Gasoline panic hits home

[awalker1829]

What we need to do is ....
Do a much better job of protecting our infrastructure from Hackers and virus'. It's not that hard!

These business need to decide ... Do they really need to be ONLINE? If not, then get the Hell offline.
That is 99% of the way these idiots get to you.

If they have to be online, than they should be required by law to have enough security to keep these idiots out.
It's not that hard but, there is a cost money wise and that is what stops these business'. They don't want to pay this cost, so they take stupid chances. The government needs to ID these business' and force them to protect their assets.

Honestly, it's not that hard but it is a constant battle to keep them out. I know, I did this for the company I worked with for 24 years. Paying a "ransom is a red flag to me that they did a poor job of doing "backups". We had so many backups that if they did get through to us, we could just delete everything and reboot to a fresh copy of the backup and you could be back up again. Yes, it would have taken maybe 2 hours to do that, but that would be much better then paying a ransom or being offline for days on end. If I hade done this at work, I would have been fired. That needs to happen.

Paying a ransom:
This is a huge mistake. Because most of these ransomware includes a "backdoor" built into it. If you pay the ransom, there is no guarantee that they will not use that back door and do it to you again. Your only recourse if you pay ransom is to quickly try to ID the back door and remove it. It's really not very easy. And, there could be multiple back doors. So, where do they stand now. At best, they are back up BUT ....

Paying ransom is not something you should have to be doing .... EVER.

Problem is, you have some "old school" business men that still can't see the value of a proper IT department, and pay for it. If there is a possibility of impacting the public like this, then they should be "required" to do it. I hate forcing business to do things, but sometime it is necessary.

Darryl

Actually, that falls under Department of Homeland Security. In one professional continuing education course that we were REQUIRED to take, the presenter (a IT security expert) found out that a Georgia municipality had lax online security. He was able to get into their system and access the control for their municipal water supply. He actually contacted them, told them they had a security issue and offered to help them fix it. They blew him off and he dropped a dime on them. He contacted DHS and they paid the municipal water department a visit.

I can't speak for other court systems, but in Arizona our Supreme Court takes Information Technology security very seriously. We are required to take an annual computer and information security course and our IT department is constantly monitoring the system for online threats. That is more critical than ever, as we now permit attorneys and parties to submit pleadings via two different electronic filing systems. We have to make certain that the parties can use the systems to file, but make certain that viruses are not imported from outside computers to our computers.

[ffuries]

What we need to do is ....
Do a much better job of protecting our infrastructure from Hackers and virus'. It's not that hard!

These business need to decide ... Do they really need to be ONLINE? If not, then get the Hell offline.
That is 99% of the way these idiots get to you.

If they have to be online, than they should be required by law to have enough security to keep these idiots out.
It's not that hard but, there is a cost money wise and that is what stops these business'. They don't want to pay this cost, so they take stupid chances. The government needs to ID these business' and force them to protect their assets.

Honestly, it's not that hard but it is a constant battle to keep them out. I know, I did this for the company I worked with for 24 years. Paying a "ransom is a red flag to me that they did a poor job of doing "backups". We had so many backups that if they did get through to us, we could just delete everything and reboot to a fresh copy of the backup and you could be back up again. Yes, it would have taken maybe 2 hours to do that, but that would be much better then paying a ransom or being offline for days on end. If I hade done this at work, I would have been fired. That needs to happen.

Paying a ransom:
This is a huge mistake. Because most of these ransomware includes a "backdoor" built into it. If you pay the ransom, there is no guarantee that they will not use that back door and do it to you again. Your only recourse if you pay ransom is to quickly try to ID the back door and remove it. It's really not very easy. And, there could be multiple back doors. So, where do they stand now. At best, they are back up BUT ....

Paying ransom is not something you should have to be doing .... EVER.

Problem is, you have some "old school" business men that still can't see the value of a proper IT department, and pay for it. If there is a possibility of impacting the public like this, then they should be "required" to do it. I hate forcing business to do things, but sometime it is necessary.

Darryl

Actually, that falls under Department of Homeland Security. In one professional continuing education course that we were REQUIRED to take, the presenter (a IT security expert) found out that a Georgia municipality had lax online security. He was able to get into their system and access the control for their municipal water supply. He actually contacted them, told them they had a security issue and offered to help them fix it. They blew him off and he dropped a dime on them. He contacted DHS and they paid the municipal water department a visit.

