Remember, the industry told us we're in a 'zero trust' world now. The network perimeter is an anachronism.
OTOH you know damn well they keep the important stuff airgapped, in which case the title (and your predictable reaction) is just fanning the flames. It could very well be they 'breached' the receptionist's PC she uses to browse Facebook to pass the time.
The decentralized internet is less of a reality today than it was years ago.
Why the special treatment for nuclear? Do you really think redlining a dam or storm-levee system would be less damaging?
Also, turning off internet connections means less-capable remote shut shut-off. Less-responsive power plants. Fewer eyes on telemetry.
We should be mindful of what is and isn't connected to the internet, and how it's firewalled and--if necessary--air gapped. That doesn't mean sprinting straight for the end zone.
Why does it have to be remote what's wrong with it being in-house? Besides a shut-off should never be able to be triggered remotely.
The same goes for digital emergency shut off buttons; all should be physical.
> Less-responsive power plants.
What? How is remote any more responsive than physical workers being in-house?
If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet.
Nothing wrong with it being in house. But having a back-up is never bad.
> How is remote any more responsive than physical workers being in-house?
If the on-site workers are incapacitated. It's a remote (hehe) risk. But so is foreign hackers doing anything with our nukes.
> If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet
If you're fine paying 50s power prices again, sure, I'm sure a power company would happily run their plants retro style.
BTW, quite a few of these port scanners are companies that offer to scan your ports for vulnerabilities. Temu pen testing, so to speak.
You want to make everything about a nuclear facility bespoke and subject to air-gapped drift? What about the guard booth that verifies peoples access, the receptionist who schedules meetings, and the janitor who wants to watch YouTube on his break? It seems unrealistic to lump everything that goes on at a nuclear facility under this umbrella.
For hiring and retaining people, yes. It's understood that the "guts" of what's happening at these facilities needs to be locked down to the max. But, for supporting roles you need to be able to bring people in off the street without 1) a bunch of specialized training on your bespoke way of doing things, and 2) making your employees less attractive on the job market.
Just my opinion, though. Maybe I'm completely off base but it doesn't seem like a good idea to me long-term.
I'm shocked. Shocked, I tell you.
It has a bug with Solidworks (3D design suite) that sporadically makes files completely un-openable unless you go in and change some metadata. They are aware of this, doesn't seem to be any limitation preventing them from fixing it, and it has sat unfixed for years.
Microsoft's cloud storage as a whole is an insane tangle where you never know where you'll find something you're looking for or whether it will work. Some things work only in browser, some only in the app, zero enumeration of these things anywhere.
Completely unsurprised and I'm sure there are many more vulnerabilities ripe for the picking.
It ended up being easier just to switch to paid Overleaf and teach our non-tech members how to write LaTeX and/or use the built-in editor. The documents are beautiful, Overleaf doesn't miss a beat and we are very happy with their solution.
Microsoft should be ashamed - I don't know how anybody would ever consider using them for any serious production work.
[1] https://learn.microsoft.com/en-us/answers/questions/5216132/...
* Too few people use Firefox to access Office online, they don't care
* Your organization is too small for them to care
Recently I tried to configure a new subdomain to handle mail on 365 and even finding their DKIM configuration section was a mission. Once finding it, I learned that their DNS check fails to properly handle subdomains for email, so you have to put their DKIM keys against your root domain. Genius!
Sounds like they need to seriously redesign their security policies.
gnabgib•2h ago
(809 points, 447 comments) https://news.ycombinator.com/item?id=44629710
US Nuclear Weapons Agency Breached in Microsoft SharePoint Hack (18 points) https://news.ycombinator.com/item?id=44654869