BMW Garage BMW Meets Register Today's Posts
Go Back   6Post.com | BMW 6-Series Forum > BIMMERPOST Universal Forums > Off-Topic Discussions Board

Post Reply
 
Thread Tools Search this Thread
      05-10-2021, 07:34 PM   #23
Fly320s
Private First Class
United_States
1562
Rep
140
Posts

Drives: Car
Join Date: Sep 2017
Location: NH

iTrader: (0)

Garage List
2020 BMW M2C  [5.50]
My uneducated opinion in I.T. is that the really important stuff should never be connected to the internet. It isn't a matter of "if they hack us," but a matter or "when they hack us."

Why was an important oil pipeline connected/controlled by an internet connection? That is just plain stupid.
Appreciate 2
Murf99314095.00
      05-10-2021, 07:43 PM   #24
TiMSport
Banned
Ukraine
12844
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Quote:
Originally Posted by Fly320s View Post
My uneducated opinion in I.T. is that the really important stuff should never be connected to the internet. It isn't a matter of "if they hack us," but a matter or "when they hack us."

Why was an important oil pipeline connected/controlled by an internet connection? That is just plain stupid.
Agreed. This isn't the first time a critical operation was exposed and sadly it won't be the last.
Appreciate 2
Murf99314095.00
      05-10-2021, 07:55 PM   #25
EME_Bounce
New Member
85
Rep
7
Posts

Drives: 2021 X30e
Join Date: Mar 2021
Location: Earth

iTrader: (0)

The US hacked Iran’s nuclear production facilities that were airgapped. It’s not that simple.
Appreciate 0
      05-10-2021, 07:56 PM   #26
vreihen16
Recovering Perfectionist
vreihen16's Avatar
20169
Rep
999
Posts

Drives: BMW-less :(
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
Quote:
Originally Posted by Murf993 View Post
Might be the rum talking but maybe I should go into consulting.
You couldn't go any worse than the clowns currently collecting pay checks in the IT field!

After 35 years, I seriously want to leave IT for the exciting world of pizza.....
__________________
Currently BMW-less.
Appreciate 2
Murf99314095.00
upstatedoc7532.50
      05-10-2021, 08:01 PM   #27
TiMSport
Banned
Ukraine
12844
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Quote:
Originally Posted by vreihen16 View Post
You couldn't go any worse than the clowns currently collecting pay checks in the IT field!

After 35 years, I seriously want to leave IT for the exciting world of pizza.....
Lol, that would probably be less stress.
Appreciate 2
Murf99314095.00
vreihen1620168.50
      05-10-2021, 08:06 PM   #28
Murf993
Major
Murf993's Avatar
14095
Rep
1,336
Posts

Drives: Porsche 993
Join Date: Mar 2020
Location: Dog Lake, South Frontenac, Ontario Canada

iTrader: (0)

Quote:
Originally Posted by vreihen16 View Post
You couldn't go any worse than the clowns currently collecting pay checks in the IT field!

After 35 years, I seriously want to leave IT for the exciting world of pizza.....
Might be the rum talking but suddenly I feel like Pizza....
Appreciate 1
vreihen1620168.50
      05-10-2021, 08:08 PM   #29
TiMSport
Banned
Ukraine
12844
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Quote:
Originally Posted by Murf993 View Post
Might be the rum talking but suddenly I feel like Pizza....
My question is are you giving any rum to Woodford?
Appreciate 0
      05-10-2021, 08:15 PM   #30
Murf993
Major
Murf993's Avatar
14095
Rep
1,336
Posts

Drives: Porsche 993
Join Date: Mar 2020
Location: Dog Lake, South Frontenac, Ontario Canada

iTrader: (0)

Quote:
Originally Posted by TiMSport View Post
My question is are you giving any rum to Woodford?
No, he gets to lick the ice cream bowls though. However he's snoozing next to Lisa right now.
Attached Images
 
Appreciate 2
TiMSport12843.50
Littlebear3520.50
      05-11-2021, 08:36 AM   #31
jmack
First Lieutenant
jmack's Avatar
549
Rep
384
Posts

Drives: OG M2, E70 X5M
Join Date: Oct 2018
Location: TN

iTrader: (0)

Quote:
Originally Posted by vreihen16 View Post
You couldn't go any worse than the clowns currently collecting pay checks in the IT field!

