is my life really dependent on a tinker toy OS? That's fucked up! Someone should be beaten to death for this idea.
Re:Shit. (Score:3, Insightful)