Malware implicated in fatal Spanair plane crash

Source: TechNewsDaily

Computer monitoring system was infected with Trojan horse, authorities say

updated 2 hours 21 minutes ago


Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.

An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais.

Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.

The U.S. National Transportation Safety Board reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted — and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system failed. Two earlier events had not been reported by the automated system.

Read more: http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/

Why did it take 2 years to discover and announce this?

And, why didn't the pilot follow his check-list and set the flaps manually before takeoff? Every pilot in the world does that by instinct.

This is really weird.

It was on a ground computer. It sounds like a MS box, and the alert logs weren't useful, because they were filled with crap from the malware, so nobody noticed the errors that were thrown.

:kick:

If the system had bricked, it would have had no effect on the plane (it was a secondary system), so it probably wasn't considered critical...

:shrug:

the air traffic system that aren't critical.

When I was still considered one of the top people available (for less than 6 figures) in my field, I spoke endlessly on the foundational flaws in M$ OSes and the reasons not to use them, and for a long time the government listened. Then M$ opened their checkbooks to the politicians and opened the floodgates.

If Windows system can't make sound accurately to within 30 milliseconds how can it handle a plane with SEVERAL such timing dependent functions?

I have some friends who are on the verge of trying to record an album and do all the mixing and mastering on MS machines. I'd like to pass on any tips you may have (I assume the first is use an Apple!).

and for recording the basic track masters I either do use the Mac system or i record it all to a hardware recorder and then edit later in software.

As for the technicals of the timing issue, this guy has gone over all the options with a fine toothed comb about 6 months back, here is the link.

http://www.velvetacidchrist.com/2010/02/16/midi-woes-computers-suck-with-hardware-a-grim-tale/

The timing issue might not be bad for you of even noticable if you are recording all the tracks at the same time with a live band all in the same room, but if you record everything one at a time for 32 tracks there is going to be some issues that need to be dealt with.

http://www.wired.com/science/discoveries/news/1998/07/13987

"While Microsoft continues to trumpet the success of its NT operating system over Unix-based systems, the US Navy is having second thoughts about putting NT at the helm. A system failure on the USS Yorktown last September temporarily paralyzed the cruiser, leaving it stalled in port for the remainder of a weekend.

That was way back in 1998.

... preferably with chains and ball-bats. :)

their crapware on the world?

Complete and utter shit since day 1

In the "house of glass" metaphor, you're talking about going after the guy with the rock, when maybe the bigger problem is the idiot architects who built so many houses made out of glass in the first place?

to keep this from happening, however the pricks with the malware are focusing only on breaking in and setting things up like adware and how they can break in covers all network and software you put on your computer - regardless of the OS. If everyone stopped using Microsoft they would be writing the Malware for Linux. It's not the software writers that are the problem, it's the crooks who try to find anyway around it.

Company A makes steel doors.
Company B makes wood doors.

Lots of people buy the cheaper wood doors, a few buy the steel doors. When the wood doors repeatedly fail, Company B declares "if you had all bought the steel doors, they would be trying to break into them instead!"

While there is some merit to this argument, in that criminals will try to break into whatever there is available, would you say it's wiser to live in a house with steel doors, or wood doors?

.....while the steel doors are made and tested by Ex-thieves who have decided to turn over a new leaf and by your co-workers.

Some of us just like.... messing with doors.

:evilgrin:

My project history and code contributions:
PHP
Amavis
Snort
PostgreSQL

viruses and malware for linux and OSX if MS wasn't around is bullshit.

Always has been, always will be.


But....

The structural errors and laziness in the code M$ puts out decade after decade is a perfect petri dish for all kinds of idiotic day one exploits, malware, viruses and easy-peasy brain dead hacks.

We don't call it Internet Exploder for nothing.

Howzat Outbreak Express working for everyone???

Such a critical system should have had several layers of protection that would have prevented this.

... that is the story that Fox will jump on - because stoking fear is their favorite past time - other than pushing Gold and the GOP agenda (often they are all compatible so bully to them)

i especially hate the ones that infect your computer by trying to make you buy their shit to clean up their own shit.

but i never thought it could cause a problem with airlines like this.

got shut down legally a few years ago. Last I heard about him, he killed himself, his wife and his young daughter in a car in a driveway. Nice personality huh?

http://www.foxnews.com/story/0,2933,391022,00.html

are messed up assholes.

no malware can get on a computer unless one surfs the web, downloads porn or warez or is engaged in emailing private individuals who may be unknowingly sending bad things.

Why was this computer not "secured" so that it could only access the company web site and receive only company mail? Someone must have used that computer for non work related things for it to get malware on it.

Or, as the story mentions, a VPN ("virtual private network") connection could have been used as well.

Historically, virii were commonly spread through the use of removable media, especially floppy disks.

The spreading of malware by remote connection is a comparatively recent innovation.

Google was hacked by China via a PDF sent through company email channels.

that manage the planes. WTF? Where were the firewalls etc?

("air-gap", in this sense, means that there's no communication, even radio).

Anything that has external communication has the possibility of exploitation via that communication. ANYTHING.

I just thought it was common sense for anyone in an industry that has such high risk.

And after having watched Star Trek: The Next Generation, just TONIGHT...

the 2-parter, where Picard was turned into Locutus...and then they finally put
the Borg ship to "sleep".

The Malware thing is like a bad science fiction movie.

Actually Windows 7 and IE8 is a rather good combination. The real problem is that malware is no longer being written by computer geeks. Malware is being developed by high level criminals with a lot of professional programmers and money involved. We did not allow mission critical systems access to the internet and we kept unauthorized people away from them. :hippie: