Screaming Penguin - Source Does Matter

This story is insane, very insane, scary and funny at the same time, but just plain crazy. A nuclear power plant, Ohio's Davis-Besse, had its internal network penetrated by the Slammer worm back in January. You read that right, not othe worm DISABLED a safety monitoring system for FIVE HOURS.

The plant was actually offline due to another incredible problem ("6 x 5in hole in the plant's reactor head") and the safety system did have a backup in place, but how egregious is this security problem? This frickin plant, run by FirstEnergy of Ohio, actually had a contactors T1 line direct into the plant bypassing the any firewall at all! What a bunch of clowns, unbelievable.

My house has better network security than that!
Microsoft software is not what I would blame in this case either (not entirely). I wouldnt use Microsoft software anywhere near something that actually needs to be secure, because of what I feel are all too abundant and severe security problems, but it is still true that all software can have security issues and there is nothing any software can do to prevent issues if its misconfigured. In this case it was a Microsoft system that was compromised by an incredibly severe Microsoft security hole but the network being insecure is what really caused the problem (that and the decision to use Microsoft in the first place).

For more see the linked Register article.   Slammer worm crashed Ohio nuke plant net: theRegister