Slashdot Mirror
Stuxnet Infects 30,000 Industrial Computers In Iran
eldavojohn writes "The BBC and AFP are releasing more juicy details about the now infamous Stuxnet worm that Iranian officials have confirmed infected 30,000 industrial computers inside Iran following those exact fears. The targeted systems that the worm is designed to infect are Siemens SCADA systems. Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States — although the US official claims they do not know the origin of the virus. Iran claims it did not infect or place any risk to the new nuclear reactor in Bushehr, which experts are suspecting was the ultimate target of the worm."
"Siemens has advised its customers not to change the default passwords"
http://news.cnet.com/8301-1009_3-20011095-83.html
great....good security there
The future of diplomacy.
I read somewhere that there are no Siemens systems in Bushehr, making that particular plant immune to this worm. Is that true?
If Iran really is trying to develop a nuclear weapons ability, then they're heading for a nasty conflict one way or another.
If conflict is inevitable, then it's probably far better for their computers to catch a nasty flu, than for people do due in a U.S./Israeli airstrike.
Really? Because, as someone who has worked in gov't related cybersecurity, I can tell you that they try all the time.
There's no shortage of reasons for hackers to want access to data (classified or otherwise) really really badly.
You just need to get the hollywood fabricated ideas about teams of small teams of omnipotent superhacker "gods" out of your mind, because they don't exist.
while(1) attack(People.Sandy);
Yeah, that'll teach'm to open up emails and PDFs titled "Death To America!" while running an OS and applications software written and controlled by a U.S. company.
no, of course they aren't omnipotent gods, but on the other hand you don't need to be a god to cause serious damage to human beings. you just need to be intelligent; properly specialized; and oddly motivated. fortunately, the old "pick two of three" rule seems to apply here. :)
I do personally know some security professionals whom I suspect would have a pretty good shot at something like this, if they were both unethical and had a little bit of inside knowledge.
admittedly, most of what i know about US gov't cybersecurity is what i read on slashdot which tends to be negative. so i am biased there. still, it's a bit hasty to assign credit to a state. small groups of the right people could get a lot done. i mean, all you need is the information; this isn't the manhattan project.
"They were pure niggers." – Noam Chomsky
I have a hard time taking it seriously that a "Nation State" is the most likely source of the infection and I have an even harder time that it is the Untited States behind it. Siemens is a huge (German) manufaturer of control systems, their equipment is installed throughout the industrialized world. The Bushehr reactor is being built with help from Russia but I am sure there are engineers from many different countries involved (notably absent would be Israel and the U.S.). These engineers should include people responsible for the security of both the Windows and the Siemens systems.
I would argue that these engineers are the likely source of the information used to create the 'worm'. They have to be. Nobody else should have the information available to them to program the specific scenero to meet all of the inputs required to cause the mayhem the worm is intended to cause.
Perhaps over a couple of beers they decided they didn't like some of the things they were seeing? Maybe they wrote the worm or maybe they just provided the information to the people that did. But either way, it reeks of being an inside job.
usb thumb drives.
Getting information was not so difficult, even from within the Manhattan Project. If a government is hellbent on infiltrating secret projects of a rival government, they sure have enough resources at hand.
cpghost at Cordula's Web.
"Hey, we just want them fucked up. We don't give a shit about the details."
Who said anything about the government? If some other nation really wanted to mess things up in the USA they'd attack banking or something (which is something Russia apparently did to Estonia in 2007 according to wikipedia).
"Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States "
How does "too complex for an individual or group" equate to "must be Israel or the United States"? I hope I'm reading this wrong.
Otherwise I might have to troll about "German companies blaming the US and the Jews for everything" or something.
do() || do_not();
are government sponsored "cyber armies," and constitute some sort of nefarious plot to bring down the United States (or Israel), then what is this?
But hey, these guys are on your team, so it's cool and it's all good, when the guys on the other team are evil demons who threaten your existence.
Nah. In Iran it'd be USB thumbscrew drives
From Slashdot: The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched.
Servers you right using Windows for anything critical. Are they waiting one month for a fix as the rest of the Windows users?