After 35 years, I seriously want to leave IT for the exciting world of pizza.....
I'm only 10 years in infosec and will be moving into goat farming once my kids are in school and my wife can start working again.
Appreciate 1
upstatedoc7532.50
      05-11-2021, 08:48 AM   #32
DETRoadster
Space Force - 4 Star General
DETRoadster's Avatar
11494
Rep
3,265
Posts

Drives: M2 MG 6MT / Moto Guzzi V7
Join Date: Jul 2016
Location: Seattle

iTrader: (1)

Quote:
Originally Posted by Murf993 View Post
I mean I loved to google at work as much as the next guy but I'm thinking that you can't get hacked if you're not connected to the inter web right?
Not exactly. I remember the "old days" where the trick was for a hacker to put malicious code on a USB thumb drive, label the drive "employee salaries" and leave it in the company parking lot in the hopes that some dumb ass would spot it on their way in the door and be incapable of not ticking it into their work PC.

Or even earlier than that when computers were a bit of a rarity so we had shared PCs. You'd roll up with your floppy disc full of your work and use the pC for a few hours to do whatever you needed to do. Assholes would leave a virus on the PC that would then infect your disc and propagate to the net PC you stuck it in. I lost a term paper in college that way when the computer lab got infected.

But still, your point is a solid one. Critical infrastructure should be running on PCs that done have an Internet connection and are isolated from the general company network.
Appreciate 2
vreihen1620168.50
Murf99314095.00
      05-11-2021, 09:39 AM   #33
zx10guy
Brigadier General
5506
Rep
3,310
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Air gapped systems are not 100% protected from vulnerabilities. There are other vectors which can introduce malicious code. Having worked in highly classified systems, those dangers are constantly being considered and systems designed to mitigate those risks.

Security is only as good as the mindset of the people that work with the systems and those in charge that dictate policy and funding. This is the foundation. Without this, you can throw the fanciest latest security tech at something and still have the same exposure without using it.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 3
vreihen1620168.50
jmack548.50
Littlebear3520.50
      05-11-2021, 09:53 AM   #34
vreihen16
Recovering Perfectionist
vreihen16's Avatar
20169
Rep
999
Posts

Drives: BMW-less :(
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
Quote:
Originally Posted by jmack View Post
I'm only 10 years in infosec and will be moving into goat farming once my kids are in school and my wife can start working again.
I have joked that I am ready to eschew technology and move to a shack in the woods, but I already live in a small house surrounded by 7,000+ acres of state forest and lived through the Unabomber threats in the 1980's...so that's already been done.

Quote:
Originally Posted by DETRoadster View Post
But still, your point is a solid one. Critical infrastructure should be running on PCs that done have an Internet connection and are isolated from the general company network.
I know of a municipal building in our region where their entire infrastructure is on a flat IP subnet. Servers, clients, access control locks, and even the guest wifi all on the same network with no firewalls or routing whatsoever. Probably designed by some 12-year-old, and signed off on by a politician that types with two fingers because it works...until they get hacked.

I'm not going to name the company, but there is a very large player in the K-12 school content-filtering market that I was asked to look at as a favor when a school near my office couldn't get it to work. Their black box was actually static-coded to ignore the subnet mask and default gateway being provided by DHCP, and assumed a /24 with .1 as the default route. Great assumptions for a cable modem in someone's house, but rendered the thing 100% useless on a segmented network with /26 subnets to isolate rooms. The company did not see any flaw in their logic, and defended their product because they were too clueless to fix it.

As for jumping the air-gap in Iran, an infected USB thumb drive full of "naked women pictures" dropped outside the front door will surely result in a nuclear meltdown in a few hours.....
__________________
Currently BMW-less.
Appreciate 2
jmack548.50
      05-11-2021, 10:27 AM   #35
CTinline-six
Hoonigan
CTinline-six's Avatar
United_States
6941
Rep
3,016
Posts

Drives: '09 328i, '98 Wrangler
Join Date: Dec 2016
Location: Connecticut

iTrader: (0)

Garage List
Quote:
Originally Posted by Fly320s View Post
My uneducated opinion in I.T. is that the really important stuff should never be connected to the internet. It isn't a matter of "if they hack us," but a matter or "when they hack us."

Why was an important oil pipeline connected/controlled by an internet connection? That is just plain stupid.
This.

