Schneier on Security

There ain't no mountain high enough
Ain't no valley low enough
Ain't no river wide enough
To keep me from getting to you
Don't you know that

There is an upside: at least it doesn't burst out of your chest after gestation. Where is Sigourny Weaver when you need her?

There are already at least a thousand worms on the ISS:
http://www.pitt.edu/~biohome/Dept/Frame/wormsinspace.htm
;-)

I guess even "Astronuts" need a bit of down time but hey there was me thinking that WiFi was short range ;)

What?! They're using Windows in space? Surely that's a joke, or these laptops are just for entertainment or pornography. Any serious computer in the military, and certainly anything as critical as the space station, ought to be running some UNIX or GNU+Linux OS. Nobody uses Windows for important things any more. It's lost all credibility since Vista.

C'mon now Bruce, the virus was found on a laptop somebody took to the space station. It was never connected to the space station so there are no real implications.

It equates to somebody plugging in a flash drive to their laptop, inadvertenly transferring a virus to their laptop then taking that laptop with them to the space station.

Its no different than somebody flying on a commercial airline with an infected laptop.

@Billy:

Be serious. Most of the end users in the military don't have time for the Unix learning curve. Of course there's going to be a huge Microsoft presence.

I've alluded before to the incident at HQ USAFE where the Intelligence Workstations in one of the most secure SCIFs on the base were infected with Jerusalem B during Desert Storm. These were essentially tempested 386 boxes with fancy graphics running Windows, and some dorky group of operators were playing pirated games which I was told were obtained from Navy personnel closer to the combat theater.

"What shall we do??!?", cried the frantic captain on the phone. I snarked, "Well, you've got operators bringing unauthorized software into one of the tightest SCIFS on the base and playing games at their duty stations. Policy states that this incident needs to be reported to the AFOSI. It should be easy enough to find them!" (The door to their office was right across the hall from the SCIF entrance...!)

I was ordered ("begged" is perhaps more accurate but the implied threat from officer to enlisted was also there) not to report this incident through channels, and requested to "remove the virus" if possible from the media - it was mostly on 5.25" floppies. I was then presented with a hefty bag full of both legitimate and illegitimate software that was apparently being stored above a ceiling tile in the SCIF. Jerusalem B was very new at the time and there was no way to remove it, so that never happened.

Can't make this stuff up, folks. Your tax dollars at work... sleep tight America and all that.

"Nobody uses Windows for important things any more.It's lost all credibility since Vista."...really?

I can go two ways with this. The first would be when exactly did Windows have credibility? It's been getting slammed years before Vista was a gleam in MS eye.

Oh maybe it was the pretty Apple ads that convinced everyone Vista was a dog..I mean if that kid from Jeepers Creepers says Vista sucks it must!

Or how about nobody uses Windows for important things...except every Fortune 500 company in existence. Unless your definition of important doesn't include the significant majority of desktops and even servers. Last time I checked Microsoft wasn't hurting revenue wise, someone is still using it for important stuff.

I've got a linux file server at home and messed with it for doing other things as well, and while it's a great alternative, we still got a long time before this Utopian Linux world comes to be.

> Last time I checked Microsoft wasn't hurting revenue wise

Yeah, they just destroy the economy of the rest of the world. The Fortune 50 I worked at had days of downtime a year for basically the whole office (not counting servers) from virii, worms, trojans and their consequences (e.g. shutting down all email for two days).

I won't mention my team happily hummed along on macs and some of our developers kept going on their redhat boxes. Oh damn, I just did!

---

AFAIK, every candy bar has to be certified as space worthy. How can a laptop come up infected? Even if not a RiskTM because it cannot infect the station, the IT bill for coming up and trading your machine out while the fix it is a bit higher. Easily avoidable failures like this should be avoided, easily.

I just heard on CNN (during convention break) that astronauts on Space Center have been passing wind - reporting was never trumpeted -only whispered; NASA won't discuss it because of privacy concerns and that it would be negatively profiling certain ethnic foods.

Slow Wednesday Bruce .. give us a real hash story.

Security theater in Spaaaaaace . . . be afraid . . . be very afraid. That there is no systematic check of every potential source of computer nastiness going up should concern NASA. Even if this is merely one mission specialist lacking a clue as to the folly of thumb drives introduced to a laptop with no AV installed someone should have checked. What if multi-million dollar science experiments were wrecked due to this inaction? Connected to the space station or not this is bad news.

@All Windows bashers: Coming to this site I would not have expected people to comment like common trolls on the internet!

It is basically not the issue the OS but the way you set it up and use it. In probably 99% of all cases of malware infections the person in front is responsible/to blame and not a security flaw. From social engineering to unauthorized/pirated software anything can infect a computer.

Windows is just an easy target due to the sheer numbers and average user profiles.

Maybe some people should catch up on a few Schneier essays...

I thought viruses in space only came from Jeff Goldblum's Mac.

I agree with all the windows bashers. What we should have done is send up a compromised and weak OpenSSL Debian Box. Maybe even a compromised and freshly rooted with phalanx2 RedHat or Fedora box.

Seriously, what's with the recent wave of OS bashing on the security forums lately?