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
I think it's a stretch to make an assertion that Bush has traveled 1500 years back in time: http://en.wikipedia.org/wiki/Bushehr
Really? How big do you think the team that created Stuxnet is then? Or do you really think that one guy found 4 new zero days, wrote a P2P control mechanism, a custom kernel mode rootkit, a bunch of PLC code in an obscure form of assembly language and a shim DLL to hide the PLC infection from the operator?
The Stuxnet team is the closest thing to the Hollywood stereotype of a small team of omnipotent superhacker gods the world has seen.
So assume the US or Israel were at direct fault for this, ignoring the fallacy of "no single group" for a moment.
Why is that a problem, exactly?
We've got many, many quotes from the Iranian leaders (many of them) which are along the lines of:
* death to Israel
* we will hit Israel with a nuke
* we wish to see Israel as bright as the sun
* we can hit Europe with our ballistic missiles!
* America is our Enemy
This, all in light of their nuclear program having no explicable goal at this point aside from nuclear weaponry. A year or two ago, you could excuse it as being for 'peaceful means' but not any longer.
If someone says "I'm going to come over and beat the shit out of you sometime this week while you sleep" you act proactively, one way or another.
I would much rather the approach of calling the police and getting them put on house arrest than the approach of boarding up the guy's house and burning it down.
If people do conclude this was a US/Israel attack, they should take it as an indication to everyone watching that the US and Israel are not bloodthirsty. This is about as non-aggressive as you can get in terms of a physical attack, and the thought and planning involved is significantly more than simply launching an airstrike or missiles.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
More like middle finger drives.
Faster! Faster! Faster would be better!
The stuxnet team is most likely the product of a large intelligence department. That is to say a group effort from a nation state, not some independent hacking gods with nothing better to do.
The point is that expertise in scada, coming up with 4 zero days, getting 2 signed driver keys from JMicron and Realtek, and distributing the exploit without the internet to Iranian factories is not something a non-state can do.
a nuke plant in the U.S. was infected a while back... The contractor bypassed the firewall and hooked the system to their computers via a network connection while they were debugging the software. This inadvertently created a connection between the internal protected systems at the nuclear plant and the wide-open, wild and wooly internet. Fortunately, the plant was shut down for maintenance and no critical systems were infected.
Uhh, you're missing the GP's point. It's HIGHLY doubtful a small group of scruffy super smart hackers a la Angeline Jolie and friends in "Hackers" created this virus. Given the complexity you point out (and by the way, you missed a very important point - stuxnet utilizes stolen encryption keys from TWO Tiawanese chip manufacturers), it's much more likely that a large, coordinated government or corporate organization that was able to assemble experts from many different fields was behind the attacks.
So we're arguing about the definition whether the team was "small" or "large" then :-) Given that Stuxnet is around half a megabyte in size, I'd guess the code itself was written by a team of around 5 people, probably with each person owning an area of functionality. Say another 5 for project infrastructure, eg, building testing environments, finding the zero days and doing whatever was required to steal the digital certs.
I'm sure there is a fairly large supporting cast for this "Myrtus/Guava" project, but I'd wager a crisp benjamin the bulk of the work was done by less than 10 people. Now whether this sort of effort is "small" or "large" is a matter of perspective - for a state sponsored military project it'd be very small, for a computer virus project it'd be pretty large.
By the way, if the authors of Stuxnet are reading this - nice work, but I seriously hope you know what the hell you are doing. Remotely sabotaging industrial facilities in a part of the world that's on a political knife edge can go wrong in so many ways I don't even want to think about it.
There are some strange things that the state-sponsor theory of Stuxnet is at a loss to explain.
The first of these is the P2P update cycle of the worm. One important element of this is that to update the one has to re-seed the network with a new version. However anybody with appropriate skills can do this, so the worm could be easily retooled to strike back at the creator. The idea that a nation would be incompetent enough to allow such a weapon as this to be redirected back at their critical infrastructure doesn't sit well with me.
