查看完整版本 : 台積電中毒風波疑從「Windows7」漏洞入侵

HurdFan 2018-8-6 02:32 PM

台積電中毒風波疑從「Windows7」漏洞入侵

台積電中毒風波 疑從「Windows7」漏洞入侵

財經中心/綜合報導

晶圓龍頭台積電日前驚傳遭到病毒攻擊,造成3座高階產能產區機台停擺,即使台積電表示已掌握相關問題改善,但業界盛傳,病毒是趁著「Windows 7」的455端口未關閉,入侵台積電系統。目前許多同業見台積電遭病度入侵,也緊急提升資安警戒,以免受到波及。

據業界消息人士透露,台積電廠內資安系統管理嚴謹,廠區內的聯網電腦都無USB插孔,資料存取也需要透過層層限制,故病毒入侵的原因只有透過系統漏洞。業界盛傳,病毒是透過俗稱「天車」的日系搬送設備系統,趁著Windows 7的445端口未關閉,植入台積電系統。

資安專家指出,過去未曾有知名企業同時多處中毒,可能原因有三:原廠機台帶進潛藏病毒、雲端核心控制系統中毒、犯罪集團有計劃大規模放毒。台積電這次的中毒風波引起業界震驚,更讓股民訝異,深怕台積電一個疏忽就牽動台灣經濟的發展。


https://www.setn.com/News.aspx?NewsID=412753

PacificIslander 2018-8-6 03:52 PM

島主做IT,幾時都帶備三封信傍身! 

:smile_o13:

漆哥 2018-8-6 04:07 PM

[quote]原帖由 [i]HurdFan[/i] 於 2018-8-6 02:32 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485077292&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]
台積電中毒風波 疑從「Windows7」漏洞入侵

財經中心/綜合報導

晶圓龍頭台積電日前驚傳遭到病毒攻擊,造成3座高階產能產區機台停擺,即使台積電表示已掌握相關問題改善,但業界盛傳,病毒是趁著「Windows 7」的455端口未關閉,入侵台積電系統。目前許多同業見台積電遭病度入侵,也緊急提升資安警戒,以免受到波及。

據業界消息人士透露,台積電廠內資安系統管理嚴謹,廠區內的聯網電腦 ... [/quote]


仲win7?

singsingcat 2018-8-6 06:50 PM

[quote]原帖由 [i]PacificIslander[/i] 於 2018-8-6 03:52 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485081226&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]
島主做IT,幾時都帶備三封信傍身! 

:smile_o13: [/quote]

傳說中的太極祖師張三封

PacificIslander 2018-8-6 07:16 PM

[quote]原帖由 [i]singsingcat[/i] 於 2018-8-6 06:50 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485089801&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


傳說中的太極祖師張三封 [/quote]

;P  張三丰係噉樣一回事:

第一封,疑似網絡被入侵/server down/如此類推,其實冇甘既事/failover 左冇事/如此類推,噉就誇獎下團隊功夫,預防工作做得好,為自己錦上添花,差啲可以領功甘濟。

第二封,真係賴咗嘢,但救得返晒,BAU。承認錯誤,吹下已有改善計畫,承諾以後做得更好云云。

第三封,爆咗煲,千年道行一朝喪。I regret to inform you that effective ..... 你懂的。

打 MNC 工,就係以呢三個本子辦事。  :smile_30:

rhk100 2018-8-6 11:50 PM

[quote]原帖由 [i]PacificIslander[/i] 於 2018-8-6 07:16 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485090960&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


;P  張三丰係噉樣一回事:

第一封,疑似網絡被入侵/server down/如此類推,其實冇甘既事/failover 左冇事/如此類推,噉就誇獎下團隊功夫,預防工作做得好,為自己錦上添花,差啲可以領功甘濟。

第二封,真係賴咗嘢,但救得返晒,BAU。承認錯誤,吹下已有改善計畫,承諾以後做得更好云云。

第三封,爆咗煲,千年道行一朝喪。I regret to inform y ... [/quote]


原來明哥個3丰信係咁解 ! 終於知道真相。:smile_o01:

漆哥 2018-8-7 12:41 AM

[quote]原帖由 [i]rhk100[/i] 於 2018-8-6 11:50 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485104479&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]
原來明哥個3丰信係咁解 ! 終於知道真相。:smile_o01: [/quote]

以我所知,明哥果三封有少少分別,叫跣賴閃

第一封,跣,跣過隔離,也可稱替死鬼,好似開角球用頭後半部頂少少,個波唔多改變方向但冇咁快落地,最好係龍門口先落,隊友就好易入波;"獲"就係自己龍門做,"功"就係人地龍門做;正所謂,"獲"唔好亂認,"功"唔好亂領;明知係豬頭骨,有得跣走就最好!明知此功會得罪人,就等路人孫策去領玉璽吧!呢封好常用,最近我都被人陰左一野!

第二封,賴,向上求救,也可稱為Early Warning,Project Run到一半,嗅到有少少濃味,就要出聲,講出咩事,唔洗一定真話,總之要賴,賴唔夠resource,唔夠time,賴要求太多太挑剔,點點點。。。,由老頂定出方向點解決,除非老頂要棄車保帥,否則點都好過Project Fail後找替死鬼

第三封,閃,當然係 "I regret to inform you",但深層並唔係真係想走,而係以退為進,最Worst既都要同敵人同歸於盡,只要你有走之心,你就無敵!幾年前用過,最後同歸於盡也!!

以上三條賤招,真係張真人老前輩留落,明哥話本科畢業後有幸深得真傳,所以佢D Project一次Fail都未見有過,我代佢在此公開內容給眾樂樂,施比受更有福!

[[i] 本帖最後由 漆哥 於 2018-8-7 12:59 AM 編輯 [/i]]

rhk100 2018-8-7 01:21 AM

[quote]原帖由 [i]漆哥[/i] 於 2018-8-7 12:41 AM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485106532&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


以我所知,明哥果三封有少少分別,叫跣賴閃

第一封,跣,跣過隔離,也可稱替死鬼,好似開角球用頭後半部頂少少,個波唔多改變方向但冇咁快落地,最好係龍門口先落,隊友就好易入波;"獲"就係自己龍門做,"功"就係人地龍門做;正所謂,"獲"唔好亂認,"功"唔好亂領;明知係豬頭骨,有得跣走就最好!明知此功會得罪人,就等路人孫策去領玉璽吧!呢封好常用,最近我都被人陰左一野!

第二封,賴,向上求 ... [/quote]


今日見識到3丰信嘅2個版本,大開眼界,精彩 演繹。

PacificIslander 2018-8-7 07:09 AM

[quote]原帖由 [i]漆哥[/i] 於 2018-8-7 12:41 AM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485106532&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


以我所知,明哥果三封有少少分別,叫跣賴閃

第一封,跣,跣過隔離,也可稱替死鬼,好似開角球用頭後半部頂少少,個波唔多改變方向但冇咁快落地,最好係龍門口先落,隊友就好易入波;"獲"就係自己龍門做,"功"就係人地龍門做;正所謂,"獲"唔好亂認,"功"唔好亂領;明知係豬頭骨,有得跣走就最好!明知此功會得罪人,就等路人孫策去領玉璽吧!呢封好常用,最近我都被人陰左一野!

第二封,賴,向上求 ... [/quote]

多謝七哥找到明哥啲墨宝,夠哂啜核! ;P

應用場景有些少唔同,不過都係防身絕技。  :smile_30:

KAZ327 2018-8-7 08:06 AM

[quote]原帖由 [i]漆哥[/i] 於 2018-8-6 04:07 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485081985&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]



仲win7? [/quote]


Win7 2020年1月先end of extended support,用冇問題
問題係出係冇做update,咁就死緊

睇佢地似住自己係closed network又封左USB就唔追update,結果係有某人帶毒返黎就杏加橙

ryanNL 2018-8-9 04:10 PM

[quote]原帖由 [i]漆哥[/i] 於 2018-8-6 04:07 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485081985&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]



仲win7? [/quote]
mtr 一定仲有好多

我的無比膏 2018-8-9 06:53 PM

[quote]原帖由 [i]ryanNL[/i] 於 2018-8-9 04:10 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485254414&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]

mtr 一定仲有好多 [/quote]


銀行都好多,好多app 在win10 行仲有好多小問題

richardli008 2018-8-10 08:40 PM

一般呢啲生產線embedded system 公司內部IT同security team都唔會掂靠晒vendor 係firmware update去落security patch或者harden個OS,如果vendor無定期落patch而closed network又唔定期做vulnerability scan就好難知有漏洞存在。通常會recommend個客用application control tools去lock down部控制器既system,除咗whitelist咗既executables  hash同script之外一切unknown/unapproved executables同script同Poweshell都係block晒。咁做就連anti virus都唔洗裝。再狠啲就連某啲file/folders/memory space都只限某program先可以更改以防hacker corrupt或更改。銀行ATM同吃角子老虎機都係咁做。

j4jerry 2018-8-10 09:05 PM

[quote]原帖由 [i]richardli008[/i] 於 2018-8-10 08:40 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485324145&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]
一般呢啲生產線embedded system 公司內部IT同security team都唔會掂靠晒vendor 係firmware update去落security patch或者harden個OS,如果vendor無定期落patch而closed network又唔定期做vulnerability scan就好難知有漏洞存在。通常會recommend個客用application control  ... [/quote]
In general, Vendors are not recommended to apply the patch to those ICS systems.

