Vulnerability Management 101

The Forge Region – Anttanen Constellation
Uitra System – Planet VI, Moon 4
State War Academy Station

3 April YC 121

Gerhardt produced his datapad and connected it to the big screen on the wall which miraculously survived the carnage. It showed Victorieux’s fitting control centre. Ger walked over to the display and pointed at the rigs and low-energy slots.

“See this? The Phantom Lady is fitted for speed and agility. Although she is a cruiser-sized bird, the inertial stabilisers ensure that its align time is under three seconds. So it’s quite possible that we entered warp at the same moment, and I was never vulnerable to the Plunderers’ attack.”

“Okay, I got it. Still, it doesn’t explain how you got to the station ahead of me,” said I.

“What’s your warp speed?”

“Standard, five AU per second.”

Gerhardt smiled smugly, “Ha, look at this,” he pointed at the rigs. “I have installed three Tech II Hyperspatial Velocity Optimisers, which increased my warp speed to more than ten AU per second. Given we were 30 AU away from the station, I had arrived full three seconds faster than you.”

I shook my head, “Incredible. Speed and agility, these are the only two advantages frigates have over cruisers. If I knew there were guys in cruisers which could outrun my frigate, I wouldn’t undock at all.”

Gerhard came to my chair and patted me on the shoulder, “Patience, cadet. Trust me, all you need to get to this level is time. And time is a resource that we, capsuleers, have in abundance.”

“What, no brains are required?” I asked sarcastically.

“Just a little. I’d say that your intellect affects how fast you can earn money, but for anyone with an ounce of common sense the progress will always be positive. The smarter you are, the fewer ships you lose, and less frequently.”

I smirked, “And still I know a very smart guy who nearly lost a luxury yacht in a high-sec system.”

Gerhardt winced and scratched his head, “Yeah… To be honest, I am puzzled. I didn’t expect anyone to be able to hijack the ship operating system in such short period of time. Need to request a thorough security assessment of the on-board computers.”

I thought for a moment and said, “Before you splash out on security consultants, may I check something?”

“Sure,” replied Gerhardt and gave me the datapad.

I found a screen with general information about the software and handed the datapad back to Ger.

“Bear with me for a minute,” mumbled I and ran a few searches in the Net on my own pad. When I found what I was looking for I whistled and asked, “Ger, when did you say you bought your pride and joy?”

“In YC 117. I constructed it myself when the blueprints became available.”

“Um-hum. And when did you last upgrade the software? Actually, don’t say anything. I know the answer,” I made a pause and finished forcefully, “Never!”

Gerhardt shrugged, “Why would I do it? Everything worked fine.”

“Yeah, until today. Now, let me show you something.”

I hooked up my datapad to the big screen and projected what I found in the Net.

Gerhardt peered at the text and read the first few lines aloud, “…weak encryption cypher… arbitrary code execution… authentication bypass… What the hell is this gobbledegook?”

“It’s the reason why you have been hacked. This is a list of all known vulnerabilities in your ship operating system since, oh, YC 117. Your system has never been patched and it’s a miracle that you weren’t hijacked long time ago. Given the age and the number of security issues in your OS, a moderately motivated school-kid could steal your precious yacht.”

Gerhardt was visibly taken aback but still tried to downplay his negligence, “Come on, those were dedicated professionals with specialised equipment.”

I raised my eyebrow and typed in the search field: ‘exploit for vulnerability SV-YC118-65158’. The search produced several weaponised exploits which offered administrator-level privileges to an unauthenticated user.

“Do you mind if I connect my datapad to your ship network?” asked I with an insane smile of a mass murderer.

“No! No, I’ve got your point,” cried Gerhardt. “What do I need to do?”

“See, on your screen under the software version number there is a button called ‘Update now’. Tap it.”

Gerhardt gingerly tapped the screen and looked at me, “And?”

“That’s it.”

“That’s it? And how often should I do it?”

“Every time there is a new patch released – that’s several times a day.”

Gerhardt made round eyes and exclaimed, “What? Are you kidding me?”

Looking at his perplexed face I couldn’t help laughing, “No, that’s how often new vulnerabilities are discovered and patched. But don’t worry, give me your datapad.”

Gerhardt handed me the device and watched my manipulations. After a while I gave the pad back to him and said, “There you go. Now the updates will be installed automatically.”

Still wearing a bewildered expression, Ger looked at me, looked at the datapad, then looked at me again and slowly said, ” Er… I guess, I have to thank you. I knew that structures could be hacked with Entosis Link module but it never occurred to me that the same could be done to a ship. You know what…”

At that moment he was interrupted by a man in an MP uniform who entered the lounge and asked, “Gentlemen, who of you is Gerhardt Oppenheimer?”

Gerhardt turned to the newcomer, “It’s me. How can I help you, sir?”

“I need to interrogate you in relation to the hijacking incident you reported earlier today. Please come with me.”

“Erm… Officer, can we postpone this conversation until tomorrow? I have some urgent matters that I need to attend to today.”

The MP sneered and said, “It wouldn’t be a problem, Mr Oppenheimer, if not for the three corpses on board this ship.”

“Ah, those are the hijackers,” Gerhardt waved his hand dismissively. “You can have them.”

“We need to establish the circumstances of their death.”

“Circumstances? Simple: they tried to hijack my yacht – I killed them in self-defence.”

“That’s what you say,” pointedly said the MP.

Gerhardt folded the arms and narrowed his eyes, “What are you trying to allege, officer? That I murdered them?”

“All I am saying is that we need to investigate the circumstances of death of these people. I am sorry but you will not be able to leave this station until we interview you.”

Gerhardt glared at the man for a few seconds, then sighed and said to me, “Sorry, Vlad. It appears that my priorities have just changed. I’ll talk to you later, possibly through a grille.”

I smiled encouragingly, “Look at the bright side, Ger. At least, no one will nick your yacht, now that you’ve enabled OS auto-updates.”

Leave a Reply

%d bloggers like this: