Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Not as stupid as it sounds (Score 1) 126

Unfortunately some industrial automation vendors and end users still do have the security mindset of the average IoT device. We are getting better as an industry, but some are still really scary!

One of my co-workers about 5 months ago found a site where someone wrote the script to crawl around the web and look for PLCs and DCS systems and the like that were on the web with no restrictions. Some of them were probably honeypots set to trap people, but as little as 6 months ago, there were still thousands of system that were still connected to the internet!

We didn't dig around to see what they were, but I saw in a tech journal about 2 years ago a controls guy saying he installed the Allen Bradley Logix software on his home PC and found their municipal waste water treatment Logix 5000 PLC right there. He called the people who ran the facility and told them and they blew him off so he logged into the PLC and added tags names, I_Llogged_into_your_PLC, I_did_this_Remotely, Your_systems_Can_be_hacked, etc. He then called them back and said he was already in their system and described what he saw and the tags. The blew him off again but he noticed about 10 minutes later, the PLC was no longer visible on the internet!

It is scary how little some people take security in the controls world, but we are learning! Stuxnet scared a lot of controls people!

Comment Re:Jesus, people... (Score 1) 126

I posted this above, but you are assuming they are either a 1 way from the server or sending log files.

I am a controls engineer so deal with this on a daily basis. Controls systems should be separate, there should be some kind of security, but the article doesn't specify. In the last 3 months, I have had 2 vendors show up that should understand security on controls networks but they are trying to sell me valves and instruments for my facility with WiFi built into it. Not only that, but you can actuate equipment and make modifications and in 1 case tunnel into the controls network right through the device.

I would hope GM was smart enough to properly secure this and their vendor sold it with a secure option, but quite often, the vendor is clueless about security options and the local facilities are as well.

IF GM did what they should, this is a non issue. If GM didn't, then this is insane. I have seen too many companies that should know better ignoring cyber security and the auto manufacturers ignore many cyber security issues in their vehicles, what are the odd they didn't get it right in their manufacturing facility?

Comment Re:Not as stupid as it sounds (Score 1) 126

You are making a big assumption here. I work in industrial Automation as well. I am a controls engineer sitting in a facility that has it's controls network secured behind a DMZ that's sole purpose is to keep the business network away because we have nasty stuff on site. We follow industry best practices as laid down by the vendor and ICS-Cert.

With that said, we have other facilities in the same company that have the same policies as I do (policies come from corporate) in place and the local guy at 3 of those facilities keeps calling me because some engineer at the company says, this would be great, we can hook up this cell phone and our vendors can have access to their equipment to monitor it. He calls because he needs back up shooting down the engineer.

I would hope that GM is smart enough to do this, but you should know that the vendors in the controls world and automation world haven't always built their systems with security in mind and many still aren't caught up yet. This very well could be the vendor slapped a WiFi node on the robots, hooked those to the business network and have no security. There are still thousands of PLCs that are controlling processes that are hooked directly to unsecured business networks and all you need is a laptop with the PLC software and you can log right in and mess with the code. Yes, they have to figure out what to mess with and what they are doing, but it isn't anywhere near impossible for someone who knows PLC code.

I did a stint for a while as a Systems integrator and I now many places that don't think security of their controls network is an issue and they have their controls network connected to their business network or they only have 1 network for both. When we started talking about controls network security, the controls people started from the assumption that the business network has to be assumed to be compromised. IT people said, not possible our network is secure despite the fact we still on a weekly basis have people clicking on virus attachments and infecting the network.

So what the parent and what you said are proper best practices and you would hope that GM would have followed them and that the vendor who sold them the robots would have offered a solution that was secure. In the last 3 months, I have had 2 vendors come in and offer the latest and greatest of their instrumentation that had WiFi built right into the equipment and their security was, it has encryption and a password. All fine and well, but now I have to worry about 0 day exploits on the specific WiFi protocol they put in their equipment and updating the WiFi protocols on thousands of pieces of equipment that can only go down once a year....Security nightmare waiting to happen.

Comment Re:Shop mentality vs office mentality (Score 1) 360

Replying to AC, so kind of pointless, but what you are saying in 100% false.

I don't swear and find it offensive so I have been around the block on this a few times. Swearing is a gray area of when it is and when it isn't harassment.

Swearing using human anatomy terms is pretty much always harassment if someone complains, no questions asked, first offense is still an offense

Other swearing is based on the person you are talking to or even in the area, but as it is such a grey area, first offense is pretty much a freebee for the swearer. If someone who takes offense to it tells you that they find that language offensive and you do it after they have informed you, you are harassing them. Most people will follow the conversation up with a discussion with HR so HR knows you told them to clean it up and HR will let you know, that person is a snow flake, don't swear when they are around. This applies if you are swearing at them or they just happen to be in the area. Usually just in the area HR will tell the person they are being too extreme but if the HR person wants to follow the letter of the law and be exact, they can say you are in trouble.

Like I said, I don't swear and find it offensive but I am not so unrealistic or such a snowflake that I run to HR every time I hear and F-bomb. If someone is up in my face yelling and scream (which is harassment as well) and they start dropping swear words that is when I bring it up and get the person to back off and address the issue. If they continue to do it, then HR is getting involved. Despite rampant swearing in the work place, I have only brought it up to the person or to HR a couple of times and I paid attention to the law so I knew if I was standing on solid ground or not. HR agreed with my interpretation of the law and backed me.

I do know others who have taken it to any swearing at all for any reason and they will pull you into HR and HR backs them up because swearing can be constituted as harassment. Those individuals though will tell you, tell HR and then HR backs them.

Comment Not forcing coding, giving options... (Score 1) 328

They aren't saying force every kid to take programming and become coders.

Do any of you have kids in high school? I do at the moment, 2 in high school and 2 more about to enter high school. What they are saying, there is a requirement to take 2 years of a foreign language. Instead, you can substitute 2 years of programming instead. That way if you are someone who is into coding and wants to become a programmer or just doesn't like foreign language, then code to meet the requirement.

I live in Illinois, here kids are required to take 4 years of gym in high school unless they meet certain requirements to get an exemption. The school district I was in was about to make some changes to the program and tons of parents showed up and fought for the exemptions that ere in place. 1 man said, only time gym was of any use to him was basic training as a marine. Another worked in college admissions and she said they don't even pay attention to gym grades or attendance.

At some point, our education starts becoming less about learning the basics of society and turns into preparing for your future chosen career. For most, that happens in high school or college. Once you hit that point, many of the, you must take 4 years of this, 3 years of that, 2 years of that start forcing motivated kids who know what they want to do to fight through the drudgery of a stupid class they get nothing out of.

For the record, I was a high school athlete and am fluent in second language and can get by in a couple of others. I am also an engineer. I enjoyed gym, but would much rather have been able to get more AP classes. I learned something from foreign language in high school, but what I took in high school was a waste as french is not what I am fluent in.

Comment Re:Aw come on (Score 1) 106

My company has internal people who seek out candidates, but we also have several contractors that we hire to full-time look for us. They don't get company credentials, but are looking. Those people would still find Stepan people looking. Actually had it happen that one of these people found one of our employees was out looking for a job and mentioned it to HR.

So this is 1 step, but it is very flimsy and you still have a good chance they may find out anyway.

Comment Re:If you didn't RTFA... (Score 1) 332

Agreed, easy to verify. Not something I can do....I assume not something you can do.

My main point was, don't assume it is the bad officers stopped being bad like a lot of people might assume these days. Article says, say drop, but don't know reason. Current political climate makes it likely a lot of people would go to the bad officers stop thing. Maybe it is, but I know quite a few police officers and so I don't tend to look at them as bad people.

I did then offer my opinion on why, but that is why I put the I would guess (not scientific).

I would also guess (again, just my opinion and a guess) that this study will probably not go any further. They realize whatever the affect is it happens so the cameras are worth it, even if just half the time wearing them, that it justifies the expense and they don't care to determine why.

