The Stuxnet Encyclopedia

Symantec published the most comprehensive and detailed analysis of the Stuxnet virus to date.

2011 at its Prime

The fact that 2011 is a prime number didn’t escape the mathematical inclined minds. Moreover, as tweeted @mathematicsprof 2011 can be expressed as the sum of the 11 consecutive primes 157+163+167+173+179+181+191+193+197+199+211.

This already sets the stage for a year that, I will dare to predict, will not be easily forgotten. A confluence of processes already in motion may result in drastic changes for the world and in particular the Internet. To wit:

  • Cyber-attacks can get ‘physical’ as the stuxnet virus proved,
  • There is a struggle to control the internet at all levels,
  • Privacy and mobile computers have compatiblility issues,
  • All this against the backdrop of economical and political turmoil.

 

As the Chinese say “May you live in interesting times” ….

 

Stuxnet virus demonstration

Symantec released a video showing how the Stuxnet infect a PLC module attached to an air pump. See the Stuxnet virus in action

Now we are really secure….

That is a good idea, take your source code and give it to some guy bent on getting all your secrets to increase the security of your data:

Security Nightmare: Chinese Government Has Microsoft Windows Source Codes.

The world is REALLY in the hands of crazy people

Beyond Silicon

A breakthrough in material technologies that can extend Moore’s Law for a few more years.

Speaking about the successful creation of a metal-insulator-metal diode, Douglas Keszler a distinguished professor of chemistry at Oregon State University said

“This is a fundamental change in the way you could produce electronic products, at high speed on a huge scale at very low cost, even less than with conventional methods. It’s a basic way to eliminate the current speed limitations of electrons that have to move through materials.”

Read more

Not so quietly…

I have posted before on the increasing threat related to hardware vulnerabilities that are becoming a matter of national security.
Some background information here.
[To be continued…]

Pipes and Bytes

There is another security threat that has being brewing for a long time now. This time is about the computers that control Industrial Processes and Utilities.

In the last few years the trend was to move all these dedicated systems to Windows based system. Windows have a lot of advantages, mainly related to the fact that applications are easier and cheaper to develop than any of the alternative. The availability of inexpensive hardware and thousands of developers, make the platform very competitive. The infrastructure afforded by the Internet bring the additional bonus that all these processes can be managed remotely with very little additional investment, a big incentive for companies to move their connectivity to a Wide Area Network situation.

The problem with this state of affairs (Windows system connected to the internet controlling vital equipment) is security. Although Microsoft have made progress improving the security of their OS’s, you don’t have to search very hard to find a staggering number of security holes still open. Moreover, keeping a Windows system secure requires a lot of vigilance and a proactive approach, not always a concern that has high priority for the operating companies. In many instances, management may not even be aware of the magnitude of the problem.

Because of the criticality of some pieces of equipment, the issue is one of national security. Sabotage by terrorist groups or enemy states would acquire a whole new meaning when somebody has the power to shut-down a significant portion of a country’s electric grid or water supply.

As it is usually the case with widely interconnected systems, the weakest link can be exploited by hackers to gain access to the system, thus, no matter how strong the protection of the important nodes is, failure to protect every possible node could bring the whole system down.

The problem certainly caught the attention of security experts and practitioners since at least a decade ago. Here some references to the problems from the SANS Institute reading room.

The ideas being floated around the concept of bug ridden smart-meters for the distribution grid will add another spin to this issue.

 

 

SSL 3.0 / TLS subjected to Man in the Middle Attack

An “Authentication Gap” was discovered in the latest version of SSL/TLS protocol.This could potentially be a huge problem. The gap is not due to some erroneous implementation, it is a property of the protocol.

Here is a list of links to websites where the issue is being followed:

http://www.phonefactor.com/sslgap/

IETF resources

Red Hat

SANS.org

Dark Fiber and White Space

Two underused resources, “Dark Fiber” and “White Space” are to be taken advantage of to increase the power of the network.

 

One application seeks to use optic fiber that has being laid but not being used to enable the establishment of secure keys using quantum technology http://www.technologyreview.com/computing/23317/page1/

The other is a wireless network in which the information is carried in the unused interstices of the TV spectrum. http://www.technologyreview.com/communications/23781/

Facebook and privacy

It looks like Canadian laws are finally forcing Facebook to play nice with their users’ personal information.
read the whole article http://www.financialpost.com/news-sectors/technology/story.html?id=1902992