Britain's brand new aircraft carrier runs on ... XP

[mynameisjuan]

37 minutes ago, Prysin said:

only if you connect it to the internet.....

 

if you got access to hardware, not a single fucking system in the world is safe. 

The fact is some dumbass on the carrier will attempt to connect it. 

 

The biggest problem with security is the people. They dont give a shit what they do and that is when problems happen.

18 minutes ago, lilbman said:

Ehh.

 

No offense my man but I'm pretty sure the British government and the people they hire know a hell of a lot more about IT and about hacking aircraft carriers than you do.  Most military systems run off of XP for a reason.

Im sure they do. But they are not the ones in control of native windows xp bugs and security flaws, microsoft is. And without microsoft providing support to XP (maybe secretly with the gov, idk) the machines are vulnerable. No matter how good or amazing an at IT you are you can only band aid the problems, not fix them. 

[79wjd]

3 minutes ago, mynameisjuan said:

The fact is some dumbass on the carrier will attempt to connect it. 

How exactly do you connect a nuclear reactor to the internet?

[Sakkura]

46 minutes ago, Ezzy-525 said:

Most likely this will be a system heavily modified by the MOD. There's no way they'll leave it open to obvious OS based vulnerabilities in the age of everything being hacked.

It's certainly not a swiss cheese OS like vanilla XP would be. The question is whether they can patch in enough security fixes and changes to actually keep it secure. It would probably be easier/cheaper with more modern code. But nobody wants to start over from scratch either, so it's not like this is necessarily a terrible blunder.

 

I would probably have wanted a switch to Win 7 earlier in the process though. The ship was laid down in 2009, there should have been enough time between then and now to make software systems based on something more modern than Win XP.

[Thony]

They obviously dont want a random update in the middle of a mission

[mynameisjuan]

12 minutes ago, djdwosk97 said:

How exactly do you connect a nuclear reactor to the internet?

You do realize there are more than one pcs on a carrier right?

[DeScruff]

Ehh thats not as big of a deal as one may think.
Pretty much if the computers cannot physically talk to anything outside the ship then it doesn't matter how insecure the OS is.
If all the computers are on their own network with no outside connections, and they get hacked. I don't think the Computers are the ones with the obvious security hole, if you get what I mean.

But then again we live on a planet where a car's media player has physical IO with the computer that controls the breaks (or worse... they are the same computer)...

 

[Dylanc1500]

It appears there are people that don't know there's an intranet and the Internet. 

[Sakkura]

7 minutes ago, Sypran said:

Ehh thats not as big of a deal as one may think.
Pretty much if the computers cannot physically talk to anything outside the ship then it doesn't matter how insecure the OS is.
If all the computers are on their own network with no outside connections, and they get hacked. I don't think the Computers are the ones with the obvious security hole, if you get what I mean.

But then again we live on a planet where a car's media player has physical IO with the computer that controls the breaks (or worse... they are the same computer)...

 

Still not great if all it takes to cripple the carrier is a single USB flash drive's worth of malware. An air gap is not enough.

[DeScruff]

2 minutes ago, Sakkura said:

Still not great if all it takes to cripple the carrier is a single USB flash drive's worth of malware. An air gap is not enough.

You wanna talk about air gap.
At that point, the security to keep a malicious person off the ship has failed, and was the security hole.
Even if the computers were 100% up to date and secure that doesn't stop a malicious person (or USB stick I guess) from existing on the ship.

 

 

[Sakkura]

Just now, Sypran said:

You wanna talk about air gap.
At that point, the security to keep a malicious person off the ship has failed, and was the security hole.
Even if the computers were 100% up to date and secure that doesn't stop a malicious person (or USB stick I guess) from existing on the ship.

 

 

But bad things could happen through negligence, wouldn't require maliciousness. Having a more secure OS could help reduce that risk.

[79wjd]

43 minutes ago, mynameisjuan said:

You do realize there are more than one pcs on a carrier right?

You do realize that mission critical systems are highly unlikely to be connected to the internet... Right?

 

If they were I'd be far more concerned with that than I would about the use of XP.

[DeScruff]

29 minutes ago, Sakkura said:

But bad things could happen through negligence, wouldn't require maliciousness. Having a more secure OS could help reduce that risk.

Trust me I agree I'm pointing out its not as bad as one might initially think.
- This isn't your Grandma's infected machine that has visited a million shady websites.

I swear most articles and people's reactions (even on this forum) when shown that something is still running XP, would have you believe XP was airborne hybrid of AIDs and SmallPox, made by ISIS.

Even when the application is as stupid as: A little XP computer that just interfaces with an engraving machine at your local mom and pop jewelry store. - and isn't connected to anything else.

