lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20041022181906.6473.qmail@mail.securityfocus.com>
Date: Fri, 22 Oct 2004 14:34:55 -0400
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: <bugtraq@...urityfocus.com>
Subject: Is Windows up to snuff for running our world?


Hi,

The Microsoft Windows operating system is increasingly being used in devices
which run our world.  Some examples include cash registers, ATMs, electronic
voting machines, and factory control computers.  But is the Windows
operating system really reliable and secure enough for these kinds of
applications?  A small incidence at the Atlanta airport last May makes me
wonder.

I was flying home to Boston from Atlanta on Delta Airlines.  When I got to
my gate at the Atlanta airport, I immediately noticed that there was a
Windows error alert box in the middle of the large display screen over the
gate door.  I walked around the terminal and saw that many of the gate
display units had the same error alert box being displayed.  In many cases,
the display units were no longer usable since the alert boxes covered up
critical information on the screens. 

Here are some photos I took of the problem:

   http://www.ComputerBytesMan.com/atlanta

The problem existed for at least 30 minutes, but no one from Delta seemed to
be interested in fixing it.  I wanted to click the "Okay" button myself, but
I couldn't find a mouse. ;-)

I even recognized the software package that was failing at the Delta
terminal.  It is a customer support package that a number of computer makers
ship with their home PC systems.  This same software package was
pre-installed on my Sony laptop but I removed it after discovering that it
contained a number of ActiveX controls with serious security holes.  These
security holes can potentially be used by a virus writer to take over a
Windows PC using simple script code.

The customer support software was failing because it couldn't find a
standard Microsoft ActiveX control which ships with Windows.  My impression
is that the Windows operating system in control of a display unit had
somehow been corrupted.  Ironically this customer support package is
designed to diagnose and fix these kinds of problems with home PCs.  Why
Delta was running consumer-grade PCs for this application is bit hard for me
to fathom.

I sure that this is not the first time a Windows system has failed in a
dedicated application.  If you have any interesting photos of similar
Windows failures, please send them along to rms@...puterbytesman.com.

Richard M. Smith
http://www.ComputerBytesMan.com

Links

Microsoft server crash nearly causes 800-plane pile-up
http://www.techworld.com/opsys/news/index.cfm?NewsID=2275

Car crazy: Microsoft in the driver's seat
http://tinyurl.com/6s24a

ATMs in peril from computer worms?
http://www.theregister.co.uk/2004/10/20/atm_viral_peril/

Shifting cyber threats menace factory floors
http://www.securityfocus.com/news/9671

Software vendors just don't "get" ActiveX security
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0043.html







 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