The second major problem has to do with the fact the virus tends to be digitally signed via stolen private keys of reputable companies from around the globe many of which have no presence in the Middle East. Theft of these private keys is suggestive of a long-term effort probably involving past viruses and trojans.
Also while Iran is a major hotspot of infections they aren't the only ones. Indonesia is a close second.
These things are easy to explain from perspective that assumes a criminal syndicate but hard to explain from the perspective of a theory of state sponsorship.
Stuxnet is groundbreaking in a large number of ways. It's also an interesting question as to whether the malfunctions in the SCADA systems expected under Stuxnet could be similar to those experienced by Deepwater Horizon before the tragic explosion. While it might not be stuxnet in that case, it raises important questions about possible consequences of such a virus. These consequences are significantly more severe for a state sponsor than for a criminal one.
LedgerSMB: Open source Accounting/ERP
ugh, I hate gingers
I do all of that while cooking my morning breakfast.
However, I am the most interesting man in the world....
Stay thirsty my friends.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
omnipotent superhacker gods the world has seen.
Ladder logic is NOT that hard. Most of the industrial companies I have worked with there is *MAYBE* 1 or 2 guys who write the whole system. The systems are pretty freeking easy to access. It is all standard control codes (otherwise no tools would work right).
These things are meant to hook together in rings of controllers that act as a unit no matter who you buy the controllers from. Many of the bigger companies such as Siemens even make it pretty easy to glue junk together with their software.
You seriously do not want to know... It is that bad. It is stuuuuuuuuuupid easy to program these things. An okayish programmer could come up with a worm in a couple of months (probably less).
The reason they are this way? You ask? Well it used to be pretty simple. They was no internet for them to get plugged into. No networks. It was all serial connections. There is no access/authentication control response from these things. You didnt want people to have access to these things. You just locked the door to the room they were in. However, over the years remote management became more common. However the access controls were never put into place.
There are millions of these fairly simple (at least compared to todays computers) controllers out there. How they work is *WELL* understood there are dozens upon dozens of websites out there that tell you exactly how to program your controller. Hell you can buy the SDKs from the major companies (they dont cost much).
The only speculation on is who wrote it. Not how easy it is. Those of us who write this sort of software know how easy it is. Then the access controls that are in place are not even very good. They are easy to brute force in under a couple of hours or so (the password space being very small, susceptible to man in the middle attacks for the longer ones, and replay attacks).
It really is as easy as putting the right bytes out on the serial line and poof the other box is reprogrammed. That is how many are programmed in the first place...
When I first started working with industrial controllers I was seriously scared. You should be too. It is that bad. It wouldnt take much. Right now the only thing is cost. As the things these sorts of things plug into cost quite a bit. The controllers are tad on the pricey side (anywhere from 200-1500 each). But the access controls on them are horrible. Making them dead easy to program.
Thanks for the tip. We'll definitely keep that in mind.
Such people are likely too inexperienced to be using suitably paranoid anti-tracking measures, so you can probably catch them. But it's a bit late by then.
Well. Let's ignore the problem of motive for now (there are far easier ways for criminals to turn a profit than this) - one has to wonder why Stuxnet is written as a traditional self-propagating virus.
Apparently it has some kind of self-kill logic which tries to ensure it doesn't spread after three "hops", which suggests whoever wrote it didn't want it to become a totally uncontrolled worldwide infection.
Presumably whoever wrote this knew they wouldn't be able to obtain actual physical access to the facility they wanted to damage, nor would they be able to insert an undercover agent, nor would they be able to compromise an existing employee. If you wanted to attack a high security facility and your intelligence agency wasn't able to penetrate it using more traditional techniques, creating a virus that spreads indiscriminately and hoping you get lucky seems like a pretty reasonable strategy.
The truth may be somewhere in the middle. The top candidates are the US and Israel based on "who dislikes Iran the most". Israeli intelligence has proven several times before they apparently don't care about being detected or involving other nations as collateral damage, see the recent UK passport forging that was a part of an assassination. A guy who used to be a director of anti-proliferation strategy for the US government has remarked that the style doesn't seem like a US operation given how much noise the approach would inevitably create, and the tremendous impact outside of the intended target.
Now obviously he is biased, but I'd tend to agree with him. It seems kind of unlikely the US would do something so dramatically non-covert. The way Stuxnet works practically guaranteed it would be eventually detected and subjected to intense scrutiny. The fact that there's so many clues and possible evidence trails lying around also suggests that whoever did it wasn't too concerned with being caught, eg, it's possible the stolen digital certs or the C&C servers will provide a trail that can be investigated.
So out of "countries that hate Iran" which of those is most likely to perform an operation that is very likely to be detected and very likely to piss off a large number of random other nations or organizations? If I had to pick an intelligence agency in the world that most resembled a criminal syndicate, the Mossad would be pretty high up the list. Speculation is fun isn't it.
Perhaps it's just the conspiracy theorist in me, but is it possible that Iran isn't the main target of Stuxnet, but just a handy diversion?
If investigations are focused on the attack on Iran, and who would benefit most from it, they may be less likely to look into who would benefit from hurting other targets (such as Indonesia, mentioned by the GP)
You can learn a lot about a person if you just take the time to inject them with sodium pentathol
We can't know for sure can we. But we might as well apply Occams Razor. Indonesia doesn't have any enemies that are both technically sophisticated and extremely aggressive. Nor does it have any industrial facilities of obviously high value. Iran has all these things.
It's a good question how so much Stuxnet ended up in Indonesia, but I suspect it's simply bad luck. If the initial infection vector was some kind of industrial contractor, it's easy to imagine that "hop zero" copies of the virus occurred in whatever countries that contractor happened to work in. The virus tries to limit its own propagation but its C&C system is really weak - only two nodes both of which are now offline. Most modern malware has much stronger C&C infrastructure than that. It can do P2P updates as well but that's got to be a slow and flaky way to update the virus. So it appears that the virus was created for a specific task and what happened after that wasn't a big concern.
just read
http://frank.geekheim.de/?p=1189
Do you have a cite for this? Also is it still this way (given the P2P component discussed in a paper on that subject by Symantec)?
Yet Indonesia has a very large number of infections too. Why are you so focused on Iran? It's not like the virus isn't prevalent in other countries as well. It's also hit India a lot harder than Pakistan.
The fact is we could build conspiracy theories out of this any number of ways. However, the fact is that the virus is programmed to REPLACE ITSELF with a new executable if it finds a newer version. Given the fact that Pakistan has not been hit much but India and Iran both have, we might suggest Pakistan the sponsor. However, I'm still assuming Russian cyber-criminals are behind this.
LedgerSMB: Open source Accounting/ERP
Searching Google for [stuxnet three hops] gives this analysis.
MB for complexity? What the fuck? That's like GHz for speed -- there is relation only when you restrict the scenario (e.g. 100% ASM). Apparently you haven't seen any 64KB demos, or 10MB STL+Boost* HelloWorld programs.
* This remark is a detraction of programmer inefficiency, not C++/STL/Boost. It doesn't occur when they are used correctly.
At this point, nobody else has confirmed this limit, right? Do we know if this affects all versions of Stuxnet? Only some versions? Does it only apply to the sneakerware portion of the attack or does a network attack count as a hop?
The reason I am asking is that the analysis I have seen on that site isn't sufficient to get to the view that it's geographically limited in terms of codebase.
LedgerSMB: Open source Accounting/ERP
Comment removed based on user account deletion
You just need to get the hollywood fabricated ideas about teams of small teams of omnipotent superhacker "gods" out of your mind, because they don't exist.
Not quite in the Hollywood image they don't, no. But assuming that such hacking is beyond the efforts of one or two highly intelligent, knowledgeable and motivated individuals is a big mistake. You just need someone with an IQ in the 150 range who reads manuals and code for fun and thinks so far outside the box he can barely see it from there.
