Hacking to Hide

  • Comments posted to this topic are about the item Hacking to Hide

  • Are you saying that Linux doesn't get seasick?

  • I like the idea of a live continuous export.

  • I'd be surprised if these are systems running on major vessels like tankers or cruise ships with no more thought to security than install XP with full access to the internet and call it a day. And while I'm surprised that they're still running XP a 14 year old distro of linux isn't going to be more secure.

  • Your argument is similar to the argument that photographs are great evidence. Really what makes the photographs good evidence is the person who can attest to what is in the photograph, whether they are the expert or the actual witness.

    412-977-3526 call/text

  • Embedding any release of Microsoft Windows operating system on industrial or military devices makes about as much sense as deploying Chrysler Town & Country minivans on the battlefield in Afganistan. This is not intended to be a jab at Chrysler minivans, it's a great vehicle for transporting the family to work and school; I'm just saying they don't belong on a battlefied, that's all. The same goes for Windows OS not belonging mission critical embedded devices.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • It's Windows XP embedded though not the bog standard Windows XP install. So the security risk could be minimised by only having the components required to function - though depends how it is configured. I believe the embedded version of XP is still supported by Microsoft until early this year.

  • Huge numbers of bank ATM systems run on XP based systems, so generalisations saying its not fit for use are pointless.

  • The thing I'd say is that XP isn't robust. It doesn't have good long term stability, at least not as good as some of the real time OSes or many Linux installs (without much added). The core of XP degrades, needs maintenance, and periodic reboots. While miles ahead of Win2K and previous versions, it still wasn't great. Even Win7/8/10 aren't truly robust for long term, stable, reliable operation. Forget about security.

    In something like a black box, this seems a mistake to me. Like Eric Russell mentioned, it doesn't make sense.

    What about ATMs? Well, they're not mission critical in the sense that they don't have to be reliable all the time. They break, they get reloaded and have maintenance where someone could schedule a reboot or defrag. There certainly could be legal issues, but banks can account for some monetary loss if the system breaks for a few minutes.

    That's not what we want in a black box.

  • As I always say, it ain't the tool that is used that's the problem, but the tool that uses it.

  • If you're going to install Windows on a device, something like a black box, then perhaps Server Core, or maybe Mobile Edition, is what you need.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Chris Quinn-821458 (1/5/2016)


    As I always say, it ain't the tool that is used that's the problem, but the tool that uses it.

    For a black box device, there shouldn't be any end user interaction under normal cirsumstances, at least not until the telemetry data needs to be retreived by proper authorities.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Decent data recorders should be using either a secure Linux or some other secure embedded OS.

    (Background: Worked on telecom software and hardware for years. Also used to work across the hall from a company that built data recorders and black boxes for cargo trailers. Went to lunch regularly with a senior engineer and used to date the office manager. Also hangout with folks that do embedded hardware for defense contractors, makers and radio engineers.)

    Now that we are be flooded with inexpensive boards (Pi, BBB, etc) that can run Linux, we are seeing a lot of cool advances in the embedded devices world. (I hate the IoT moniker.) Example: http://www.rosepointnav.com/commercial-radar-interface/

    http://blog.plataformatec.com.br/2015/06/elixir-in-production-interview-garth-hitches/

  • Are the newer, digital, internet enabled back boxes really more "advanced" ?

    My assertion is that the older analog devices are probably more reliable and less prone to data hacking, and that's what should account the most.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Are the newer, digital, internet enabled back boxes really more "advanced" ?

    My assertion is that the older analog devices are probably more reliable and less prone to data hacking, and that's what should account the most.

    Yes, they are more advanced. Properly designed and maintained, they can be more secure.

Viewing 15 posts - 1 through 15 (of 20 total)

You must be logged in to reply to this topic. Login to reply