The reason is to cut cost, maximize profit.

Quote:
Originally Posted by vreihen16 View Post
You couldn't go any worse than the clowns currently collecting pay checks in the IT field!

After 35 years, I seriously want to leave IT for the exciting world of pizza.....
I work with several different agencies being employed by an IT contractor, and I think the bigger problem is how businesses in general are run. It's very obvious when we take on a new client whether they see IT as just a service like cable TV, or if it is a tool they invest in to improve and strengthen their business. The businesses where information privacy is a liability tend to invest in much better security, where companies who don't give a shit if information gets hacked like Equifax could care less. A tool is only as good as the person (or organization) using it.

The truth is there should be a lot more security for critical systems like the pipeline and for our personal data, but placing priorities on profits and the way big tech operates doesn't allow for that.
Appreciate 2
vreihen1620168.50
Littlebear3520.50
      05-11-2021, 10:51 AM   #36
TiMSport
Banned
Ukraine
12844
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Placing priorities on profits and appeasing shareholders will always win out, unfortunately.
Appreciate 0
      05-11-2021, 11:13 AM   #37
zx10guy
Brigadier General
5506
Rep
3,310
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

And why I've been harping on having stated regulations which put in place financial penalties and in the case of gross negligence, jail time. None of these behaviors will change unless organizations and individuals get hit where they do care which is losing money or losing their time sitting in a cell.

The examples of the errant USB device being plugged into an air gapped computer is one example. But many people don't focus on other vectors such as the firmware that's installed in many of the subcomponents of devices. This brings up supply chain security. Many Federal agencies require TAA certified products. Some require BAA. But these come at an additional cost. Some OEMs go one step further to offer up secure supply chain services. Again at an additional cost. Then there's the software. The Solarwinds hack shows how things can go terribly wrong with a trusted software company. Even at the basics such as firmware updates. How many IT staffers spend the time to ensure the firmware is pristine by doing hash comparisons with the OEM's official hash?
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 2
vreihen1620168.50
      05-11-2021, 11:21 AM   #38
TheWatchGuy
Colonel
TheWatchGuy's Avatar
3929
Rep
2,547
Posts

Drives: 335xi
Join Date: Mar 2018
Location: CO

iTrader: (0)

Quote:
Originally Posted by Murf993 View Post
Might be the rum talking but here goes. Why doesn't the command and control system for any infrastructure have a stand alone system for the expressed reason of avoiding hacking.
having built many water and wastewater plants, its not quite as simple as not being connected to the internet.

especially for smaller municipalities, most plants arent staffed 24/7. So in order to be able to monitor and operate plants, they need remote access which creates an entry point for these types of hacks.

the other issue is reporting. the EPA has strict monitoring/sampling/reporting regulations, and some plants auto report these to the EPA, creating another entry point for these types of hacks.

then you also have the water systems that have multiple plants, pump stations, pipelines, etc that all need to report to each other. In a small town, sure, you could hardwire them all together, but that is a significant cost that small towns cant afford. In a big city, its usually not economically feasible or practical to hardwire them all together either.

probably the most secure plant ive ever been a part of was a wastewater plant for a microchip manufacturer. Everything was on a local network and was staffed 24/7. However, even in that situation, they are still vulnerable to outside attacks if someone is able to get on their local network. Especially since this plant still needed a way to communicate with other manufacturing plants throughout the company. And with all the contractors and 3rd party vendors that are constantly coming in and out of the facility, it wouldnt be hard to get in.

All that being said, most water and wastewater plants have fail safe's in place and can be run locally if something like this happened. From hardwired alarms in MCCs and control panels with relays and switches that will shut down the equipment if one of the alarms is tripped, to local control stations that you can manually operate the equipment at locally inputted set points.
__________________
@drunkcowatches on ig

Am I a watch guy, or do i watch guys?
Appreciate 1
      05-11-2021, 12:01 PM   #39
vreihen16
Recovering Perfectionist
vreihen16's Avatar
20169
Rep
999
Posts

Drives: BMW-less :(
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
Quote:
Originally Posted by CTinline-six View Post
The reason is to cut cost, maximize profit.
.
.
.
The truth is there should be a lot more security for critical systems like the pipeline and for our personal data, but placing priorities on profits and the way big tech operates doesn't allow for that.
BINGO! I reported an incident to Microsoft abuse one time. They responded...over a year later! I have the printed emails hanging on my office wall at work to show why Microsoft should be removed from the Internet as an irresponsible organization. FWIW, their abuse (and tech support) appears to be off-shored to Asia, and they are definitely getting what they're not paying for.

