Cyberattack Grounds Planes In Poland 40
itwbennett writes: While the alleged hacking of in-flight systems has been much discussed recently, "there are many more areas of vulnerability to address in the aviation industry," says Tim Erlin of security firm Tripwire. "Like most industries today, aviation relies on a wide variety of interconnected systems, from air traffic control to reservations systems." Case in point: LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw's Chopin airport on Sunday after hackers attacked its ground computer systems.
That's enough! (Score:4, Funny)
No more general purpose computers for the public! Appliances are enough for the ordinary citizens. We also need a programmers' register so that anyone developing software may be audited at any moment. Possession of programming tools without authorization must be punished with a 10 years sentence at a minimum. No debate.
Re: (Score:1)
When I suggest real engineer certification for programmers writing public facing code and that all PHP "programmers" face life in prison, I get modded a troll.
Re:That's enough! (Score:5, Insightful)
how about we just make it a crime punishable by 20 years for any IT professional to hook sensitive computers to the internet.
Even if the PHB makes you do it?
In my experience, it's not the IT guy that is responsible, it's the PHB who doesn't understand the risks, doesn't take the IT guy's advice or provide the necessary resources to do the job safely, they just want it done NOW!
Re:That's enough! (Score:4, Interesting)
I'm not saying it is the right solution, but in many areas the individual is responsible.
If an airline tells a pilot to fly more than the legal number of hours in a week or they're fired, the pilot still loses his license if he complies. Of course, if they instead call the local regulator I suspect the airline will get a nasty visit from an inspector.
Engineers are legally liable if they sign off on an unsound building, regardless of the instructions of their employer.
The EU requires an EU citizen to sign off on the quality of imports of stuff like medical devices and if there is a problem they can go to jail. It is their responsibility to ensure that whoever they're working with is getting audited to ensure they are in compliance.
So, there are many areas of the economy where safety is critical and the solution is to make a particular individual personally criminally liable. It forces the buck to stop somewhere. That person is supposed to get a lot of clout with the regulators as well when they feel they're pressured to cut corners.
Re: (Score:2)
how about we just make it a crime punishable by 20 years for any IT professional to hook sensitive computers to the internet.
Even if the PHB makes you do it?
In my experience, it's not the IT guy that is responsible, it's the PHB who doesn't understand the risks, doesn't take the IT guy's advice or provide the necessary resources to do the job safely, they just want it done NOW!
So resign. Nuremberg gave us pretty clear rules around this type of thing.
When laws were introduced to make Directors down to IT Managers personally liable for corporate piracy (corporate product like Office, not user's downloading MP3s), not surprisingly, the PHBs started listening to their Sysadmins.
And we already have similar laws in the payments world with PCI-DSS, so I can't see why a similar incentive wouldn't have a similar impact.
Re: (Score:2)
Easy to say, hard to do. What about the wife and kids? Who's going to make the mortgage payment?
Look, many times these things are a question of "acceptable" and "unacceptable" risk. If the PHB says he's willing to accept the risk, even after I've explained it to him, then he gets what he wants within the bounds of the law and ethics. He signs my paycheck and he calls the shots. I suggest you come up with options for the PHB that are solutions to his problem though.
Of course, if you object on moral groun
Re: (Score:2)
Easy to say, hard to do. What about the wife and kids? Who's going to make the mortgage payment?
The end result is the same. If you work somewhere that has such questionable ethics that it is likely to cause massive financial or personal harm to someone, then your mortgage isn't safe anyway. I know not everyone has the luxury of leaving, but it's something I've done, and always try to keep myself in a position to have that choice.
Re: (Score:2)
In my experience (for what it's worth) it is usually plainly obvious that you are working at a place that doesn't share your morals and ethics long before you get into a situation where it's quit or agree to do something unethical. It's hard sometimes though to just up and jump ship, depending on the job market and your personal situation. My advice is to start looking around once it's obvious, because if they do unethical things to others, they will do them to you. You may not be able to leave right now,
Re: (Score:3)
The only thing safer is an elevator :)
Dodging lightning bolts? (Score:3)
>> dodging lighting bolts
Hmmm...since every commercial airliner receives a lightning strike, on average, once a year, I'm not sure there's much "dodging" going on.
http://flightsafety.org/aerosa... [flightsafety.org]
Re: (Score:1)
He did not say that they successfully dodged them every time. Sheesh...
Re: (Score:2)
You're 35000 feet in the air going 500 mph, dodging lighting bolts and surrounded by red hot fuel burning. Of course there's a risk.
So when you cross the street you don't bother looking at the stoplight.
Soviet-era edit (Score:5, Funny)
>> Cyberattack Grounds Planes In Poland
I'm old enough to have skimmed that as: "Cyberattack Grounds Poland's Plane"
Misleading headlines (Score:1)
Stop with the overhype, it grounded *some* planes when you were clearing trying to insinuate the whole of Poland was unable to fly. This site loses so much credibility when the editors can't be professional and prefer a few extra clicks..
Poland (Score:5, Insightful)
probably should declare war on terrorism or just fire the guy who tripped over the switch's power cord, causing network loss... yes this statement has the same veracity without details.
Re: (Score:2)
I'm with you. I'm not saying they weren't hacked. I'm just saying it's a lot easier to say you were hacked from an unknown source than it is to admit you allowed someone to monkey with the live reservation system.
Winged cavalry at calvary. (Score:1)
The attack probably came from Russia, because Poland is the only one who stands up for the Ukraine's freedom and points out how the Budapest Memorandum was ravaged by the Man-Bear-Putin, aided and abetted by Free World cowardice.
The polish are arming themselves to teeth, because they know Russia and Germany would be happy to partition Poland's lands. The russians are not even trying to hide this intent, while the germans are more discreet about their desire to mend the Odera-Neisse border. Those two barbari
Re: (Score:3, Funny)
>> The polish are arming themselves to teeth
Q: How do you stop a Polish army on horseback?
A: Turn off the carousel.
Re: (Score:2)
I understand that one of the problems with landing the planes manually was that the Polish pilots kept coming to the end of the runway before they could land. One exclaimed, "Why do they make these damned runways 50 times wider than they are long?"
Re: (Score:1)
Hey, it is not racism if it is said in jest or if the parties are white...
Actually, see the history of the Polish fighting on behalf of the UK with the RAF during WWII. But, I digress...
Sorry, I know of no (in)appropriate Polish jokes to tell. Something something submarines. Something something seagulls over Poland something... Pretty funny, eh?
Re: (Score:2)
I agree.
The sociological definition of racism requires "culturally sanctioned beliefs, which, regardless of intentions involved, defend the advantages whites have because of the subordinated position of racial minorities".
Could be better, but don't stop trying.
Re: (Score:1)
Now you have me wondering what the real sociological definition is. I still do not have any good jokes to share.
Further proof that security comes 3rd (Score:3)
In my experience the following is the order of priority:
- Cost
- Delivery Date
- Security.
Security isn't a concern until it is.
And the ones already in the air? (Score:1)
They were stuck up there all day!
DDoS prevented submitting flight plans. (Score:4, Informative)
Based on rumours so far it seems that:
- the attack was not infiltration but DDoS,
- it prevented transmitting flight plans to European authorities,
- without submitting flight plan it is not allowed to take off on formal basis. Nothing technical.
Still unclear on which part of the system got knocked out, as we would suppose some good dedicated link for submitting of flight plan information from airline.
First attack of its kind? (Score:2)
"United Airlines Flights Grounded Over Flight Plan Hacking [thedailysheeple.com]"
Ban this open source Malware now :) (Score:2)