Comment If you didn't RTFA... (Score 0, Flamebait) 332

The most important thing is the end of the article.

"Specifics on how exactly this is happening are unclear. Is the officer less confrontational to begin with, avoiding escalation? Or are suspects and complainants more wary of their conduct? Is it some combination of the two, or are even more factors involved? To determine these things would be a far more complex and subtle piece of research, but the study does suggest that officer behavior is probably the most affected, and that other effects flow from that."

Someone already said it is the people acting better or making less complaints because they think they may be on camera. I am certain someone is writing, it means the police are behaving themselves.

I would guess (not scientific) that most of the drop in complaints are because people realize they might be caught on camera and acting better or not lieing to try and get a lawsuit. I am certain there are some police that are acting better as there are bad apples, but I would guess the drop is probably 10%/90% with the 90% being the people changing behavior as opposed to the police office.

Comment Re:Wait, you guys pay for it? (Score 2) 91

Level 23 Instinct (Valiant is for losers!!), just spent my first money on it.

Most free to play games, I will try, if I like them and play them for a while I figure it is time to help the cause and pay a bit as I got significant enjoyment out of it. I throw a few bucks at it to support. I think gran total I have paid maybe $50 for free to play aps in 5 or so years.

Not that I needed to pay to play at all, just got to a point where I thought it was time to support the game with a little of my money.

Comment Re:I think... (Score 1) 387

So what is your deal? You have stated opposing views on this thread and then said /. was dead.

When people responded to your posts, you said, I had never considered that, good point. No one shows respect like that for others opinions on /.!

I checked your history, and in the last 3 days you have posted more to /. then I think I have posted in 2 years!

Are you trying to boost your Karma, or just get more people responding?

Comment Re:My civil disobedience (Score 4, Funny) 534

My personal best was 37 minutes before I finally let the guy know I was stringing him along. I was working at home and had a whole lot of completely mind numbing tasks when the guy called so I could continue to work and mess with the guy.

I acted all concerned and said, let me get to my computer room, it is on the other side of the house and put the phone down for 2 minutes. Then I picked up he was still there so I said, hold on, it is booting...which one, I have 4? I told him, they are old and slow and will take a bit to boot hold on, another 2 minutes of putting the phone down.

Then I started playing along, acting like the horrible end user who is totally illiterate and can barely use a computer. Had "monitor issues" because it was unplugged. Didn't know where anything was. He told me to open a command prompt and type things in, which always resulted in Unknown command because i was "misspelling" what he told me because I was bad at typing or thought it was a different letter because of his accent.. He then switched to Alpha, Sam, Sam, designation and I pretended to type in alpha, sam, sam.

Then I used the bathroom, picked up stuff around the house a bit and finally needed to get back to actual work and told him, I will level with you, I do PC security stuff for a living, I have been messing with you the entire time.

He said, well this entire time I have been hacking into your machine and stealing all of your files and if you don't pay me, I will not let you have them back. I laughed and said, no you aren't to which he said, never underestimate the power of the common man. I told him, you are a common criminal and not that good of one and that lead to the tirade of swearing and he hung up!

Comment Boom to the Burglary Business!!! (Score 4, Interesting) 195

I grew up in a small framing community outside of Chicago and then went to college in Chicago. In one of my first few weeks there, a new friend who was from the city told me to stop looking down at the sidewalk. I asked why and he told me, that is how you get yourself mugged.

We talked about it and I realized, being from a land of no sidewalks, I always scan the ground to make sure of my footing so I don't trip on uneven ground. In the city, sidewalks are much more level and predictable so people don't have to look down. Also pickpockets and muggers look for easy targets that can't identify them. My friend told me, he was always taught, look up and look at the people around you. If you make eye contact with a mugger, there is a chance you will be able to ID him so they look for another target.

I am thinking, all these peoples looking down at their phone are an excellent target for being pick pocketed! I may have to change professions!

Slashdot Top Deals

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Working...