[GHung]

Millions of websites hit by Drupal hack attack

Millions of sites are managed and updated using Drupal

Up to 12 million websites may have been compromised by attackers who took advantage of a bug in the widely used Drupal software.

The sites use Drupal to manage web content and images, text and video.

Drupal has issued a security warning saying users who did not apply a patch for a recently discovered bug should "assume" they have been hacked.

It said automated attacks took advantage of the bug and can let attackers take control of a site.
'Shocking' statement

In its "highly critical" announcement, Drupal's security team said anyone who did not take action within seven hours of the bug being discovered on 15 October should "should proceed under the assumption" that their site was compromised.....

...."Attackers may have copied all data out of your site and could use it maliciously," said the notice. "There may be no trace of the attack." It also provided a link to advice that would help sites recover from being compromised.
Mark Stockley, an analyst at security firm Sophos, said the warning was "shocking".

http://www.bbc.com/news/technology-29846539

Some of you may recall that The Oil Drum was/is a Drupal site. While supposedly 'mothballed', it's still open to view articles and comments from when it was active.
My question is; how long can the internet and our vast interconnected systems; banking/finance, energy systems, JIT inventory systems, pretty much everything, remain viable? It's apparent that the war on information systems is escallating and that systems managers are playing wack-a-mole with the hackers.

We often discuss that energy systems are industrial societies' Achilles' heel, but are we ignoring what is actally the global macro-system's greatest vulnerability? Is NoNet more of a threat than SkyNet?

[Newfie]

I just met a guy on a plane working in IT security. His strong opinion, right or wrong, was that all our systems are under constant attack funded by hostile governments.

[Ibon]

The luddite in me would be overjoyed if this all came crashing down, but I admit I would miss
some of you

[Lore]

The luddite in me would be overjoyed if this all came crashing down, but I admit I would miss
some of you

That would mean we'd actually have to start meeting with one another face to face. No hiding behind avatars and having time to write down pithy if somewhat sarcastic remarks! I mean it's kind of frightening, especially for those under 30 that have never learned the skills of actual physical human interaction.

[dolanbaker]

I just met a guy on a plane working in IT security. His strong opinion, right or wrong, was that all our systems are under constant attack funded by hostile governments.

I also work in IT and the number of attacks on systems that I work with is quite astonishing!
Seldom from HIO's though, usually random botnets seeking new blood!

Social engineering is the biggest threat, usually via emails that contain fake invoices that accounts staff could open and infect their corporate network.

IT security is like an arms race, the most recent scare is called POODLE, so we've had to put a stop to that one!

[Newfie]

HIO?

[dolanbaker]

HIO?

hostile Intelligence Organizations aka the "opposition!"

[Subjectivist]

Some of you may recall that The Oil Drum was/is a Drupal site. While supposedly 'mothballed', it's still open to view articles and comments from when it was active.
My question is; how long can the internet and our vast interconnected systems; banking/finance, energy systems, JIT inventory systems, pretty much everything, remain viable? It's apparent that the war on information systems is escallating and that systems managers are playing wack-a-mole with the hackers.

We often discuss that energy systems are industrial societies' Achilles' heel, but are we ignoring what is actally the global macro-system's greatest vulnerability? Is NoNet more of a threat than SkyNet?

Paraphrasing the author Larry Niven, it is easier to destroy than to create, so civilization itself is proof we keep destructive people in check most of the time.

When we lose the ability to slow or stop the destructive civilization crumbles. No telling when that will be.

[Newfie]

Looking around the state of the world I have come to think we are starting this downward trend now.

[Tanada]

Just a cheery reminder for all you people who live by the clock, at 2 AM tonight the USA transitions back to Standard Time by zones instead of Daylight Saving Time.

[Newfie]

Thanks for keeping is interconnected!

[Pops]

It is pretty crazy to think that machines now control the machines that support our system to such an extent. I live somewhat removed from people on the day to day and get along fine. My jobs come in on a computer, get done on one and go out to still more; I get paid through the net, pay my bills online and buy stuff there - some of it is real eventually.

In fact sometime what is real is less real than what is on my machine! I know more about a hurricane in Bermuda than the weather out my window some days.

But yeah, I've read that America is always fighting the last war, IOW, arming ourselves to defend against the last defeat. It's why our guys got it so bad from the IEDs, our last real war was in the jungle, we weren't driving around town; why would you put armor on a jeep anyway? That's what tanks are for.

We all live in the flush of the new medium and just don't see the harm in connecting our step counter to our stock market account to our t-stat, front door lock and spillway gates.

You've all seen the vid of the train engine hack. Someday a true military objective will combine with a visionary geek and result in the Wernher Von Braun of cyber warfare. That is a hard thing to prepare for.

[DesuMaiden]

The answer is about 2020 max. Our global economy will collapse in 2020. Our deeply interconnected system will collapse in 2020 when oil prices spike upwards to the point where noone can afford oil.

[Tanada]

The answer is about 2020 max. Our global economy will collapse in 2020. Our deeply interconnected system will collapse in 2020 when oil prices spike upwards to the point where noone can afford oil.

It is courageous to pick a date. I say that to stroke my own ego because I did it about 4 times in the last decade and so far I have been wrong every time

That aside, oil prices will not rise until nobody can afford to buy it, that is not how markets work. Oil prices will rise until nobody is willing to buy all of the oil produced at that price. The producers will produce less oil until they sell everything they can produce at that price. They won't produce oil they can not sell, and if it costs they $133.33/bbl to produce it they won't sell it for less than that because they will go bankrupt and cease to produce anything if they do. If the price spikes up too fast like it did in 2008 people will not be able to adapt quickly enough and a crash will result, but unless something like World War III or a Carrington Event takes place people will muddle through doing the best they can with what they have to work with.

[MD]

I just met a guy on a plane working in IT security. His strong opinion, right or wrong, was that all our systems are under constant attack funded by hostile governments.

yep