Going to see this a lot...(Photobucket)

That`s why you`ll never be "popular"

 

It does work like that. Just because your company fails to manage it adequately does not in any way indicate it doesn't work like that. Connected systems are just that, connected systems, and unless the computers running those things are running one off operating systems written by the company that developed them then they are likely running a *nix based OS or some flavor of windows. 6th and 7th generation drilling platforms are no exception. Just because they don't spend the time, money and resources to actively avoid such incidents doesn't mean it can't be done.

And before you go off on a tirade about me not getting it. I won't tell you how to drill a hole in the ocean floor. Don't know much about it but there is in this case one thing I know a great deal about. I know corporate networks and I know the battles fought over keeping things current, patched and tested. It's kind of what I do.

 

Get off my concrete lawn.

 

My understanding from news broadcasts was that they were targeting rather large businesses. If that's true, $10 is exactly the same as $300. It makes a difference to an individual, but don't tell me that your company would base its decision on whether it's $10 versus $300. That makes no sense.

 

Soon enough facegores will pull some shit like this and that's when there's rioting in the streets.

Sucks for people who loaded a ton of photos there and now have to scramble to find another place to put them . . . no it doesn't, it's f@ckin' funnier than a fat guy falling into a manhole.

 

imgur.com for image linking and hosting. The site itself is worthless memes and nonsense, but its super simple and flexible image hosting for these purposes. Photobucket lost me a long time ago and I think it was when they were trying to force users to create a Yahoo account.

For storage, I pay the $5/mo or whatever to Google for a few gigs of storage space and will likely continue to pay more as my storage needs expand. However, it is a reasonable cost, I feel quite strongly that my data is reliably stored, and I can easily access everything from Android.

 

They wouldn't. I wasn't necessarily talking about my company. There were millions of computers affected, they wouldn't "give in" even if it was only $1.

I was just talking in generic terms. Like if I was going to do something like that, I'd make it $5. The average person is more likely to pay that.

 

Ok.

 

That was WAAAYYYY too easy.

 

Meh. I don't have the background or vocabulary to argue about it. I just know what I was told (why the patch hasn't been installed yet).

I know every time GE comes out with a patch/software update for the BOPs, they have to install it in their in-house BOP CCU (that mimics ours on the rig) and run through weeks of function testing to see how/if it affects other systems. From the time the update is available, it takes 6-9 weeks before it is approved to be installed on the BOP computers on the rig.

Anyway, I don't know much about that shit. I just know that my company has a huge IT building with over 2,000 highly paid IT guys from all over the world. But I'm sure they are all idiots and don't know what they are doing.

 

Notice I referenced that they may or may not be. They may very well be doing all they are allowed to do to keep the place secure. There are often instances where they recommend getting rid of something out dated and out of support and are denied the ability by some suit above them because the suit doesn't want to extend the man power and money to rid itself of the outdated equipment or software. That's how these things happen.

 

There can be risks with patching. In today's world, the risks of not keeping up with patching typically outweigh them. They do need to be tested at some level, but if you try to 100% test every feature of every system for every patch, you won't get there in a timely or cost efficient manner. Then you will fall victim to an attack and your systems will fail anyway.

Or from another angle: If a patch goes bad, your system might not work. If your system is hacked it may actively work against what you are trying to do. That wasn't really the case with this attack, but it could be the case with the next one, particularly if it is more targeted. I could easily some some eco-hacker attacking oil drilling rig computers to create a disaster so they could point out how evil oil and oil drilling companies are.

 

Wouldn't it be ironic if the virus these assholes wrote took down all the computers storing their ill-gotten bitcoins?

 

Yep. From what I gather, that is essentially what happened. They are limited on what they can do (or when they can do it) until all of the testing and approvals are done.

There are many systems that still work off Windows 7, because we KNOW it works. It would be too costly (and potentially risky) to update everything.

 

Craigslist is turning into a paid site as well. Can't blame them for cashing in. I'm not paying photobucket $400.

 

It's an interesting move...

Obviously you'd think PB has done a lot of thinking about this decision, although it doesn't mean they'll be right! What's the profit they make on an unpaid member through ads? Maybe a quarter a year? Charge $400 a year, and you'd have to get 1 in every 1,600 people to pay up to maintain current levels of profitability.

Honestly, I'm still pretty shocked they went with $400...

 

Getting back on track here...you can share a Google Photos album and then use a link from that to embed. This same topic was discussed over on BARF this week...

 

Came here to say this.

 

I actually work for GE, but not oil and gas. And you are correct, when it comes to industrial controls and places like my area, healthcare, its not always possible to deploy patches in a timely manner due to regulatory requirements, safety/risk concerns with changing the system, etc. But, there are ways to manage it. I know a hospital in PA got hit, but in terms of medical devices that were compromised as part of it, it was fewer than most would believe. If systems got hit that hard, there's a good chance they didn't have proper controls in place to begin with. Now, I'm reluctant to blame the IT people, because I'm one of them and we usually get blamed for everything, but it could be budgetary, or it could be an organizational issue. What I see at hospitals is that IT doesn't want to manage the clinical stuff - they leave it to clinical support staff (who know exactly dick about securing a network and devices attached to it). In your case, maybe IT doesn't manage the industrial control systems. So, that puts the responsibility on the people that do. And if they don't have IT backgrounds, but manage IT-integrated systems, there's a big problem that isn't resolving itself.

 

This is a photo embedded from Google Photos -