The evil hacker will just buy a bunch of systems, analyze it and find the vulnerabilities. This completely independent of the disclosure. Stuxnet was developed before this disclosure and I think the vulnerabilities used by Stuxnet are still there.
This is why security by obscurity does not work in the real world.
Most definitely. Comments about someone not being able to afford to buy the devices not withstanding, it is very much what someone would do if they were to attack a system or come up with a new Stuxnet type piece of malware. Someone always has the wherewithal and resources to accomplish this sort of thing.
That's specifically not what they're doing...telling the affected people about it. They're keeping that information to themselves- because it might reveal the exploits in question. As for not disclosing because the bad-guys might figure it out...heh...keep fooling yourselves folks. The bad-guys almost always KNOW about them- it's why they call 'em "0-dayz".
Stuxnet doesn't "target" anything other than Windows SCADA systems (which should cause concern when you see those three words together...), notably those from Seimens. Anywhere you've got one of those SCADA systems, you've got a possibility of Stuxnet. It's just that Iran was using them for their process control systems for the enrichment plant.
It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.
Fiber would be much more difficult to splice and bring in.
Heh... All it takes is a bit more effort- but it'd be a bit more obvious to pop a passive tap in a fiber run since they're not small. Sadly, it's not sound thinking all the same. The attackers are as likely to attack the end-nodes of the system where the security is much, much weaker and there's copper to be compromised before it gets to the fiber loops. You can do as much or more damage by dinking with a substation's setup as with the generation plants themselves.:-D
Depends on the design. Properly designed setups will have an air-gap and only data transfer via sneakernet in the form of a hard-disk or similar coming from the SCADA to the corporate systems. Real-time's desirable- but for some networks, having the hole's too much of a risk- especially if you've got a Windows based HMI system or similar in the mix. Seriously.
Do you audit it often to make sure it's still air-gapped like you think it is? Many of the audits at power utilities where they had the same thinking had pro-sumer routers or switches tying the networks together that were done in a pinch for some ease of deployment thing or ease of use thing and then got forgotten.
Heh... If they think that those patches will get deployed in a timeframe measured in anything other than months or years, they're kidding themselves...
SCADA systems typically don't get patched- and when they do or get upgraded, it's a "big thing".
Yeah, they're a bit cleaner. The big problem is that it's not just a Siemens problem. It's endemic throughout the industry in varying ways.
Networks that're claimed to be air-gapped- but aren't because of "ease of use" concerns. Networks that shouldn't have a single Windows box because of that risk that do. And, so on and so forth.
That still didn't bring the fastest processor architechture into mainstream use- even when it was only slightly more expensive and FX!32 offered compelling performance for the platform. There's a hint there.
Ah, but it doesn't seem that they need to do that, now do they? NVidia's demoed a part that's roughly in the performance domain of a Core Duo 5500, with a power envelope that's about 1/2 of the current Atoms. There's a hint there. As for people worrying about duopolies of WinARM...heh...WinTel's only powerful because of all the applications that you can just drop on the machine. Only one app on Windows 8 for ARM right now. How many are on Android/Linux? Full-fledged, usable apps?
They're going to try to run up the flagpole that it's "easy" to make apps for the new version of the OS (Like they tried to do with WinCE...this time, it might be close to true... >:-D).
If it's under the GPL and LGPL, it's going to be a rough case Attachmate would be making, considering that it's open licensed and they just kicked the team to the curb. Unless Attachmate has enforceable non-competes, along with carrying Mono forward, they're not going to have all that much of a case. Violating Copyright? Not really.
As much as I wish that this stuff would have MS take the spectre of patent lawsuits away from this, or better yet, just die the death it needs to- this isn't a concern I have for it all.
Not so irrational. Unless you're post-filtering the water coming from the tap, it's got all sorts of stuff still in the water that can be objectionable, harmful over time, etc. Bottled water took off because the water was purified and sterilized so it could be kept without adding things like Chlorine/Bromine/Iodine to sterilize it over time, coupled with stuff like you pooh-pooh in #3 (If I'm not drinking very much tap water, I'm not drinking much fluorides now am I?).
Me, I post-filter the water for a lot less overall expense and only buy stuff like bottled water so that I've got something like what I want while on the road. But then, I'm sure you buy a lot of sodas...which are litte more than carbonated, flavored, bottled water. I can manage most of that myself too (and have to- most places still don't carry Splenda or Stevia sweetened sodas...and I can't do Nutrasweet or Sugar...)
Actually, it appears to work on more than just those 5 (Reports of the Incredible working just fine...I'll have an Iconia A500 report here shortly...). It's just that they've CERTIFIED it to work with those 5 and officially support it there. BIG difference than the line you're running up the flagpole.
It did it once before, actually. We're hanging on that same damn precipice and about to fall in the same hole- doing the same damn stupid things that we did back then.
We can pull back from the crater that was the Great Depression but only if we disabuse ourselves of notions of "stimulus" spending, things like Obamacare, offshoring and a raftload of other idiotic notions we seem to have about things.
Yep. Amazing, isn't it? My Nook's in the same class of tool. And, we won't get into my Iconia Tab, or my netbook (Heh...) or the Laptop I've got. Sorry, I wish people wouldn't gee-whiz over this stuff. Seriously. You can actually GET the same basic deal Google's peddling with your described setup plus 3G/4G access for $150-200 purchase and $50/mo. If you subsidize it via credit card, it ends up being...wait for it...$20/mo for the life of the service contract and a $50/mo service contract from ANY of the providers right at the moment. And while you don't get the "convenience" Google's flogging on devices, you actually DON'T want this because you can't use it at all if you don't have WiFi or 3G/4G coverage- period.
Indeed. However...it's nothing special. No access, no use. With a Thinkpad, you're going to have it's use and a lot more capabilities for that slight increase in expense. With the Chrome "laptop", you'll need 3G/WiFi access to use it- period. And if you think that you're getting it, including the 3G for $20-ish per month, I've got a bridge to sell you. Only slightly used and it's cheap.
Uh, it said you had a 3G modem in the device- not that this included the plan. There's LOTS of netbooks that've got 3G or WiMax included in the device- but the service doesn't come with the device. Try somewhere along $20-ish per month for the Chrome "laptop" and another $20-50 (or MORE if you're a heavy user...) for the 3G access deal. So, the device is in keeping with a netbook offered by the Telcos coupled with a data plan... Nothing special, and certainly nothing cheaper, really.
You're talking more akin to $70-80/mo for it to be even remotely useful- and I can show you places that you could use a Laptop just fine and the Chrome "Laptop" would make for a poor doorstop. (Heh... Somewhere in the middle of the Front Range in Colorado, for example... They'd be usable in most of Estes Park, but in the large, worthless elsewhere along US-36, US-34, CO-7, etc...)
Slashdot Mirror
Most definitely. Comments about someone not being able to afford to buy the devices not withstanding, it is very much what someone would do if they were to attack a system or come up with a new Stuxnet type piece of malware. Someone always has the wherewithal and resources to accomplish this sort of thing.
That's specifically not what they're doing...telling the affected people about it. They're keeping that information to themselves- because it might reveal the exploits in question. As for not disclosing because the bad-guys might figure it out...heh...keep fooling yourselves folks. The bad-guys almost always KNOW about them- it's why they call 'em "0-dayz".
Stuxnet doesn't "target" anything other than Windows SCADA systems (which should cause concern when you see those three words together...), notably those from Seimens. Anywhere you've got one of those SCADA systems, you've got a possibility of Stuxnet. It's just that Iran was using them for their process control systems for the enrichment plant.
It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.
Considering that they've done the Cloud Music storage deal without licenses, I don't buy that line of reasoning.
Heh... All it takes is a bit more effort- but it'd be a bit more obvious to pop a passive tap in a fiber run since they're not small. Sadly, it's not sound thinking all the same. The attackers are as likely to attack the end-nodes of the system where the security is much, much weaker and there's copper to be compromised before it gets to the fiber loops. You can do as much or more damage by dinking with a substation's setup as with the generation plants themselves. :-D
Depends on the design. Properly designed setups will have an air-gap and only data transfer via sneakernet in the form of a hard-disk or similar coming from the SCADA to the corporate systems. Real-time's desirable- but for some networks, having the hole's too much of a risk- especially if you've got a Windows based HMI system or similar in the mix. Seriously.
Do you audit it often to make sure it's still air-gapped like you think it is? Many of the audits at power utilities where they had the same thinking had pro-sumer routers or switches tying the networks together that were done in a pinch for some ease of deployment thing or ease of use thing and then got forgotten.
Heh... If they think that those patches will get deployed in a timeframe measured in anything other than months or years, they're kidding themselves...
SCADA systems typically don't get patched- and when they do or get upgraded, it's a "big thing".
Yeah, they're a bit cleaner. The big problem is that it's not just a Siemens problem. It's endemic throughout the industry in varying ways.
Networks that're claimed to be air-gapped- but aren't because of "ease of use" concerns.
Networks that shouldn't have a single Windows box because of that risk that do.
And, so on and so forth.
Uh... Define WHICH ARM you're talking about. Cortex-A8/A9 has an FPU and SIMD as an option (NEON's on OMAP3/4 but not in Tegras, for example...).