I love how the third-world hosting companies frequently have pleas to only blacklist individual IP addresses and not entire networks in their IP whois records. If you don't know what your customers are doing and are shifting the policing to my employer, your entire IP block (and ASN for that matter) has a special place in my firewall's naughty list.

Google is also pretty bad with Gmail. I have developed a set of filter rules to catch about 98% of the gift card and sextortion scams coming from Gmail. As big as a company as they are, they should be able to stop these emails from ever leaving their servers in the first place by implementing similar filters and user behavior heuristics to spot mass mailings. Realize that my pay checks are only 33% of what Google pays for entry-level programmers, and my employer doesn't offer free dry cleaning, cafeteria food, ball pits, or nap pods.....
__________________
Currently BMW-less.
Appreciate 1
      05-11-2021, 06:50 PM   #40
Redd
Brigadier General
4191
Rep
4,386
Posts

Drives: 2010 BMW E92 M3 Dakar Edition
Join Date: Jul 2015
Location: Malaysia

iTrader: (0)

I'm sorry to tell you all that hackers are by far smarter than any of us in here:

https://www.forbes.com/sites/leemath...from-a-casino/

The most secure computer is this one:
Attached Images
 
Appreciate 0
      05-11-2021, 08:08 PM   #41
zx10guy
Brigadier General
5506
Rep
3,310
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by Redd View Post
The most secure computer is this one:
I beg to differ:

Name:  Abacus-and-Algorithm-A-History-of-Math.jpg
Views: 795
Size:  250.2 KB
Name:  side1half.jpg
Views: 504
Size:  41.6 KB
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 2
TiMSport12843.50
vreihen1620168.50
      05-12-2021, 01:13 PM   #42
UncleWede
Long Time Admirer, First Time Owner
UncleWede's Avatar
United_States
18399
Rep
9,420
Posts

Drives: G01 X3 M40i Dark Graphite
Join Date: Jun 2005
Location: Oxnard, CA

iTrader: (0)

Quote:
Originally Posted by TheWatchGuy View Post
having built many water and wastewater plants, its not quite as simple as not being connected to the internet.

especially for smaller municipalities, most plants arent staffed 24/7. So in order to be able to monitor and operate plants, they need remote access which creates an entry point for these types of hacks.

the other issue is reporting. the EPA has strict monitoring/sampling/reporting regulations, and some plants auto report these to the EPA, creating another entry point for these types of hacks.

then you also have the water systems that have multiple plants, pump stations, pipelines, etc that all need to report to each other. In a small town, sure, you could hardwire them all together, but that is a significant cost that small towns cant afford. In a big city, its usually not economically feasible or practical to hardwire them all together either.

probably the most secure plant ive ever been a part of was a wastewater plant for a microchip manufacturer. Everything was on a local network and was staffed 24/7. However, even in that situation, they are still vulnerable to outside attacks if someone is able to get on their local network. Especially since this plant still needed a way to communicate with other manufacturing plants throughout the company. And with all the contractors and 3rd party vendors that are constantly coming in and out of the facility, it wouldnt be hard to get in.

All that being said, most water and wastewater plants have fail safe's in place and can be run locally if something like this happened. From hardwired alarms in MCCs and control panels with relays and switches that will shut down the equipment if one of the alarms is tripped, to local control stations that you can manually operate the equipment at locally inputted set points.

THIS!!! I TRIED to get our water plant to update the firewall and include a 24x7x365 monitoring service. Our only saving grace at this point is that they only have a 1.5MB/s connection.

All the updates (that aren't applied to SCADA systems) come from an internet source. Licensed software isn't available on a dongle any more.

Heck, our plant is running on a Dell desktop that has a rusted 3.5" floppy drive. I've bought 2 sets of replacement computers, but because they didn't maintain their maintenance agreements (PAY for them) we couldn't upgrade the iFix to Win 10 or 7.
We are just about done with a 5-year IT Master plan. Council will fall out of their seats when they see $8.7m
Appreciate 1
vreihen1620168.50
Post Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 05:45 PM.




6post.com
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST