Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.


--
* Lock up Trump and his family of grifters. *

Keyser Söze Wrote in message:r
Colonial pipeline operators began restarting operations Wednesday evening but said it would take ?several days? for the supply chain to return and warned some markets could continue experiencing ?service interruptions.? The mass panic caused by gasoline shortages and spiking prices across the East Coast ? nearly 7 in 10 gas stations in North Carolina, and about half in Virginia and South Carolina, were out of gas Wednesday evening, according to GasBuddy ? highlighted the vulnerability of aging U.S. energy infrastructure unable to handle 21st-century threats, even those known about far in advance.Founded as a joint venture by nine oil companies 59 years ago, *Koch Industries* currently owns the largest stake in the company.An outside audit of the Colonial Pipeline?s cyberattack defenses, delivered to the company more than three years ago, described ?atrocious? information management practices and ?a patchwork of poorly connected and secured systems,? its author told The Associated Press. ?We found glaring deficiencies and big problems,? said Robert F. Smallwood, whose firm prepared an 89-page report after a six-month audit. ?I mean, an eighth-grader could have hacked into that system.? Colonial Pipeline operators have been seeking to hire a cybersecurity manager for more than a month, with 32 applicants on LinkedIn.-- * Lock up Trump and his family of grifters. *

I'm sure you are happy to know that you aren't the only collasal
**** up deficient in many ways. :-(
--
Thanks Donald. Do you miss him yet?


----Android NewsGroup Reader----
https://piaohong.s3-us-west-2.amazon...net/index.html

On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.

That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

On Friday, May 14, 2021 at 2:37:59 PM UTC-4, wrote:
On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.
That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

There pretty much aren't any "leased lines" anymore. The bell companies have
been pricing them out of existence for the last few years. You can get a data
drop at a location, but not a leased line.

Now you get a "private" IP address range that's carried on the provider's backbone.
That, along with good VPN and firewall hardware and software is supposed to
keep you safe. One thumb drive carried in a pocket with a spreadsheet from home
can screw that up.

On 5/14/2021 11:46 AM, Keyser Söze wrote:
Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.



I can't verify the accuracy of this but I heard one report that the
"hacking" was actually into Colonial Pipe's financial systems and not
the operations or equipment associated with the pipelines. Tying up
the banking and financial controls of the company is what caused it
to shut down the system. They reportedly paid a five million dollar
ransom to unlock the company's finances and hence, operations.

It makes sense that Koch Industries would be somehow tied to the
pipeline systems. One of the major business areas and products
of Koch and it's subsidiaries is steel piping. One division
built only nuclear graded products. Koch was also heavy into
gas separation systems that are used to provide oxygen, LN2 and
other gases for commercial and medical use.



--
This email has been checked for viruses by AVG.
https://www.avg.com

On 5/14/2021 2:47 PM, wrote:
On Friday, May 14, 2021 at 2:37:59 PM UTC-4, wrote:
On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.
That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

There pretty much aren't any "leased lines" anymore. The bell companies have
been pricing them out of existence for the last few years. You can get a data
drop at a location, but not a leased line.

Now you get a "private" IP address range that's carried on the provider's backbone.
That, along with good VPN and firewall hardware and software is supposed to
keep you safe. One thumb drive carried in a pocket with a spreadsheet from home
can screw that up.



I don't get how a VPN works. I installed one and could no longer log
into online banking because the bank's server (or something) didn't
recognize my computer or my location. (thought I was in Texas or something).

If I turned the VPN off ... everything worked fine. Turn it back on
and I am not recognized.



--
This email has been checked for viruses by AVG.
https://www.avg.com

On Friday, May 14, 2021 at 3:55:47 PM UTC-4, Mr. Luddite wrote:
On 5/14/2021 2:47 PM, wrote:
On Friday, May 14, 2021 at 2:37:59 PM UTC-4, wrote:
On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.
That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

There pretty much aren't any "leased lines" anymore. The bell companies have
been pricing them out of existence for the last few years. You can get a data
drop at a location, but not a leased line.

Now you get a "private" IP address range that's carried on the provider's backbone.
That, along with good VPN and firewall hardware and software is supposed to
keep you safe. One thumb drive carried in a pocket with a spreadsheet from home
can screw that up.

I don't get how a VPN works. I installed one and could no longer log
into online banking because the bank's server (or something) didn't
recognize my computer or my location. (thought I was in Texas or something).

If I turned the VPN off ... everything worked fine. Turn it back on
and I am not recognized.

A VPN is typically a point-to-point connection. In other words, your VPN software would
log into your company's matching VPN software at the office, providing you with a secure
connection from your home to the office.

A great application is if you are travelling on business. When at the hotel your PC is fairly
"open" on the hotel's WiFi. Fire up your VPN and connect back to your company's servers.
Now you have a secure "tunnel" of sorts that doesn't expose your data to others that are
also on the hotel's network.

You may have been using a VPN that is part of a security package on your PC? It probably
provides a secure connection to a server farm somewhere so you can surf without exposing
yourself to the hotel. However, now your bank doesn't "know" your computer since it is behind
the VPN and appears to be in Texas. It thinks some bad Texan is trying to access your accounts.

That's my semi-educated guess.

On 5/14/2021 5:04 PM, wrote:
On Friday, May 14, 2021 at 3:55:47 PM UTC-4, Mr. Luddite wrote:
On 5/14/2021 2:47 PM, wrote:
On Friday, May 14, 2021 at 2:37:59 PM UTC-4, wrote:
On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.
That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

There pretty much aren't any "leased lines" anymore. The bell companies have
been pricing them out of existence for the last few years. You can get a data
drop at a location, but not a leased line.

Now you get a "private" IP address range that's carried on the provider's backbone.
That, along with good VPN and firewall hardware and software is supposed to
keep you safe. One thumb drive carried in a pocket with a spreadsheet from home
can screw that up.

I don't get how a VPN works. I installed one and could no longer log
into online banking because the bank's server (or something) didn't
recognize my computer or my location. (thought I was in Texas or something).

If I turned the VPN off ... everything worked fine. Turn it back on
and I am not recognized.

A VPN is typically a point-to-point connection. In other words, your VPN software would
log into your company's matching VPN software at the office, providing you with a secure
connection from your home to the office.

A great application is if you are travelling on business. When at the hotel your PC is fairly
"open" on the hotel's WiFi. Fire up your VPN and connect back to your company's servers.
Now you have a secure "tunnel" of sorts that doesn't expose your data to others that are
also on the hotel's network.

You may have been using a VPN that is part of a security package on your PC? It probably
provides a secure connection to a server farm somewhere so you can surf without exposing
yourself to the hotel. However, now your bank doesn't "know" your computer since it is behind
the VPN and appears to be in Texas. It thinks some bad Texan is trying to access your accounts.

That's my semi-educated guess.



That's sorta what I deduced although I am not up to speed on this stuff.

My anti-virus (AVG) keeps telling me I have it but doesn't do me any
good for what I use a computer for.

--
This email has been checked for viruses by AVG.
https://www.avg.com

On Fri, 14 May 2021 15:51:35 -0400, "Mr. Luddite"
wrote:

On 5/14/2021 11:46 AM, Keyser Söze wrote:
Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.



I can't verify the accuracy of this but I heard one report that the
"hacking" was actually into Colonial Pipe's financial systems and not
the operations or equipment associated with the pipelines. Tying up
the banking and financial controls of the company is what caused it
to shut down the system. They reportedly paid a five million dollar
ransom to unlock the company's finances and hence, operations.

It makes sense that Koch Industries would be somehow tied to the
pipeline systems. One of the major business areas and products
of Koch and it's subsidiaries is steel piping. One division
built only nuclear graded products. Koch was also heavy into
gas separation systems that are used to provide oxygen, LN2 and
other gases for commercial and medical use.

That actually does make more sense. There is no good reason to have
operational controls on the internet where a hacker could get to them
but if you cut off the suppliers ability to monitor the billing, he is
not giving the product away for free.

It still makes me wonder how bad their backup regimen is that they
couldn't just wipe all of their hard drives and restore them. That
would be my plan if I was ever "ransomed". I might lose a week or
maybe even longer than that if it was a zero day time bomb attack but
I could come up enough from backups to tell them to kiss my ass.

On Fri, 14 May 2021 15:55:41 -0400, "Mr. Luddite"
wrote:

On 5/14/2021 2:47 PM, wrote:
On Friday, May 14, 2021 at 2:37:59 PM UTC-4, wrote:
On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.
That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

There pretty much aren't any "leased lines" anymore. The bell companies have
been pricing them out of existence for the last few years. You can get a data
drop at a location, but not a leased line.

Now you get a "private" IP address range that's carried on the provider's backbone.
That, along with good VPN and firewall hardware and software is supposed to
keep you safe. One thumb drive carried in a pocket with a spreadsheet from home
can screw that up.



I don't get how a VPN works. I installed one and could no longer log
into online banking because the bank's server (or something) didn't
recognize my computer or my location. (thought I was in Texas or something).

If I turned the VPN off ... everything worked fine. Turn it back on
and I am not recognized.

You probably have to go through some different verification process.
These places fingerprint your computer and if it doesn't match they
think you are someone else. You would have the same problem if you
tried to sign on from a neighbor's PC.
My broker gets pretty silly when I sign on from my laptop and it is on
the same IP address.