Security Slip Left Unfixed for Five Months
So, turns out there’s been a security hole that could let anyone hack into various cities’ water treatment plants, natural gas lines, or potentially even nuclear power plants. It could give them the access to stop treatment of an entire city’s water supply, shut off electricity for countless communities, or do any number of other damaging things. Oh yeah, we knew about this problem five months ago…but didn’t get around to fixing it until last week.
Yup, it’s true: Security firm Core Security Technologies revealed today it’d discovered the lapse back in January. Its engineers found a buffer overflow problem that let them gain access to these critical systems over the internet. They immediately notified the systems’ manufacturer, Citect — which proceeded to do absolutely nothing until a few days ago.
I spoke with Core Security’s CTO as well as a respected homeland security expert about the story this morning. They were both baffled as to how the issue could be left unresolved for so long. Citect, for its part, hasn’t offered any comment or explanation.
Well, hey — I mean, this is just a matter of international security we’re talking about, right? Maybe the Citect crew had other priorities to address first — say, some social networking. Bathing suit shopping. Or sandwich making. Mmm…sandwich.
Damn it, I almost got distracted. But back to the point at hand: What the hell, Citect? What the hell? You seriously knew about this problem and let it go for five entire months before fixing it? And you are responsible for the remote management of critical utility systems across America and the world? Nice work, fellas. Really nice.
For that, today we award TechCult’s rarely sought after and highly irrelevant honor, the Sarcastic Salute. Yes, my Citect friends, you are officially the biggest jackasses in the world this week. Congratulations, and keep up the globally embarrassing work. Shipping your commemorative plaque is a high priority for us…so, following your model, we’ll get to it sometime around November.