I can't speak for other court systems, but in Arizona our Supreme Court takes Information Technology security very seriously. We are required to take an annual computer and information security course and our IT department is constantly monitoring the system for online threats. That is more critical than ever, as we now permit attorneys and parties to submit pleadings via two different electronic filing systems. We have to make certain that the parties can use the systems to file, but make certain that viruses are not imported from outside computers to our computers.

My brother did Combat Comm in the Air Force for 20 years. While at one base, which I'll leave un-named, one of his jobs was to try and hack the base net, which he did successfully on several occasions. Due to the base's mission, that was not a good thing. But the reason they did it was to find the vulnerabilities and backdoors and fix them. While no system will ever be 100% un-hackable, the harder you make it for them the less likely they'll keep trying.

My brother now works for a company, with a government contract, still doing comm......

[ffuries]

Just found out where I live we have the highest gas prices in Florida state. Our highest local cost is $3.15, but our average local cost is $3.07. They expect the gas to stay high until October.....

[Sonny]

[awalker1829]

What we need to do is ....
Do a much better job of protecting our infrastructure from Hackers and virus'. It's not that hard!

These business need to decide ... Do they really need to be ONLINE? If not, then get the Hell offline.
That is 99% of the way these idiots get to you.

If they have to be online, than they should be required by law to have enough security to keep these idiots out.
It's not that hard but, there is a cost money wise and that is what stops these business'. They don't want to pay this cost, so they take stupid chances. The government needs to ID these business' and force them to protect their assets.

Honestly, it's not that hard but it is a constant battle to keep them out. I know, I did this for the company I worked with for 24 years. Paying a "ransom is a red flag to me that they did a poor job of doing "backups". We had so many backups that if they did get through to us, we could just delete everything and reboot to a fresh copy of the backup and you could be back up again. Yes, it would have taken maybe 2 hours to do that, but that would be much better then paying a ransom or being offline for days on end. If I hade done this at work, I would have been fired. That needs to happen.

Paying a ransom:
This is a huge mistake. Because most of these ransomware includes a "backdoor" built into it. If you pay the ransom, there is no guarantee that they will not use that back door and do it to you again. Your only recourse if you pay ransom is to quickly try to ID the back door and remove it. It's really not very easy. And, there could be multiple back doors. So, where do they stand now. At best, they are back up BUT ....

Paying ransom is not something you should have to be doing .... EVER.

Problem is, you have some "old school" business men that still can't see the value of a proper IT department, and pay for it. If there is a possibility of impacting the public like this, then they should be "required" to do it. I hate forcing business to do things, but sometime it is necessary.

Darryl

Actually, that falls under Department of Homeland Security. In one professional continuing education course that we were REQUIRED to take, the presenter (a IT security expert) found out that a Georgia municipality had lax online security. He was able to get into their system and access the control for their municipal water supply. He actually contacted them, told them they had a security issue and offered to help them fix it. They blew him off and he dropped a dime on them. He contacted DHS and they paid the municipal water department a visit.

I can't speak for other court systems, but in Arizona our Supreme Court takes Information Technology security very seriously. We are required to take an annual computer and information security course and our IT department is constantly monitoring the system for online threats. That is more critical than ever, as we now permit attorneys and parties to submit pleadings via two different electronic filing systems. We have to make certain that the parties can use the systems to file, but make certain that viruses are not imported from outside computers to our computers.

My brother did Combat Comm in the Air Force for 20 years. While at one base, which I'll leave un-named, one of his jobs was to try and hack the base net, which he did successfully on several occasions. Due to the base's mission, that was not a good thing. But the reason they did it was to find the vulnerabilities and backdoors and fix them. While no system will ever be 100% un-hackable, the harder you make it for them the less likely they'll keep trying.

My brother now works for a company, with a government contract, still doing comm......

Back when my Dad was on the board of directors of a major corporation, he asked their IT head about their computer security and they said it was airtight. The security consultant he hired to test the security proved otherwise. My folks are very cautious and security minded about their computers-whenever they are out of town, they disconnect the internet modem and unplug the modem and other hardware. They make certain that their antivirus software is up to date.

