Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Is Windows up to snuff for running our world?

from [Richard M. Smith] Network Security [Permanent Link]
Subject: Is Windows up to snuff for running our world?
Date: Fri, 22 Oct 2004 14:34:55 -0400 
Hi,

The Microsoft Windows operating system is increasingly being used in devices
which run our world.  Some examples include cash registers, ATMs, electronic
voting machines, and factory control computers.  But is the Windows
operating system really reliable and secure enough for these kinds of
applications?  A small incidence at the Atlanta airport last May makes me
wonder.

I was flying home to Boston from Atlanta on Delta Airlines.  When I got to
my gate at the Atlanta airport, I immediately noticed that there was a
Windows error alert box in the middle of the large display screen over the
gate door.  I walked around the terminal and saw that many of the gate
display units had the same error alert box being displayed.  In many cases,
the display units were no longer usable since the alert boxes covered up
critical information on the screens. 

Here are some photos I took of the problem:

   http://www.ComputerBytesMan.com/atlanta

The problem existed for at least 30 minutes, but no one from Delta seemed to
be interested in fixing it.  I wanted to click the "Okay" button myself, but
I couldn't find a mouse. ;-)

I even recognized the software package that was failing at the Delta
terminal.  It is a customer support package that a number of computer makers
ship with their home PC systems.  This same software package was
pre-installed on my Sony laptop but I removed it after discovering that it
contained a number of ActiveX controls with serious security holes.  These
security holes can potentially be used by a virus writer to take over a
Windows PC using simple script code.

The customer support software was failing because it couldn't find a
standard Microsoft ActiveX control which ships with Windows.  My impression
is that the Windows operating system in control of a display unit had
somehow been corrupted.  Ironically this customer support package is
designed to diagnose and fix these kinds of problems with home PCs.  Why
Delta was running consumer-grade PCs for this application is bit hard for me
to fathom.

I sure that this is not the first time a Windows system has failed in a
dedicated application.  If you have any interesting photos of similar
Windows failures, please send them along to rms@computerbytesman.com.

Richard M. Smith
http://www.ComputerBytesMan.com

Links

Microsoft server crash nearly causes 800-plane pile-up
http://www.techworld.com/opsys/news/index.cfm?NewsID=2275

Car crazy: Microsoft in the driver's seat
http://tinyurl.com/6s24a

ATMs in peril from computer worms?
http://www.theregister.co.uk/2004/10/20/atm_viral_peril/

Shifting cyber threats menace factory floors
http://www.securityfocus.com/news/9671

Software vendors just don't "get" ActiveX security
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0043.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Update: Web browsers - a mini-farce (MSIE gives in), Michal Zalewski
Next by Date:  Windows DoS in certain pGina configurations, Steven
Previous by Thread:  Hack Dot AE, Spy Hat
Next by Thread:  Re: Is Windows up to snuff for running our world?, Thor
Indexes:  [Date] [Thread] [Top] [All Lists]