There’s a Crater Where IT at ORNL Used to be.

ORNL, Oak Ridge Nuclear Laboratory, is a famous institution. It was involved in the Manhatten project to produce separated isotopes for the first fission bombs. It did important work on all kinds of nuclear physics ever since. I remember using data and articles published by scientists and engineers from ORNL when I was working and studying in the 1960s, 70s and 80s in the field of nuclear physics.

Imagine the horror I felt to read that 10% of their staff had clicked on malicious e-mails that lead to megabytes of data being stolen from servers and to stop the bleeding, ORNL disconnected from the web. InternetExploder struck again. A zero-day vulnerability allowed intruders to get into one of the most secret organizations on the planet.

Think about that. A vulnerability is published, in general terms, when a patch was released by M$ and before systems could be patched, intruders had exploited the vulnerability… Isn’t it about time that the world quit using M$’s stuff? Really. How can it ever be safe to use if it is so full, a horn of plenty, a cornucopia of vulnerabilities?

Horn of Plenty

A "Horn of Plenty" Filled with Goodness

My paltry data is important enough not to use that other OS from M$. I would think the US DOE’s data would be at least that important. I don’t know what data was stolen but even if it was little more than a staff directory it would be a treasure-trove for some evil-doers. Imagine if it was documentation of networks or security protocols or worst of all, weaponry.

Come on, malware deniers. Tell me this could not have happened.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

4 Responses to There’s a Crater Where IT at ORNL Used to be.

  1. twitter says:

    If you have experienced one Windows, you have experienced them all.

    I doubt ORNL was or will be dumb enough to use Vista 7, oldman. Almost no one businesses do that because it is really just Vista and businesses overwhelmingly rejected Vista. When it comes to business, Vista 7 lingers in single digit land generally and zero where people have a clue. If science is allowed to trump money and politics, they will do what Google did and ban Windows use without special permission. It’s time for Windows to go and everyone using gnu/linux knows it.

    Kudos to ComputerWorld for mentioning Microsoft as a problem by name. Shame on them for then blaming employees who supposedly clicked on something in their email. When you can’t win, blame the customer, right oldman?

  2. oldman says:

    “The opposition here are fond of accusing me of not knowing how wonderful “7″ and 2008 are but I know how wonderful GNU/Linux is and don’t need to pay for it.”

    Actually I believe what was suggested was that you get some experience with recent microsoft OS’s on non-vintage equipment before you pontificate, but I guess ignorance is bliss Pog.

    Just dont expect anyone to take you seriously when all you can talk about from direct experience are 10 year old versions of microsoft applications.

  3. Yep. I worked a year at one place where the boss thought XP/2003 was a wonderful combination for security and he was very reluctant for me to introduce GNU/Linux anywhere. I checked the chat logs and found the sysadmins all over the territory had unplugged from the web when the worms were marching… Scans revealed malware on many PCs. After several de-lousing operations they would become unbootable and needed re-imaging. I installed GNU/Linux on several such machines and they rocked. Students preferred them for speed. I preferred them for ease of maintenance. I had 100 machines in the building but could not keep them patched even with WSUS installed locally. There were sleepless nights. Last year, in another place, I finally pulled the plug on XP on almost all PCs and slept soundly. No malware. No slowing down. No re-re-reboots.

    The opposition here are fond of accusing me of not knowing how wonderful “7” and 2008 are but I know how wonderful GNU/Linux is and don’t need to pay for it.

  4. Brian Page says:

    Didn’t RSA just get taken by an email with a flash-embedded excel file?
    Spear-fishing I believe it was.

    Then there’s anonymous vs HB Gary.

    Even companies whose job IS security suck at it because of lowest common denominators.

    There are some very simple things you can do to prevent the most elaborate and intricate attacks.

    Stuxnet wouldn’t have any vector to the SCADA systems if the OS used on the laptops to download data to USB sticks prior to transport (sneakernet) to the PLC was ANYTHING other than windows.

    What we’re seeing here are very high-profile situations all with the same underlying problems.
    And we will continue to see this for as long as sensitive egos stay in charge of security.

Leave a Reply