At the office, our IT training reinforces the fact that we are the weakest link in the security chain-we must take precautions not to introduce viruses or malware to the system inadvertently. IT security is ongoing-the bad guys are always looking for the soft spot in the defenses, so we have to remain alert.

[jimpierce7]

I have a friend who, once upon a time, got a job with bank on America by hacking their security and showing them how easy it was. This was back when AOL was the online power house. lol He said then, and many have since, if you don't want to be hacked, don't plug into the internet. It has always amazed me how we open ourselves up this crap. Take the control systems of line. No more hacks.

[Darryl]

I have a friend who, once upon a time, got a job with bank on America by hacking their security and showing them how easy it was. This was back when AOL was the online power house. lol He said then, and many have since, if you don't want to be hacked, don't plug into the internet. It has always amazed me how we open ourselves up this crap. Take the control systems of line. No more hacks.

That was my point. 90% of these utilities and pipelines and even corps don't need to expose their information or workings to the internet. What they want to do is take advantage of the "free" internet to communicate. There are other ways, but they cost.

Private security (IT) is not the responsibility of Homeland Security. They "mostly" just respond when there is a breach. Security for a Corp. is the responsibility of the Corp. Maybe time to "make them" live up to minimum standards.

The other thing that should be looked at is (and I'm not saying this is the case here), was this an attempt to raise gas prices. Either by the Russian Hackers, or ????? You can bet the price of gasoline won't come back down to where it should be after this .....right?

Darryl

[awalker1829]

That was my point. 90% of these utilities and pipelines and even corps don't need to expose their information or workings to the internet. What they want to do is take advantage of the "free" internet to communicate. There are other ways, but they cost.

Darryl

That is correct. The best example I can think of for corporations that do not expose their information or workings on the internet are the major railroads. All of them (the big carriers) maintain their own communication and signal lines and have been doing so for (in many cases) more than a century. Back in the days of telegraph, they maintained their own telegraph facilities and lines. When Western Union came online, they built their own lines, but used existing railroad telegraphers to act as contract agents for WU for sending and receiving WU messages. When the telephone came to be, the railroads installed and maintained their own lines and exchanges. Now the railroads control signals and communications using their own private microwave tower and cable networks. All of those are pretty well insulated from interference from external sources.

As for cost, they have the advantage that the initial costs were spread out over a period of many years (as the railways grew). The railroads are quite sensitive about the comms and signal infrastructure, so the details of how those systems operate is pretty restricted.

[awalker1829]

I have a friend who, once upon a time, got a job with bank on America by hacking their security and showing them how easy it was. This was back when AOL was the online power house. lol He said then, and many have since, if you don't want to be hacked, don't plug into the internet. It has always amazed me how we open ourselves up this crap. Take the control systems of line. No more hacks.

From what I have heard, the control systems were not what was hacked-their billing system got hacked, shutting off their ability to deal with payments from customers.

[ffuries]

I have a friend who, once upon a time, got a job with bank on America by hacking their security and showing them how easy it was. This was back when AOL was the online power house. lol He said then, and many have since, if you don't want to be hacked, don't plug into the internet. It has always amazed me how we open ourselves up this crap. Take the control systems of line. No more hacks.

That was my point. 90% of these utilities and pipelines and even corps don't need to expose their information or workings to the internet. What they want to do is take advantage of the "free" internet to communicate. There are other ways, but they cost.

Private security (IT) is not the responsibility of Homeland Security. They "mostly" just respond when there is a breach. Security for a Corp. is the responsibility of the Corp. Maybe time to "make them" live up to minimum standards.

The other thing that should be looked at is (and I'm not saying this is the case here), was this an attempt to raise gas prices. Either by the Russian Hackers, or ????? You can bet the price of gasoline won't come back down to where it should be after this .....right?

Darryl

In the military, we had a NIPRNet (Non-classified Internet Protocol Router Network) and SIPRNet (Secret Internet Protocol Router Network).

Classified stuff was on SIPR and non classified was on NIPR. While it worked great, it was a pain. If I had classified information to transmit, I had to go to Command Post, and send it. Then go back up later to read the response.

[qz2026]

Problem is that the government could give a rip. How many decades have we been complaining about the security of the grid? Of course an EMP could take it out with no problem.. but to allow hackers to easily access your systems?? That is pure incompetency and we all know where this is all going. And the Federal Government is the worst, that is except the systems we need to access like social security. What a nightmare for us but how easy for the hackers is the question. But, what you see happening isn't Russia or China.. Look within, like Langley, and you'll find the source. If this was Russia, it would have been an act of war and there would be repercussions. Especially with those in office now who have been clamoring for a war with Russia. Once you understand that they're all in on it globally, you'll understand.

[Darryl]

Problem is that the government could give a rip. How many decades have we been complaining about the security of the grid? Of course an EMP could take it out with no problem.. but to allow hackers to easily access your systems?? That is pure incompetency and we all know where this is all going. And the Federal Government is the worst, that is except the systems we need to access like social security. What a nightmare for us but how easy for the hackers is the question. But, what you see happening isn't Russia or China.. Look within, like Langley, and you'll find the source. If this was Russia, it would have been an act of war and there would be repercussions. Especially with those in office now who have been clamoring for a war with Russia. Once you understand that they're all in on it globally, you'll understand.

Media yells "it was the Russians" but ... It wasn't the "Russian Government".
I don't think anyone said that it was the "Russian Government".
It was "Russian Hackers". The difference is huge when it comes to placing "blame".

It is totally possible that the "Russian Hacker" were working for the "Russian Government", but try and prove that. You can't.

Langley? That sounds to "out there" for me. You won't prove that either.

The present Administration is not "clamoring for a war with Russia". The present Administration is giving a "pipeline" to the Russians when they won't allow one here in the USA. In order to allow the Russian Government to build their pipeline, the present Administration had to remove the sanctions that the US put on the Russian contractor (by the previous Administration). That doesn't sound like "clamoring for a war" to me.

The simple truth is, they could stop this kind of "Hacking" garbage (if they wanted too).

Darryl

[jimpierce7]

I have a friend who, once upon a time, got a job with bank on America by hacking their security and showing them how easy it was. This was back when AOL was the online power house. lol He said then, and many have since, if you don't want to be hacked, don't plug into the internet. It has always amazed me how we open ourselves up this crap. Take the control systems of line. No more hacks.

That was my point. 90% of these utilities and pipelines and even corps don't need to expose their information or workings to the internet. What they want to do is take advantage of the "free" internet to communicate. There are other ways, but they cost.

Private security (IT) is not the responsibility of Homeland Security. They "mostly" just respond when there is a breach. Security for a Corp. is the responsibility of the Corp. Maybe time to "make them" live up to minimum standards.

The other thing that should be looked at is (and I'm not saying this is the case here), was this an attempt to raise gas prices. Either by the Russian Hackers, or ????? You can bet the price of gasoline won't come back down to where it should be after this .....right?

Darryl

I will be really surprised if the prices come back down more than a few cents a gallon.

[ffuries]

I have a friend who, once upon a time, got a job with bank on America by hacking their security and showing them how easy it was. This was back when AOL was the online power house. lol He said then, and many have since, if you don't want to be hacked, don't plug into the internet. It has always amazed me how we open ourselves up this crap. Take the control systems of line. No more hacks.

That was my point. 90% of these utilities and pipelines and even corps don't need to expose their information or workings to the internet. What they want to do is take advantage of the "free" internet to communicate. There are other ways, but they cost.

Private security (IT) is not the responsibility of Homeland Security. They "mostly" just respond when there is a breach. Security for a Corp. is the responsibility of the Corp. Maybe time to "make them" live up to minimum standards.

The other thing that should be looked at is (and I'm not saying this is the case here), was this an attempt to raise gas prices. Either by the Russian Hackers, or ????? You can bet the price of gasoline won't come back down to where it should be after this .....right?

Darryl

I will be really surprised if the prices come back down more than a few cents a gallon.

Ours went from $3.00 down to $2.90 so far, but shouldn't drop much more until October. We have the highest price in the state.

[boltaction]

Hello,
And you guys think your fuel prices are high. Ha, don't make me laugh....
Try these prices, and it's not even vacation time yet..... that picture was taken 5 days ago on the 19th of May at the least expensive station in town(only two others, Chevron and Texico). I should fill up before this weekend(Memorial Day) coming up....bump up in prices, for sure.
Oh, the joys of living in a mountain resort town in California.