Stuxnet targeting specific SCADA configurations
The debate on whether or not the Israelis wrote the Stuxnet malware rages on – but it seems pretty clear from the research from ESET and Siemens own findings – here that the virus is apparently only activated in plants with a specific configuration. To be exact – the target is not the SCADA system […]
Are we glorifying the attackers and prosecuting the victims?
With all the media noise about Stuxnet, cyber war and cyber terror, I proposed taking a closer look at how we relate to the players. Whether uber hackers or PLO terrorists; are we glorifying the attackers at the expense of prosecuting the victims? In data security I don’t subscribe to utilitarian ethics (which attempts to […]
Open Source Security Testing
Pete Herzog, Founder of ISECOM, will be discussing the revised Open Source Security Testing Methodology Manual (OSSTMM v3) and how it applies to web application security today (10-13-2010) in Raleigh, NC. I’m not sure exactly if this project really qualifies as Open Source – since the license is not specified. As a methodology and not […]
Controlled private networking
This evening I was added to a FB Group – apparently – you don’t have to agree to be joined in. FB Groups is a way to organize your contacts and get better control over your social networking. It looks pretty cool to me but the New York Times suggests that Facebook groups may engender even more […]
Why software patents are a bad idea
In Bilski and software patents, Rob Tiller (vice president and assistant general counsel for Red Hat) attempts to make a case against software patents by claiming that they are abstract and therefore not patentable: In view of this serious problem, Red Hat submits that the Interim Guidance should be revised to recognize that software patents will ordinarily […]
Security theater and security politics
I had some input from colleagues on my Stuxnet posts – suggesting that I was downgrading the need to be vigilant against cyber-threats. Of course we must be vigilant, but let’s not forget a couple things: 1) We have to get the basics right – Note the Siemens guideline for implementing WinCC: “system administrator password […]
Why Stuxnet was developed by the Israelis
Who developed Stuxnet? Was Stuxnet developed by the Israeli Sigint unit 8200 or was it a group of Americans, Germans and Israelis working in collaboration? There has been a flurry of articles about Stuxnet in the Israeli papers, speculating on the source of the Stuxnet virus and discussing if this is the beginning of cyber […]
How to improve your data security in 3 steps
How to protect your systems, your most sensitive data, avoid malware infections and never have a single minute of downtime due to malware. Run Ubuntu Get your services in the cloud Practice safe computing.
Has the threat of cyberwar been grossly exaggerated?
Bruce Schneier writes that The Threat of Cyberwar Has Been Grossly Exaggerated Not unpredictably – the essay yielded a lively discussion, I agree with Bruce – especially because of all the hype around Stuxnet. On one hand – the locals in Israel more or less know, or guess who worked on the project and on the […]
Are security professionals allowed to care about money?
A psychiatrist summed up what may be the gut-level issue that plagues everyone who charges for services. He quoted an old Russian proverb: “The doctor is an angel when he tenders his cure and a devil when he tenders his bill.”