(Some 35 years ago I routinely pwned the campus mainframe, a Burroughs B6700, through a combination of inspired guesswork (giving me access to allocated but unused accounts), dumpster diving (hey, a listing of the OS, that looks interesting. Gee, what's this string "&:*" being passed to a call that expects the [root-equivalent] password?), social engineering (me at a Burroughs sales office: "I'm a student at X, can I get some B6700 manuals?" They: "We don't have any for sale here, but [checks in back] here are some old ones I'll just give you." Systems programmer back at X: "How'd you get those? We can't even get those!") and plain outside the box thinking (Sys programmer: "but you can't edit a Burroughs backup tape!" Me: "not on the Burroughs, no. But on the IBM 360/50..." He: "Oh, shit." Being able to edit a Burroughs backup tape let you (or me) get around the fact that only a program tagged as a compiler could tag a binary file as executable, and only an operator console command could tag a program as a compiler. But if you could create your own arbitrary executable binaries, you had access to all kinds of system calls normally reserved to the OS.) Of course those were more naive, innocent times, pre Morris worm, and terms like "dumpster diving" and "social engineering" hadn't been coined yet. It's a little harder these days (back then I was barely even trying), but there are better tools available, so don't fool yourself. Script kiddies are one thing -- it's the folks inventing those scripts, or rather, the ones who invent scripts the kiddies never see, that you need to worry about.)
-- Alastair
so the worm could be easily retooled to strike back at the creator. The idea that a nation would be incompetent enough to allow such a weapon as this to be redirected back at their critical infrastructure doesn't sit well with me.
Actually that sort of incompetence strikes me as more the sort of thing a state-sponsored effort might miss as compared to a the efforts of a small group used to thinking in terms of vulnerabilities. I.e. it suggests that the group who found the exploits is different from the group who implemented the hack, which suggests a more distributed effort.
Or it could just be a small group who don't give a rat's ass about anybody's infrastructure, including their own.
-- Alastair
A small group probably doesn't have a lot of Siemens PLC's in use......
LedgerSMB: Open source Accounting/ERP
That's true but sort of the converse of what I was trying to say. Sorry for the confusion. I agree that a government could do this, but I don't see how it's necessarily too complicated for a group of skilled and motivated activists.
What I meant was, hacking doesn't take particle accelerators or other expensive components. Even if you had the information from the manhattan project, you'd need roomfuls of specialized and dangerous equipment and materials and a large diversely trained staff.
All you need for something like stuxnet is a smaller group of the "right" people and the right information, and maybe a hatful of money for PCs and some specialized hardware. I mean, I personally know people who do static analysis of computer viruses for fun. This doesn't make them virus writers - it makes them better than virus writers, if given enough time to adapt their reverse-engineering skills to reverse-reverse-engineering. Put them in a room with one or two hardware and microcode engineers with knowledge of the target Siemens chip, and I don't see how this project would not basically write itself in a month or so. What am I missing here?
It doesn't require state or massive corporate investment, so I don't see the basis for ruling out the hypothesis of a group of hacker/security activists.
"They were pure niggers." – Noam Chomsky
It's HIGHLY doubtful a small group of scruffy super smart hackers a la Angeline Jolie and friends in "Hackers"
Did you just call Angelina Jolie "scruffy"?
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I agree. Stuxnet, and who knows what will follow it, are similar to the USA Skunkworks that managed to develop and deploy the SR-71 Blackbird in complete secrecy, or before that the Manhattan Project in the USA, and the Enigma work done in Great Britain.
We have a new player on the world stage, and data security is never going to be the same again. Actually we probably have more than one new player, since there are a probably a dozen countries that are capable of doing this kind of thing. And quite possibly they've been around for a long time, hiding behind spammer botnet facades, etc. I find it suspicious that while spammer botnets are supposed to be making their fortunes by selling advertising, there has never been a serious effort to go after the companies that are apparently buying these services. I wonder how many distributors of v14gRuh there really are, and how many are virtual fronts for information gathering and disinformation distribution activities?
Hmm. I prolly read too much Philip K Dick in a younger day.
Will
The point is that expertise in scada, coming up with 4 zero days, getting 2 signed driver keys from JMicron and Realtek, and distributing the exploit without the internet to Iranian factories is not something a non-state can do.
Organized crime could theoretically do it, if they decided to invest in developing the necessary technical resources rather than just shooting people. However, organized crime would not do it without an obvious profit motive, especially given the risks (that governments might tie it to them, etc.). There does not seem to be any such motive in this case.
Um, no, the first culprit to look at is Iran itself. Shoot self in foot ...
"Tongue tied and twisted, just an Earth bound misfit
Really? Because, as someone who has worked in gov't related cybersecurity, I can tell you that they try all the time.
There's no shortage of reasons for hackers to want access to data (classified or otherwise) really really badly.
You just need to get the hollywood fabricated ideas about teams of small teams of omnipotent superhacker "gods" out of your mind, because they don't exist.
Wait, you saying my religon where i worship superhacker gods is fake?
That is hard dude, really hard.
Be seeing you...
after all iran's efforts to whitewash the internet and control what folks can access, for them to catch a virus and spread it all around is just PRICELESS. couldn't happen to a more worthy bunch of DICKS.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
My Dad went to Andover with him and listened to the "stick ball" speech, later he majored in history at Harvard, got a law degree from Columbia and a JD so I think he is entitled to his opinion both personal and historical on Bush. He says "Bush was the worst president since Harding" and "...did 100 years of damage to the US economy."
My opinion is that Bush was a kakistocracy (government by the least qualified or most unprincipled citizens) created by the dominists to defame the federal government an encourage ass-clowns the tea bag express. I think Bush was not only the worst president in living memory but more importantly he was a "domestic enemy" of the constitution who signed a law that directly attacked the 4th amendment. Harding merely allowed the secessionist southern senators to allocate money to the south after secession, a crime of inaction rather than a premeditated attack of the Constitution.
Carter, are you kidding? Not great, or even good but he didn't cause the energy crisis, he didn't cause the helicopters to flip on the way to Tehran, he sure as hell didn't negotiate, then delay the release of the hostages in an arms deal with our enemies like the Reaganites. He didn't buy into the John and Allan Dulles model of political change through CIA sponsored overthrows of democratically elected governments in Iran. Did you know that buying "Firewall: The Iran-Contra Conspiracy and Cover-up" by the Iran Contra prosecutor Lawrence Walsh used to get you on the federal watch list? I wonder why?
I am pretty sure you are repeating other people opinions without critical thought with a flippant nod to conservatives so I'll forgive you, but only barely.
Apparently the sheer sophistication and amount of code, the use of multiple zero day exploits, plus a number of fake certificates all point to an operation outside of the resources of a small team. Likewise the payload seems to be specifically targeted at a particular set-up of a PLC seems to point to sabotage/intelligence gathering rather than blackmail/extortion.
Control is an illusion, order our comforting lie. From chaos, through chaos, into chaos we fly
It seems kind of unlikely the US would do something so dramatically non-covert.
Like mine the harbors of another country while at peace...
Sheesh, evil *and* a jerk. -- Jade
Someone with a high degree of motivation and insider knowledge had to be responsible for such a pointed attack. Someone just wanting to create some havoc could have just built a worm that probes the network for modbus tcp devices and started firing values into the registers.
Got Code?
As a matter of fact, I was in my mid-20s when Carter was elected. Personally, I found him an embarrassment because he was such a wishy-washy wimp. About the only good thing I, or most of my friends have to say about him is that he made sure that Harding didn't go down in history as the worst President of the 20th Century. If you're a Democrat, you have him to blame for the three consecutive Republican terms that followed, so I'd be a tad cautious about praising him, if I were you.
Good, inexpensive web hosting
Sorry for replying twice, but this just caught my eye. You do realize, don't you, that Warren Gamaliel Harding was president from 1921 through 1923 and wasn't even born until slightly after the Civil War?
Good, inexpensive web hosting
The only speculation on is who wrote it. Not how easy it is. Those of us who write this sort of software know how easy it is.
This. Really, while I haven't worked with these particular systems I have taken courses on how to program similar systems (in an environment where real hardware and software was used and the problems given to us to solve were all "real" problems that those arranging the course had encountered themselves) and I don't really remember it being all that hard. There was documentation for pretty much everything available (and if the manufacturers of the equipment didn't want to hand out docs and hardware practically for free there were apparently plenty of companies using said gear that would happily hand over docs and gear for free just so they'd have an easier time finding new employees).
Now, after PLCs and industrial robot programming we went over to microprocessor programming (68HC11 asm to be more specific) and that's when a lot of the students seemed to start having problems, even those who had no problems with the previous parts of the course. That should give anyone who understands HC11 asm an idea of how hard it really is.
Greylisting is to SMTP as NAT is to IPv4
The Soviets also never said "we will hit the US with nukes". Instead, they were all about "world peace" and "progress". Read Churchill's Fulton speech to understand how these things work in reality.
And after the fall of the USSR it has been shown that they weren't planning to attack the US any more than the US was planning to attack them, if anything they poured a lot of resources into being able to strike back, they were terrified of the thought that the US would attack them.
But I suspect in the history books available in american schools this isn't really mentioned too much, there seems to still be a lot of fear in the US when it comes to "the red menace", "pinkos", "commies" and other bogeymen...
Greylisting is to SMTP as NAT is to IPv4
Really? How big do you think the team that created Stuxnet is then? Or do you really think that one guy found 4 new zero days, wrote a P2P control mechanism, a custom kernel mode rootkit, a bunch of PLC code in an obscure form of assembly language and a shim DLL to hide the PLC infection from the operator?
Don't forget the fake kernel drivers signed with a stolen certificate. Stealing or breaking the digital certificate used by JMicron to sign Windows kernel drivers should be out of range for even a skilled single hacker.
Oh and apparently there was a second certificate stolen/broken, this time from Realtek.
This thing is really scary. Even when you follow best practice for security in every detail, you would have no protection against something like Stuxnet.
(back then I was barely even trying)
This, in combination with the parts of your post that preceded it, is one of the funniest things I've seen on /. this month. If the Earth needs defending against aliens, I'm calling you. ;)
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
that is, if you believe in terrible things happening, you actually wind up creating the conditions for terrible things to happen, both directly and unconsciously. it does not surprise me at all that the middle east is on the brink of armageddeon style war, because of all the assholes in the middle east who so fervently believe in dusty old books full of armageddeon style war
in other words: fuck judaism, fuck christianity, and fuck islam. the world would be a much better place without the abrahamic religions. it is no coincidence at all that the middle east is a hot bed of suffering due fervent beliefs, it is a direct consequence of what the bullshit the assholes there believe in
i actually do believe it is important to have faith in something and believe in something in this world. but neither judaism, christianity, nor islam are valid things to believe in. i spit on those religions, for the suffering they have brought the world
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
It's the USraelis trying to hit the Iranian centrifuges... http://www.langner.com/en/index.htm Obvious....
Sorry I meant James Buchanan
I rather thought you did. Of course, he was a 19th Century President, and outside of our discussion. As I wrote earlier, I remember the Carter Years directly and as an adult, and I think he was a piss-poor President, much worse than Bush Jr. Not that I think either Bush was that great, mind you, but having lived through all of their administrations I'd have to say that Carter was the worst of the three.
Good, inexpensive web hosting
How about a state with some rogue agencies that act like a criminal syndicate or are working in association with one? History turns up a few of those we know about just about everywhere. Also, assuming no criminal involvement, how many agencies with international aims really care about blowback anyway since that's going to be somebody else's problem? The finger only gets pointed at Israel only because it looked like they had a death squad active in Dubai recently. People pointing to Israel for this one are only guessing.
really, i guess the 409 crew is a myth then?
one of the funniest things I've seen on /. this month. If the Earth needs defending against aliens, I'm calling you. ;)
Heh, thanks!
(Speaking of funny and defending against aliens, you might like my story "The Gremlin Gambit", see my stories page.)
-- Alastair
So when they call tech support and inevitably speak to some one in India, Is the technician allowed to use a name that is appropriate to the region or will they still be forced to use a fake American name, such George?