You mgiht want to re-educate yourself about the ARM- your info is woefully inadequate.
That still didn't bring the fastest processor architechture into mainstream use- even when it was only slightly more expensive and FX!32 offered compelling performance for the platform. There's a hint there.
Ah, but it doesn't seem that they need to do that, now do they? NVidia's demoed a part that's roughly in the performance domain of a Core Duo 5500, with a power envelope that's about 1/2 of the current Atoms. There's a hint there. As for people worrying about duopolies of WinARM...heh...WinTel's only powerful because of all the applications that you can just drop on the machine. Only one app on Windows 8 for ARM right now. How many are on Android/Linux? Full-fledged, usable apps?
They're going to try to run up the flagpole that it's "easy" to make apps for the new version of the OS (Like they tried to do with WinCE...this time, it might be close to true... >:-D).
If it's under the GPL and LGPL, it's going to be a rough case Attachmate would be making, considering that it's open licensed and they just kicked the team to the curb. Unless Attachmate has enforceable non-competes, along with carrying Mono forward, they're not going to have all that much of a case. Violating Copyright? Not really.
As much as I wish that this stuff would have MS take the spectre of patent lawsuits away from this, or better yet, just die the death it needs to- this isn't a concern I have for it all.
Not so irrational. Unless you're post-filtering the water coming from the tap, it's got all sorts of stuff still in the water that can be objectionable, harmful over time, etc. Bottled water took off because the water was purified and sterilized so it could be kept without adding things like Chlorine/Bromine/Iodine to sterilize it over time, coupled with stuff like you pooh-pooh in #3 (If I'm not drinking very much tap water, I'm not drinking much fluorides now am I?).
Me, I post-filter the water for a lot less overall expense and only buy stuff like bottled water so that I've got something like what I want while on the road. But then, I'm sure you buy a lot of sodas...which are litte more than carbonated, flavored, bottled water. I can manage most of that myself too (and have to- most places still don't carry Splenda or Stevia sweetened sodas...and I can't do Nutrasweet or Sugar...)
Heh... SCORE!!!
Actually, it appears to work on more than just those 5 (Reports of the Incredible working just fine...I'll have an Iconia A500 report here shortly...). It's just that they've CERTIFIED it to work with those 5 and officially support it there. BIG difference than the line you're running up the flagpole.
Heh... If the sandboxing doesn't shield against a pwn of a bundled app or a non-bundled one, then it's not really sandboxing, now is it?
It's a Flash AND a Chrome pwn.
It did it once before, actually. We're hanging on that same damn precipice and about to fall in the same hole- doing the same damn stupid things that we did back then.
We can pull back from the crater that was the Great Depression but only if we disabuse ourselves of notions of "stimulus" spending, things like Obamacare, offshoring and a raftload of other idiotic notions we seem to have about things.
Ah...but the reality is... If they can't afford to BUY the stuff to be consumed, then they won't.
Yep. Amazing, isn't it? My Nook's in the same class of tool. And, we won't get into my Iconia Tab, or my netbook (Heh...) or the Laptop I've got. Sorry, I wish people wouldn't gee-whiz over this stuff. Seriously. You can actually GET the same basic deal Google's peddling with your described setup plus 3G/4G access for $150-200 purchase and $50/mo. If you subsidize it via credit card, it ends up being...wait for it...$20/mo for the life of the service contract and a $50/mo service contract from ANY of the providers right at the moment. And while you don't get the "convenience" Google's flogging on devices, you actually DON'T want this because you can't use it at all if you don't have WiFi or 3G/4G coverage- period.
Indeed. However...it's nothing special. No access, no use. With a Thinkpad, you're going to have it's use and a lot more capabilities for that slight increase in expense. With the Chrome "laptop", you'll need 3G/WiFi access to use it- period. And if you think that you're getting it, including the 3G for $20-ish per month, I've got a bridge to sell you. Only slightly used and it's cheap.
Uh, it said you had a 3G modem in the device- not that this included the plan. There's LOTS of netbooks that've got 3G or WiMax included in the device- but the service doesn't come with the device. Try somewhere along $20-ish per month for the Chrome "laptop" and another $20-50 (or MORE if you're a heavy user...) for the 3G access deal. So, the device is in keeping with a netbook offered by the Telcos coupled with a data plan... Nothing special, and certainly nothing cheaper, really.
And the other shoe drops... >:-D
You're talking more akin to $70-80/mo for it to be even remotely useful- and I can show you places that you could use a Laptop just fine and the Chrome "Laptop" would make for a poor doorstop. (Heh... Somewhere in the middle of the Front Range in Colorado, for example... They'd be usable in most of Estes Park, but in the large, worthless elsewhere along US-36, US-34, CO-7, etc...)