FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack

Bob Noel writes:

Notice that the Special Condition published in the 13 April 2007 Federal
Register (and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:

"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."

If complied with, why complain?

How do you verify compliance with something that vague?

1) Exactly what is the extent of the connection (physical and logical) between
cabin systems and cockpit systems? Unfortunately, the specifics are likely
to be considered proprietary and not in the public domain.

If the wires touch, they need to be separated.

2) Why have any connection at all?

Because it's cheaper to do everything with one network than it is to do it
with two.

I don't know if Boeing has publically stated
why, but allow me to posit that perhaps Boeing engineers believed that airlines
needed a means to monitor non-criticals systems and send aircraft status
information to their airline operations centers. There are architectures and
boundary control devices that tightly control the flow and format of information
across network boundaries.

I don't give them that much credit. They just wanted to save money.

Keep in mind that the engineers in this case probably know very little about
computers, networks, and security, and a lot about building airplanes. They
will reinvent the wheel and make all the mistakes that the IT profession fixed
long ago, possibly with very unpleasant results. It happens regularly when
any industry abruptly starts to pile computers into their products.

I can envision architectures that would provide adequate protection.

Yes, but you can be sure that Boeing engineers know nothing about them.

They exist today in the security/classified domains. I'm interested
in knowing why Boeing would want to go through the pain of implementing
such architectures and educating their engineers, DERs, and ATO folks.

Who said they educated anyone? They may not even have designed that part of
the aircraft.

btw - I don't think Boeing is dumb enough to think that computers are not
hackable, even Boeing management, and maybe even Boeing lawyers (ok,
maybe the lawyers are dumb enough).

I think they might be.

Would you fly a plane designed by Microsoft?

Mxsmanic wrote in
:


I think they might be.

Would you fly a plane designed by Microsoft?

Nope, microsoft don't design airplanes, fjukkwit.

Bertie

Mxsmanic wrote:
Bob Noel writes:

Notice that the Special Condition published in the 13 April 2007 Federal
Register (and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:

"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."

If complied with, why complain?

How do you verify compliance with something that vague?

The requirement is not unique nor vague to those that do it for a
living; you know, a job, something you may have heard about but
never experienced.

You hire any number of companies who have been doing this for decades.

snip ignorant babble

--
Jim Pennino

Remove .spam.sux to reply.

schrieb:
Mxsmanic wrote:
(...)
snip ignorant babble

Wouldn't it be a good idea to save your time on answering him? It leads
to nothing than more stupid posts from MX.


#m

Martin Hotze wrote in news:flrakc$moj$3
@kirk.hotze.com:

schrieb:
Mxsmanic wrote:
(...)
snip ignorant babble

Wouldn't it be a good idea to save your time on answering him? It leads
to nothing than more stupid posts from MX.


Make up your mind.

Bertie

Martin Hotze wrote:
schrieb:
Mxsmanic wrote:
(...)
snip ignorant babble

Wouldn't it be a good idea to save your time on answering him? It leads
to nothing than more stupid posts from MX.

No matter what anyone does, he will continue to make stupid posts.

There are two major schools of thought as to what the rest of the rational
world can do:

1. Totally ignore him to reduce the wasted bandwidth, but there will
also allways be someone who will respond whether it is because they
are new or because he particularly ticks someone off.

2. Respond to the extent that it corrects his usually incorrect and
sometimes dangerous postings least someone who doesn't know the
source actually believes what he says.

As for the time it takes, I seldom open a USENET window unless I'm
waiting for something else, e.g. a long compile or a data gathering
session to complete, so it is either that or play pocket pool.

--
Jim Pennino

Remove .spam.sux to reply.

In article , wrote:

There are two major schools of thought as to what the rest of the rational
world can do:

1. Totally ignore him to reduce the wasted bandwidth, but there will
also allways be someone who will respond whether it is because they
are new or because he particularly ticks someone off.

Either you totally ignore him or you don't. You can't have it both ways.


2. Respond to the extent that it corrects his usually incorrect and
sometimes dangerous postings least someone who doesn't know the
source actually believes what he says.

and thereby feeding the troll

The only way to deal with a troll is completely ignoring it.

--
Bob Noel
(goodness, please trim replies!!!)

Bob Noel wrote in
:

In article ,
wrote:

There are two major schools of thought as to what the rest of the
rational world can do:

1. Totally ignore him to reduce the wasted bandwidth, but there will
also allways be someone who will respond whether it is because they
are new or because he particularly ticks someone off.

Either you totally ignore him or you don't. You can't have it both
ways.


2. Respond to the extent that it corrects his usually incorrect and
sometimes dangerous postings least someone who doesn't know the
source actually believes what he says.

and thereby feeding the troll

The only way to deal with a troll is completely ignoring it.


There are always other options.


Bertie

Bob Noel wrote:
In article , wrote:

There are two major schools of thought as to what the rest of the rational
world can do:

1. Totally ignore him to reduce the wasted bandwidth, but there will
also allways be someone who will respond whether it is because they
are new or because he particularly ticks someone off.

Either you totally ignore him or you don't. You can't have it both ways.

Non sequitur.

As I said, an individual may ignore him, but there will allways be someone
who will respond.


2. Respond to the extent that it corrects his usually incorrect and
sometimes dangerous postings least someone who doesn't know the
source actually believes what he says.

and thereby feeding the troll

The only way to deal with a troll is completely ignoring it.

Won't happen in the real world.

The only thing that bothers me with those that resond is those that
quote 347 lines to add one or two lines; if you are going to respond,
snip for christ's sake.

--
Jim Pennino

Remove .spam.sux to reply.

wrote in :

Bob Noel wrote:
In article ,
wrote:

There are two major schools of thought as to what the rest of the
rational world can do:

1. Totally ignore him to reduce the wasted bandwidth, but there
will also allways be someone who will respond whether it is because
they are new or because he particularly ticks someone off.

Either you totally ignore him or you don't. You can't have it both
ways.

Non sequitur.

As I said, an individual may ignore him, but there will allways be
someone who will respond.


2. Respond to the extent that it corrects his usually incorrect and
sometimes dangerous postings least someone who doesn't know the
source actually believes what he says.

and thereby feeding the troll

The only way to deal with a troll is completely ignoring it.

Won't happen in the real world.

The only thing that bothers me with those that resond is those that
quote 347 lines to add one or two lines; if you are going to respond,
snip for christ's sake.


Heh heh.

Bertie