Some of the biggest businesses in the world still run legacy systems somewhere in their organization. I work for one of the top 5 retail data processors in the world and we have a handful of ancient legacy apps that can’t run on anything more modern than Server 2012.
And almost none of them take the proper precautions for vulnerable systems.
I mean for fuck’s sake, Office Depot’s Southeastern regional headquarters’s HVAC system is (well as of 2019 when I last checked) is controlled by a truly decrepit Windows 2000 box THAT IS NETWORK CONNECTED!
We’re still running a CNC mill powered by DOS. It’s in great mechanical shape, the legacy software makes a specific product that we have a good market for, it’s obviously a completely standalone unit with no security concerns.
It’s kind of ridiculous actually, we’ve upgraded the mainboards and processors from 486 to Celeron, SSDs with SATA-> IDE adaptors etc but the software and the hardware drivers run on DOS and there’s no practical upgrade path. We will run her until she can’t make tooling anymore
Used to support a pick-and-place line for SMT that still ran on DOS, it’s exactly as you say. We upgraded every bit of it but when we tried to get a hold of the software co that made the instructions, and found out that all but one of them had passed away from old age and no one had the source anymore.
As far as I know they’re still using it.
Another reason I am a big proponent of Open Source.
I’ve been collecting any and all documentation pertaining to this machine and in many cases the guys I’ve ended up talking to are the only ones who haven’t retired. Fortunately everyone so far has been happy to give me a huge data dump of everything on their drives, knowing that nobody on their end will be available to support it in a few years.
What really scares me is not the software but the aging protocols that talk to obsolete hardware. Lose one of the old AC servomotor drives and good luck finding a way to integrate a modern unit. Easy enough to mate something up to the motor and feedback, not so easy to get it to speak whatever specific flavour of SERCOS was used on the machine. At least it isn’t a proprietary protocol… I’m still hoping I never have to do it.
All it takes is one compromised device, and there isn’t a single company I’ve worked for (and I’ve worked for several bigger ones) that didn’t have at least one vulnerable device network connected.
Companies probably will.
Hahahahahaha…breathes…,… hahahahah
But in all seriousness, they %100 will not. There are still companies that have winxp machines and servers on 2000/2003.
There is an entire sector of the secops industry built on protecting these machines.
Not 100%, but most big businesses will.
Some of the biggest businesses in the world still run legacy systems somewhere in their organization. I work for one of the top 5 retail data processors in the world and we have a handful of ancient legacy apps that can’t run on anything more modern than Server 2012.
And almost none of them take the proper precautions for vulnerable systems.
I mean for fuck’s sake, Office Depot’s Southeastern regional headquarters’s HVAC system is (well as of 2019 when I last checked) is controlled by a truly decrepit Windows 2000 box THAT IS NETWORK CONNECTED!
We’re still running a CNC mill powered by DOS. It’s in great mechanical shape, the legacy software makes a specific product that we have a good market for, it’s obviously a completely standalone unit with no security concerns.
It’s kind of ridiculous actually, we’ve upgraded the mainboards and processors from 486 to Celeron, SSDs with SATA-> IDE adaptors etc but the software and the hardware drivers run on DOS and there’s no practical upgrade path. We will run her until she can’t make tooling anymore
Used to support a pick-and-place line for SMT that still ran on DOS, it’s exactly as you say. We upgraded every bit of it but when we tried to get a hold of the software co that made the instructions, and found out that all but one of them had passed away from old age and no one had the source anymore.
As far as I know they’re still using it.
Another reason I am a big proponent of Open Source.
I’ve been collecting any and all documentation pertaining to this machine and in many cases the guys I’ve ended up talking to are the only ones who haven’t retired. Fortunately everyone so far has been happy to give me a huge data dump of everything on their drives, knowing that nobody on their end will be available to support it in a few years.
What really scares me is not the software but the aging protocols that talk to obsolete hardware. Lose one of the old AC servomotor drives and good luck finding a way to integrate a modern unit. Easy enough to mate something up to the motor and feedback, not so easy to get it to speak whatever specific flavour of SERCOS was used on the machine. At least it isn’t a proprietary protocol… I’m still hoping I never have to do it.
Sigh. You said it yourself, somewhere. Not everywhere.
And this distinction is important why?
All it takes is one compromised device, and there isn’t a single company I’ve worked for (and I’ve worked for several bigger ones) that didn’t have at least one vulnerable device network connected.