[ZestyJalapeno]

Who cares about the systems if the airplanes themselves were conceived in the 90s. What worries me is that the F-35 was cutting-edge...when they started the project. 10 years later and you have super-expensive planes needing constant software package updates, capability upgrades (at the taxpayer's expense) because guess what...all the delays and bureaucracy means that it's all too big to fail.

 

Nice one MOD. This is what happens when you throw your lot in with the Military Industrial Complex.

[suicidalfranco]

this is bount to trigger some folks in this forum... no matter, too late

[mynameisjuan]

19 minutes ago, djdwosk97 said:

You do realize that mission critical systems are highly unlikely to be connected to the internet... Right?

 

If they were I'd be far more concerned with that than I would about the use of XP.

Thats my point, they shouldnt be. But this world is full of idiots that will do things before thinking about the consequences. A single USB hot spot or compromised devices like a laptop or even a smart phone connecting to the LAN networking, somehow, can cause an issue. 

[Guest lilbman]

1 hour ago, mynameisjuan said:

Im sure they do. But they are not the ones in control of native windows xp bugs and security flaws, microsoft is. And without microsoft providing support to XP (maybe secretly with the gov, idk) the machines are vulnerable. No matter how good or amazing an at IT you are you can only band aid the problems, not fix them. 

I'm sure the governments of the world get secret updates as I can only imagine that they don't use consumer versions of Windows. I can't imagine them using a normal build of Windows XP on aircraft carriers and such.  One can only speculate on these things.

[VerticalDiscussions]

Best operating system ever made by Microsoft, imo.

 

[Snadzies]

Critical military hardware is the last place I'd want to install the "latest and greatest" in hardware and software.

 

So long as it is isolated from outside networks then it doesn't matter how old it is, the only thing that matters is whether it works or not.

Last thing I want is to "upgrade" the the OS and find that when I go to launch a missile it instead flushes the toilet.

[KE2012]

It may not necessarily be the governments / MOD's fault. Some weapons and systems they use, may NEED windows XP to function properly, so therefore the ship needs windows XP and its the weapons /systems manufacturer that the finger should be pointed at.

 

 

[manikyath]

1 hour ago, mynameisjuan said:

The fact is some dumbass on the carrier will attempt to connect it. 

because "some dumbass" can magically hook an aircraft carrier into the internet. if this is connected to any network at all, it'll be straight hardware sticking it into a virtual armored fortress with no way out or in except for those who specificly require it (which, for example, wouldnt be youtube.)

[manikyath]

2 minutes ago, KE2012 said:

It may not necessarily be the governments / MOD's fault. Some weapons and systems they use, may NEED windows XP to function properly, so therefore the ship needs windows XP and its the weapons /systems manufacturer that the finger should be pointed at.

 

 

this.

 

it's often not that they dont want to upgrade to a new OS, it's that the 3 million bill may have been a 6 million one if they had to re-engineer all this crap for lets say.. windows 10..

 

which FYI.. windows 10 calls home constantly, which would you rather have on your aircraft carrier?

[SpaceGhostC2C]

3 hours ago, Captain Chaos said:

 

So to those saying that "if you don't want ransomware etc you should just update to Windows 10", this should indicate that it isn't always that easy.  I'm fairly confident that it's not the price of some Win10 licenses that's stopping them from upgrading.

I'm also pretty confident it doesn't exactly connect to the internet to get its secret orders from the royal navy headquarters via hotmail  

 

The thing with OSes is that they only get more secure over time. I mean, XP has fewer security holes now that when it was new, and everyone was supposed to "upgrade to XP to improve security". The software itself is simply better, as a number of flaws have been patched.

What works against it is that, as times passes, it is more likely that whatever flaws it has become known (although people will eventually stop even researching it if usage falls enough). So, the balance of how much is known to potential attackers vs. how much is patched over time is far from obvious. Basically, we know one part of the equation (how many things have been patched), but we can't possibly know the other (how many holes were known by potential attackers at each point in time).

 

In any case, for an offline system, local secuirty, predictability and stability are more important than remote access vulnerabilities.

But who know, maybe the carrier will soon join your toaster in some botnet  

[Ezzy-525]

4 minutes ago, SpaceGhostC2C said:

I'm also pretty confident it doesn't exactly connect to the internet to get its secret orders from the royal navy headquarters via hotmail  

Wait...so you're telling me there isn't a Virgin Media ship following closeby feeding it a fibre optic cable? (That way they get TV on the ship too!).

[SpaceGhostC2C]

Just now, Ezzy-525 said:

Wait...so you're telling me there isn't a Virgin Media ship following closeby feeding it a fibre optic cable? (That way they get TV on the ship too!).

They had to drop it in the last budget cut due to roaming charges.

[cj09beira]

3 hours ago, mynameisjuan said:

This isnt about it being broke. This is a security hole...a major one at that. 

except it probably isn't on the internet,