The British Navy Runs on Windows XP
-
I wonder how quickly there is going to be a bounty on hacking these systems. Want to guess, given what we know about the security attitudes shows, how easily it is to hack a warship that has no secure systems, no way to patch and no competent security or admin people around?
-
@mlnews Wish I could upvote this more than once.
-
@mlnews said in The British Navy Runs on Windows XP:
of cyber specialists to defend it from cyber attacks, Lieutenant Commander Nick Leeson stated." This, of course, is a shockin
As mentioned in another thread - Iran centrifuges anyone?
-
So would this then be "Windows for Warships"......
-
@PenguinWrangler said in The British Navy Runs on Windows XP:
So would this then be "Windows for Warships"......
Wow. lol
-
Rewind.
Are these systems accessible from the outside?
Are only authorised military personal allowed near these systems?
Does the average SMB have a squad of armed sailors to protect from physical intrusion?
This sound like a nonsense article.
-
@Breffni-Potter said in The British Navy Runs on Windows XP:
Rewind.
This sound like a nonsense article.
They must be accessible from the outside. How else are they communicating with the command center. There is a way to communicate with the system, and because of the age of the system they are vulnerable.
Are only authorised military personal allowed near these systems?
Not any more. . .
Does the average SMB have a squad of armed sailors to protect from physical intrusion?
Why would they, they update to remain secure. Physical intrusion is almost never the goal, you want the data, not the hardware.
Are these systems accessible from the outside?
Already answered this question
-
@Breffni-Potter The entire military depends on communications with each other. Of course they are accessible from the outside. In fact, probably wide open given that they are using 20 year old OS.
-
@momurda said in The British Navy Runs on Windows XP:
@Breffni-Potter The entire military depends on communications with each other. Of course they are accessible from the outside. In fact, probably wide open given that they are using 20 year old OS.
And sitting in the middle of an ocean half the time. . . .
-
@DustinB3403 Right, the queen of England even says they are safe when out in open water. So they probably have Windows Firewall disabled.
-
@Breffni-Potter said in The British Navy Runs on Windows XP:
Rewind.
Are these systems accessible from the outside?
That's what Scott's excerpt says.
Are only authorised military personal allowed near these systems?
Excerpt doesn't say - but let's assume so.
Does the average SMB have a squad of armed sailors to protect from physical intrusion?
No, but then they don't need it - they are hopefully updating and using more secure software.
This sound like a nonsense article.
Perhaps - though I doubt it.
As for your armed guards comment, I'm sure the Iran plant was full of armed guards, but that didn't stop the infected laptop that a technician used to make code that was transferred via USB to the air gapped network from infecting the network - the tech was there by invitation, and his infection of the network was completely unknown.
-
@momurda said in The British Navy Runs on Windows XP:
@DustinB3403 Right, the queen of England even says they are safe when out in open water. So they probably have Windows Firewall disabled.
Which a firewall that is 20 years old, even if enabled likely isn't secure.
-
@Breffni-Potter said in The British Navy Runs on Windows XP:
Rewind.
Are these systems accessible from the outside?
Does it matter? How hard is it to get a USB stick in there, how hard is it to trick military staff, how hard is it to hook up something to the network.
That the Navy suggests that being offline is protection, that alone is proof that they don't even understand what the risks are.
-
@Breffni-Potter said in The British Navy Runs on Windows XP:
Does the average SMB have a squad of armed sailors to protect from physical intrusion?
Is physical intrusion a key concern? This is a neat question to ask, but doesn't provide any insight into how this could be secure. The bigger the squad standing around these insecure systems, the more points of failure you have.
Also, high profile target, rather than low. They need way more than a squad of soldiers because they have something insanely valuable to protect.
So by comparison, the average SMB has MORE protection physically, not less.
-
There's also the possibility that since they just dont give a shit about security, how many people are rolling their own wifi there on the same network critical systems are on? How much shadow IT is on these ships? Probably nightmare scenario amounts.
-
@Breffni-Potter said in The British Navy Runs on Windows XP:
This sound like a nonsense article.
Why? You made points that they would make, based around hubris. Exactly the top risk factor in consideration.
-
@DustinB3403 said in The British Navy Runs on Windows XP:
@Breffni-Potter said in The British Navy Runs on Windows XP:
Rewind.
This sound like a nonsense article.
They must be accessible from the outside. How else are they communicating with the command center. There is a way to communicate with the system, and because of the age of the system they are vulnerable.
Not only that, they need to talk to each other. The "outside" might not be just outside the ship, but around the ship. There are likely massive points of vulnerability all over the ship. I doubt that there is a squad standing around every ethernet port.
-
@momurda said in The British Navy Runs on Windows XP:
@Breffni-Potter The entire military depends on communications with each other. Of course they are accessible from the outside. In fact, probably wide open given that they are using 20 year old OS.
And moreso given the hubris. They are so confident that they don't need security that they skip it in the most basic of places. What are the chances they have any other security when the low hanging fruit and a national embarrassment haven't been taken care of?
-
@momurda said in The British Navy Runs on Windows XP:
There's also the possibility that since they just dont give a shit about security, how many people are rolling their own wifi there on the same network critical systems are on? How much shadow IT is on these ships? Probably nightmare scenario amounts.
Exactly. I'd say the chances that these yahoos even know what devices are connected to their network is about zero. They can't install a modern OS or choose an appropriate one, but we think that they can secure other things? And they couldn't contain the secret that they were massively insecure. So we already know that there has been a security breach!
-
A certain company with green in their logo also rents cars from a green screen.