You are viewing a single thread.
View all comments
0 points

Legacy hardware and operating systems are battle tested, having been extensively probed and patched during their heyday. The same can be said for software written for these platforms – they have been refined to the point that they can execute their intended tasks without incident. If it is ain’t broke, don’t fix it. One could also argue that dated platforms are less likely to be targeted by modern cybercriminals. Learning the ins and outs of a legacy system does not make sense when there are so few targets still using them. A hacker would be far better off to master something newer that millions of systems still use.

Tell me you know nothing about cybersecurity without telling me you know nothing about cybersecurity. Wtf is this drivel?

permalink
report
reply
0 points

It really depends if these systems (that appear to control arrival boards) are on a network or not. If they’re not, then there is minimal risk to leave them the way they are. Somebody would need physical access to the devices to do harm. If they are on a network then that’s a pretty big deal, but some attacks could be mitigated against by tunnelling and/or additional packet filtering to ensure the integrity of messages.

Continuing on a railway theme you should be FAR more worried all the devices that run up and down the side of railway lines - PLCs that talk with each other and operations centres to control things like lights, junctions, crossings etc. If they’re more than 5 years old then chances are then all that traffic is in the clear, and because these things live in boxes by the railway line, it wouldn’t take much to break into a network and potentially kill people by running two trains into each other.

permalink
report
parent
reply
0 points

the job was advertised as being remote…

permalink
report
parent
reply
0 points

Well yes. You can code software remotely. That doesn’t mean the end system is reachable through the network. Given it’s DB, I bet these systems are still patched by floppy. Until very recently they’ve used floppy’s to distribute train schedules to be displayed in the train.

permalink
report
parent
reply
0 points

Simple solution: Don’t connect it to the Internet. Hackers hate this one weird trick.

permalink
report
parent
reply
0 points

And said trick ends when an attacker manages to socially-engineer their way in. (But maybe they’ll drop floppies instead of flash drives around the block this time)

permalink
report
parent
reply
0 points

Sure, but how likely is this in this specific scenario. We’re talking about a system that’s not even directly controlling the train but just a display on it. The worst that can happen is that those displays won’t work until the system is reinstalled. That’s hardly a lucrative target for modern hackers. There’s way easier target which are worth something.

permalink
report
parent
reply
-1 points

You really think that infrastructure IT is dumb unless it can brush off a Stuxnet-like attack by the CIA and Mosad? Most RR traffic signals in the US are run with mechanical logic, physical switches connected to circuits closed by steel wheels on steel tracks. Do you really want a “move fast and break things” tech bro to update all this stuff for us?

All kinds of infrastructure uses ancient software because it’s reliable. Updating it just to protect from hackers causing damage is likely to cause that damage unintentionally while doing little to protect from hackers anyhow.

permalink
report
parent
reply
0 points
*

The author’s grammar rammar isnt that great as well. Those typos can be should have been catched easily by the spellcheck.

Edit: Including me :p

permalink
report
parent
reply
-1 points

The author’s rammar

Finally caught a *grammar cop doing a typo in the wild. Pure joy.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 5.9K

    Posts

  • 127K

    Comments