@ Charles Decker,

"Seriously, what's with the recent wave of OS bashing on the security forums lately?"

A clue could be it's August traditionaly a slow news month better known as the "silly season" where news spots get filled with "my doggie can count" type items.

As the Olympics are over we have to make up for lost time so how about "my doggie barks the blue danube whilst summersalting slowly on the bouncy castle"

I just came back from a dentist who proudly displayed my entire exam process, from x-ray to photographs, from notes to policies, on a screen in front of me.

"What do you think?" I was asked.

I stared glumly at the lower-right of the familiar task bar and said "Well, you you are putting my sensitive health records on Windows XP running an open VNC server with an expired copy of free antivirus."

When I arrived home I found an email from the front desk signed

"Internal Virus Database is out-of-date. Checked by AVG. Version: 7.5.524 / Virus Database: 270.6.3/1613 - Release Date: 08/15/2008 5:58 AM"

Figures. I should have stood up and left as soon as I saw something with a "Start" button used for medical equipment.

Time for a new dentist.

@ Kashif

"Windows is just an easy target due to the sheer numbers and average user profiles."

Let's just boil the logic down, shall we?

Windows is an easy target because it is an easy target.

Great. Now what?

The point is that these systems were still part of a very expensive, life critical project:

'The laptops infected with the virus were used to run nutritional programs and let the astronauts periodically send e-mail back to Earth.'

If the virus had been more deadly, then these programs and email capability would have been compromised.

It's not that the OS is Windows or anything else, it's that supposedly intelligent and highly qualified personnel still have no idea about safe computing, and that includes the NASA hierarchy as well as the astronauts.

Do we have any confidence that the people in DOD are more able to contain malware of any sort invading systems that are critical to national security? Given previous posts, we don't...

A virus can make the hardware do anything it is capable of, overheating, blow up batteries, etc.
A virus can exploit hidden covert channels in electronics, chipping with wireless tempest? Grr, would really suck.
A virus is really scary when you consider the extent some go to in ruthless business negotiation. Time is ripe for that these days.
A virus is a major threat.
The hardware must not have any weird or unknown devices in it. DMA and memory stuff can be uncool. GRR, sadly some things are, well, oh well...
The OS really, really, really, really must not be M$.
You would hope that someday the lousy stupid cluster*ucks that neglect *BSD to being used in mission critical environments, get kicked hard somewhere.
LynxOS is an option, that red tape CYA types could pick, however, I'd balance on *BSD.
Pathetic State of the Union, look around everwhere, we really have fallen from when the DOD, NSA, NASA, 'Spinoff attitudes' ruled.
NASA and some others, a poor mans version of top quality private equity groups. Sure used to be the other way around.

This from the end of the BBC item is most worrying:

"Nasa told Wired News that viruses had infected laptops taken to the ISS on several occasions but the outbreaks had always only been a 'nuisance'. "

Even if the ISS itself is not at risk, there are other systems running experiments and the like that can be jeopardised by a virus. It's remarkable they didn't take action after the first one.

Of course using BSD would reduce the chances of an infection (especially since it would stop some bored astronauts to play some copied games they brought with them).

But any OS can be attacked if someone really wanted to, the chances on Windows are just higher due to the used numbers and created/available threats (why should any malware author create something for BSD when there are just uncountable many easy user targets on Windows machines).

On the other side I do not want to think about the sheer amount of updates (OS and security software) these machines probably never received. Windows Update and regular AV signature updates surely is not possible over their network - unless they get some update CD's / images on each provisions shipment.

Anyway, since NASA did not specifically deny that these computers may be somehow connected to mission critical systems it does pose a security risk in any case. Just think what someone with inside knowledge about the PC systems could do (who knows, maybe this "inside knowledge" is even publicly available somewhere).

But as Pat said, we all are save as long as Jeff Goldblum does not enter space with his Mac virus... ;-)

It seems that the worm is just an online games password-stealer.

The ISS has no Internet connection. The laptop was likely infected via USB drive.

Damage is limited, but still, one wonders how could such things happen in a Space Station environment that's supposed to be controlled and sanitized from dangers.

http://www.f-secure.com/weblog/archives/00001489.html

"I don't know and even if I did, I wouldn't be able to tell you for IT security reasons," Humphries said.

Humphries should read some Schneier.

We should point out that while there may be some Windoze boxen on the ISS, the serious stuff (e.g. docking control, life support) is done on a variety of other OSes, including Linux.

In an article explaining why the docking control system would run on Linux, security was not cited as a major reason; rather, reliability was a key factor, and another major factor was adequate performance on aerospace-rated hardware.

An explanation is required about this last point. For high altitude and space-based applications, computing equipment needs to operate reliably when subjected to significant exposures to high energy ionising radiation showers. A variety of hardware has been built and tested for this purpose, but performance-wise it tends to lag quite a few years behind current COTS systems.

So when it comes to running Windows on the ISS, you have 3 choices:
a) try to run Vista on a (hardened) Pentium Pro with 64 MB of memory (good luck!);
b) put Windows Me on your Pentium Pro (oops, the manufacturer no longer supports this OS!);
c) Run XP or Vista on current commodity hardware, but don't use it for anything critical as it will crash hard every time there is a radiation shower. And probably get a virus, too.

There is, by the way a standard (DO-178B) for operating systems and application software for life critical aerospace applications. So far as I am aware, no version of Linux has passed certification for this; OSes which have include INTEGRITY-178B and LynxOS-178.

At least the space station has no current fear for the copier repair man or a random visitor in the conference room plugging in an infected laptop. That could change one day, I hope.

@ Roger,

"So far as I am aware, no version of Linux has passed certification for this; OSes which have include INTEGRITY-178B and LynxOS-178."

That's not to say it could not be made to pass, part of the problem is who would pay for it and how would they recover the cost?

Linux has certainly be accepted for "carrier grade" performance in the telecomms industry, thanks to the work of a major telco. As far as security goes it also can be made about as secure as you are going to get on commodity hardware and it certainly has been considered for use in high risk environments.

What lets it down in most cases as you identified is hardware and additionaly it's licence...

Most OpenSource *nix OS's in a variety of forms either have been or can be made to meet most industrial / scientific / medical or security standards. The question is who is going to develop the appropriate hardware and pay for the certification testing?

Most large businesses who can aford to do the development are not going to do it for what they view as limited and closed vertical markets unless it is part of their core business.

Small companies are not going to do the development unless they can get a level of certainty on the return of not just development costs but market share as well.

Certain Licences for Open Source are seen by SME's as a real impediment. Which is why *BSD is likely to be prefered over Linux as the SME platform of choice (it's probably the reason Apple went that way as well).

For linux to pass DO-178B it needs a "sugar daddy" who is prepared to raise "everybodies boat" by paying for the work and as required by the licence handing it back to the community.

The description at Symantec indicates the virus reproduces thorugh USB drives:

"The worm then copies itself to all drives from C through Z as the following file:
"[DRIVE LETTER]:\ntdelect.com

"It also creates the following file so that it executes whenever the drive is accessed:
"[DRIVE LETTER]:\autorun.inf"

http://www.symantec.com/security_response/writeup.jsp?docid=2007-082706-1742-99&tabid=2

The following registry change is absolutely essential to protect against such attacks:

http://windowssecrets.com/2007/11/08/02-One-quick-trick-prevents-AutoRun-attacks

They are stupid enough to use Windows - the world's most insecure OS. What did they expect?

@Kashif at August 27, 2008 3:43 PM
I have a problem with your pejorative use of the term "Windows basher". You insinuate that there is something wrong with "bashing windows"! That's like saying it's wrong to attack a terrorist, or a paedophile. Say, you're not a terrorist or a paedophile are you Kashif?

You were right, a little, that security comes from how you set it up and use it rather than exclusively from your OS'es name. The monumental point you're missing is that you ARE NOT ALLOWED to set up windows securely because YOU DON'T GET SOURCE CODE. Do what Microsoft says, or you get the spanking. Ever read the MS EULA?
Pirated software (from what I've heard of the windows world) rarely is a source of infection. It's just blamed so that people will be afraid of using pirate software, and pay money instead. And to the extend that it does carry infection, Linux is saved from "software piracy" by the GNU GPL. Piracy doesn't really exist in GNU+Linux.

> Windows is just an easy target due to the sheer numbers and average user profiles.
That's a defence? The more market share something has, the MORE it should be secure, not less. Oh wait, yeah, that's right... Windows users aren't allowed to fix bugs. You have to wait for Microsoft to 1) hear about it 2) care 3)write a patch 4)black Tuesday 5)wonder what *else* they changed. That sounds really intelligent. NOT!

> Maybe some people should catch up on a few Schneier essays...
Oh, I have. Been on the mailing list for about 6 years, moving to RSS these days.

I used to do integration testing for C&DH (Command and Data Handling) on the ISS. I know all the computer systems pretty well.

First, these laptops are in no way used to control the actual station. The critical ones run Linux and can be flashed with a new drive image from mission control if they were ever infected with something. The machines (called MDM's) that do the actual realtime stuff needed to keep the station operational are on non-IP based network completely separate from any windows computers. An MDM is an i386, running a custom, VxWorks realtime OS. A Windows virus will never be able to infect any of them. The windows laptops are solely for recording experiment data and general computing (internet, voip, movies).

So yes, a virus might be logging all the scientific data being collected on the station, but so what? That stuff will all be published in academic journals anyhow. (I am half kidding about the "so what" part)

The Ten Cannots
You cannot bring about prosperity by discouraging thrift.
You cannot help small men by tearing down big men.
You cannot strengthen the weak by weakening the strong.
You cannot lift the wage earner by pulling down the wage payer.
You cannot help the poor man by destroying the rich.
You cannot keep out of trouble by spending more than your income.
You cannot further the brotherhood of man by inciting class hatred.
You cannot establish security on borrowed money.
You cannot build character and courage by taking away men's initiative and independence.
You cannot help men permanently by doing for them what they could and should do for themselves.
( Rev. William John Henry Boetcker, 1873 )
and
You cannot protect a system from risks without the cooperation of the users.