richardli008 2018-8-11 12:33 PM

[quote]原帖由 [i]j4jerry[/i] 於 2018-8-10 09:05 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485325247&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]

In general, Vendors are not recommended to apply the patch to those ICS systems. [/quote]

Vendor少做少錯,落patch又要試一大輪唔落又可能會出事。唔落既話就可以用identity based/defined networking technology或SDN去micro segment成個sensitive network上既機。Boeing同有啲能源設施就係咁樣去protect個mission critical network 上所有既機。簡單講每台機既進出network traffic都由IDN/SDN去control network traffic  by IP/port/protocol。

j4jerry 2018-8-11 12:53 PM

[quote]原帖由 [i]richardli008[/i] 於 2018-8-11 12:33 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485353481&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


Vendor少做少錯,落patch又要試一大輪唔落又可能會出事。唔落既話就可以用identity based/defined networking technology或SDN去micro segment成個sensitive network上既機。Boeing同有啲能源設施就係咁樣去protect個mission critical network 上所有既機。簡單講每台機既進出netwo ... [/quote]

ICS systems are normally air-gap and the communication protocols sometimes are proprietary or unlikely supported by SDN and etc.

richardli008 2018-8-11 06:04 PM

[quote]原帖由 [i]j4jerry[/i] 於 2018-8-11 12:53 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485354562&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


ICS systems are normally air-gap and the communication protocols sometimes are proprietary or unlikely supported by SDN and etc. [/quote]

One can always run a separate IDN/SDN network within the air gapped network for security sake i.e. micro segmentation if TCP/IP networking is required e.g. system monitoring/data collection/remote control etc. If a comprimised device is accidentally introduced into the air gapped network (e.g.vendor update/maintenance, new device etc.)  all the systems inside the air gapped network  will still be protected and invincible to the compromised device. It is  rumoured  this is exactly what happened in the case of 台積電 hack.

j4jerry 2018-8-11 11:04 PM

[quote]原帖由 [i]richardli008[/i] 於 2018-8-11 06:04 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485367663&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


One can always run a separate IDN/SDN network within the air gapped network for security sake i.e. micro segmentation if TCP/IP networking is required e.g. system monitoring/data collection/remote ... [/quote]

In general, the ICS systems do not allow or support to hv 3rd-party agent installed or the network is dot 1 x. The zone 2 network are in flat by design, making a very difficult job to identify a machine being compromised or establish a baseline for abnormal detection.

richardli008 2018-8-12 07:07 AM

[quote]原帖由 [i]j4jerry[/i] 於 2018-8-11 11:04 PM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485388471&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


In general, the ICS systems do not allow or support to hv 3rd-party agent installed or the network is dot 1 x. The zone 2 network are in flat by design, making a very difficult job to identify a m ... [/quote]

IDN is different from dot1x. Its an overlay over existing Ethernet using hardware and controllers. Some articles for starter:

TCG Architects Guide: ICS Security Using TNC Technology (2013) – Whitepaper:
[url=https://www.trustedcomputinggroup.org/wp-content/uploads/ICS-Security-Using-TNC-Technology-Architects-Guide.pdf]https://www.trustedcomputinggroup.org/wp-content/uploads/ICS-Security-Using-TNC-Technology-Architects-Guide.pdf[/url]
[url=https://trustedcomputinggroup.org/wp-content/uploads/ICS-Webinar-09182014-FINAL.pdf]https://trustedcomputinggroup.org/wp-content/uploads/ICS-Webinar-09182014-FINAL.pdf[/url]

Securing Your Industrial Control Systems is a No Brainer
[url=https://www.rockwellautomation.com/global/news/blog/detail.page?docid=6c4a9e62f83bcdf45feaa94466ff550d]https://www.rockwellautomation.com/global/news/blog/detail.page?docid=6c4a9e62f83bcdf45feaa94466ff550d[/url]

[[i] 本帖最後由 richardli008 於 2018-8-12 07:19 AM 編輯 [/i]]

j4jerry 2018-8-12 02:31 PM

[quote]原帖由 [i]richardli008[/i] 於 2018-8-12 07:07 AM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=485405129&ptid=27625752][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]


IDN is different from dot1x. Its an overlay over existing Ethernet using hardware and controllers. Some articles for starter:

TCG Architects Guide: ICS Security Using TNC Technology (2013) – Wh ... [/quote]

I've no idea about securing the ICS network using IDN, TNC Technology or similar approach bcoz during the implementation stages may introduce certain amount of outage or downtime. It may not be accepted for some SCADA systems in order to achieve 99.975% availability (less than 4 min. downtime per year)
頁: [1]
查看完整版本: 台積電中毒風波疑從「Windows7」漏洞入侵