this post was submitted on 24 Dec 2023

184 points (100.0% liked)

Global News

4499 readers

396 users here now

What is global news?

Something that happened or was uncovered recently anywhere in the world. It doesn't have to have global implications. Just has to be informative in some way.

Post guidelines

Title format

Post title should mirror the news source title.

URL format

Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.

[Opinion] prefix

Opinion (op-ed) articles must use [Opinion] prefix before the title.

Country prefix

Country prefix can be added to the title with a separator (|, :, etc.) where title is not clear enough from which country the news is coming from.

Rules

This community is moderated in accordance with the principles outlined in Article 19 of the Universal Declaration of Human Rights, which emphasizes the right to freedom of opinion and expression. In addition to this foundational principle, we have some additional rules to ensure a respectful and constructive environment for all users.

1. English only

Title and associated content has to be in English.

2. No social media posts

Avoid all social media posts. Try searching for a source that has a written article or transcription on the subject.

3. Respectful communication

All communication has to be respectful of differing opinions, viewpoints, and experiences.

4. Inclusivity

Everyone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.

5. Ad hominem attacks

Any kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.

6. Off-topic tangents

Stay on topic. Keep it relevant.

7. Instance rules may apply

If something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!legalnews@lemmy.zip - International and local legal news.
!technology@lemmy.zip - Technology, social media platforms, informational technologies and tech policy.
!interestingshare@lemmy.zip - Fascinating articles, captivating images, satisfying videos, interesting projects, stunning research and more.
!europe@feddit.org - News and information about Europe.

Icon generated via LLM model | Banner attribution

If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 2 years ago

MODERATORS

BrikoX@lemmy.zip

184

U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say (www.fastcompany.com)

submitted 2 years ago by BrikoX@lemmy.zip to c/globalnews@lemmy.zip

15 comments fedilink hide all child comments

Archived version: https://archive.ph/vmEpv
Archived version: https://web.archive.org/web/20231224092642/https://www.fastcompany.com/91002831/us-water-utilities-hacked-cybersecurity

top 15 comments

sorted by: hot top controversial new old

[–] averagedrunk@lemmy.ml 23 points 2 years ago (1 children)

I'm too drunk to read the whole thing, but I have an anecdote that is related.

Years and years ago one of my customers was a city. They had SCADA systems to control and monitor the city water. Originally there was no way to access the Internet from the control machines and no way to access those machines from the Internet.

Well, they got a new boss at the water department and he wants to check it from home. He'd been told that's a bad idea repeatedly. Eventually my boss got some folks at the city to sign a document saying we don't recommend it and they accept the risks and I get him remote access.

Time moves on several months and suddenly half the city has no water. Anyone care to guess why? Anyone care to guess who the city tried to blame? Because that person and the MSP they worked for would have been fucked if not for a nice waiver showing that we said this would happen.

[–] Drusas@kbin.social 5 points 2 years ago (1 children)

I so hope that person got successfully sued.

[–] averagedrunk@lemmy.ml 6 points 2 years ago

Nope. No consequences at all. He was around for a while after that, same position. A quick glance at LinkedIn shows he owns/runs a hotdog joint now. That's not something I would have guessed.

[–] phoenixz@lemmy.ca 23 points 2 years ago

That's not even "hacked", that is just "criminals got in because we left the front door open"

[–] Transporter_Room_3@startrek.website 22 points 2 years ago (1 children)

For all the measures companies take to secure everything from unauthorized access via breaches in security, there is *NO * greater threat to their system than the intended end-user.

Who can be dumb, lazy, complacent, or simply doesn't give a shit. Usually those last two in my experience.

I've seen a setup that requires multiple pass codes and keys to get from any door to the server room, with reminders that personal devices are NEVER to be used with anything inside all along the way, and some chucklefuck sticks a flash drive with his music in the only pc in the room "so I can jam while I work, you know how it is, nobody will know"

[–] Nightwind@lemmy.world 17 points 2 years ago (1 children)

My experience is: If you don't want x to happen with computer systems, make it physically impossible. Cut the internal USB cables or super glue them shut.

[–] Transporter_Room_3@startrek.website 8 points 2 years ago

I actually have worked in places where the company straight up took a screwdriver and physically broke every single usb port.

Also had to use a non-networked laptop where all the i/o ports were hot glued to keep whoever works on it from putting anything on it, since it was for a specific purpose.

[–] loki@lemmy.ml 18 points 2 years ago (1 children)

welp time to change my password to 2222

[–] glitch1985@lemmy.world 5 points 2 years ago

9999 would take longer to brute force.

[–] Drusas@kbin.social 12 points 2 years ago (1 children)

The article doesn't explicitly go into it, but I get the impression this could be greatly improved by making those utilities public instead of private and requiring certain standards rather than encouraging them.

[–] tiredofsametab@kbin.social 3 points 2 years ago* (last edited 2 years ago) (1 children)

I read the post backwards, somehow, in spite of reading it twice. Oops.

~~Yes, because that's worked so far for the train wreck that is the US healthcare industry or the Texas energy grid.

There are a lot of things to improve, sure, but turning it over to private industry is not the right one.~~

[–] Drusas@kbin.social 8 points 2 years ago (1 children)

You may want to reread what I said.

[–] tiredofsametab@kbin.social 4 points 2 years ago

Sorry about that. I read it twice and still somehow misread. Thanks for pointing it out.,

[–] ares35@kbin.social 7 points 2 years ago

every month or so i get reminded of how many telco customers here have default passwords for their pppoe authentication (for dsl) and email accounts. it's scary.

[–] maquise@ttrpg.network 7 points 2 years ago

“You know, as much as I'd like to claim this was the result of me being a genius, it's more that someone else was not. “

Freeman’s Mind