Shouldn't systems Like LZB or ETCS bei mostly protected against radio interference as only the Last section (centimeters) needs to bei transmitted wirelessly? Are they used in the line or did they opt for something else?
Yeah, generally that’s true - it’s certainly not a long-range system. I’m not clear on what the actual problem is at Stratford, but I do know these systems can be quite sensitive and it can be tricky to ensure they operate reliably alongside each other.
In the case of Crossrail the core (new tunnels) use CBTC signalling, I think based on Siemens TrainGuard - I think the specification of the project predates ETCS being proven as a viable solution for this particular kind of service. The services leaving Stratford to the East use TPWS/AWS in common with most services on the UK mainline network.
The challenge is in the transition between the two systems, as I understand it - anything out of the ordinary and the train will of course come to an immediate halt.
By my understanding the RCE part of the exploit should not apply to recent java versions if the default options are used (minecraft shipped older version afaik, and all bets are off for unmaintained enterprise applications).
The data extraction however will work on any java version if the server in question has the capability to connect to a server under the control of an attacker, as the network request will be performed even if the JVM options that should avoid the RCE are enabled. Big problem for client applications (as usually most outgoing connections are allowed).
A bit harder to evaluate the impact in the enterprise context as many companies will not allow their servers to connect to "random" endpoints or at least require target-specific proxies to connect to the internet/intranet which makes this harder to exploit.
Classic .net deployments are regarded as system components, they will receive security updates as long as the supporting OS is supported(that's at least the sales pitch we received) So 4.6 on Windows 10 will be supported at least till 14th October 2025 and 4.7 on Windows 10 at least until 13th October 2026 (if you are willing to pay Microsoft for that)
The Amazon release promises support out to that date.
There's fairly good business reason to think that, if OpenJDK continues to be popular and relevant (as I expect it will be), that Amazon will continue to extend that date, keeping it roughly four to five years in the future each time. They're giving confidence in the long-term support of Java on their platform, not making an indefinite promise about the future.
The Coradia LINT platform this train is based on is built in Germany. Alstom has two locations within Lower Saxony (which is the state funding a lot of this).
No enforcement agency is required to enforce this law. Rightholders will sue non-filtering platforms over potentional lost sales due to their "wilful negligence".
And if the offending platform has any business in Germany (or another country with similar laws) this will be a gold mine for any law business issuing cease and desist letters in the name of competing plattforms.
https://www.postgresql.org/docs/current/storage-hot.html