I agree totally. However if that's what the retards at Siemens give customers Iran has the choice to use it or reverse engineer it and setup their own software. Reverse engineering this stuff might well take years.
"Stuxnet was not purged from Iran's nuclear sites... in recent days that it is installing newer and faster centrifuges at its nuclear plants and intends to speed up the uranium enrichment process, according to the country's foreign ministry."
So... now they are installing newer and faster centrifuges to get the job done faster and better... talk about backfire Yay!?
The broken centrifuges must have cost an absolute fortune. However the development costs of something like stuxnet may well have cost more. The last thing I read on stuxnet said it contained 4 zero days and valid signed drivers from JMicron and RealTek. This thing is light years beyond the capabilities of the half-hearted IT 'consultants' like Wipro, Infosys, EDS. It's light years beyond the capabilities of any known government agency who screw up big time on even small projects.
However as you say the result is that it slowed Iran down a bit and wasted a load of Iranian money. Nothing more.
Stuxnet is a really complex and well thought out windows worm but it's not magic and it can be beaten. Abusing holes in windows isn't some new thing that stuxnet invented.
Dealing with windows worms isn't nearly as complex as creating them.
Easy clean up process: 1) Disconnect affected windows machines from your network. 2) Overwrite the disks on these machines with zeros at least once. 3) Physically break the USB, firewire, sound, floppy connectors, extra disk connectors, serial ports, parallel ports on the motherboard of these computers. Break them in such a way they can't be fixed without significant effort. 4) Reinstall windows from clean CDs. Do not connect the machine to any network. 5) Reinstall SCADA software from clean CDs. Do not connect the machine to any network. 6) Setup one OpenBSD filtering bridge per SCADA control system to filter traffic to and from your new control machine and only allow traffic you have to. That means SCADA control traffic only. No windows update, no anti-virus updates, no domain authentications, no STP, and if possible not even ARP. Test with tcpdump and if 1 single network packet you don't fully understand gets though start again from step 1.
Done.
BTW I'm not a US citizen, a US visa holder, or in US controlled territory. I suspect that any US citizen or anyone in US controlled territory who assists Iran in any way is committing a criminal act. US export laws.. land of the free.. my arse.
Well, if you're running a business you should have your own internet address and preferably your own mail server, but for a personal address the free ones are far superior. If I change ISPs I have to change email addresses as well if that's the address I use. With something like Yahoo or Hotmail it doesn't matter who your ISP is.
I learned this the hard way. The School of Hard Knox has the highest tuition and the best teachers.
You learned the hard way to use the bad option because it's better than the very bad option.
You misunderstood the lesson your 'School of Hard Knox' taught you.
Exchange is junk. You need three servers just to run a single mailbox: exchange server, PDC, BDC. The performance is terrible compared to any any modern mailer on any modern unix and the costs are astronomical.
Postfix on Linux will run 50 or so mailboxes with a few hundred mails each a day on a 486 without showing much strain. Exchange needs 3 DL380 servers just to boot..
because someone has to actually host the mailserver. Not everyone knows how to do that themselves.
You have the option of paying a company to do it or use a free service like hotmail/gmail/yahoo(not sure if yahoo or hotmail let you use your own domain, I don't touch them)
The problem with free services is that they are paid for somehow. In Google's case by trolling though your private data and serving you adverts.
If you give all your data to google you can't get it back, you can't delete it, it looks like they keep a copy forever.
I don't understand what the big deal over gmail is. The interface is nasty. Labels are ridiculous; give me proper folders any day.
Webmail might be useful when you're not near your own computer, but I'd prefer a fully-fledged MUA over any of the available webmail interfaces any day.
Webmail can be convenient when you are away from any device you can get a real MUA on. That's why I use roundcube mail. Squirrelmail and illohamail are also popular.
Webmail is just an interface, it doesn't mean giving all your data away when you host the webmail yourself.
If you have lots of important things in mail you should not be storing them in a free mail service. You certainly should not be storing them in a free mail service that searches though your mail in order to show you adverts.
Perhaps we should all cancel our Google+ accounts, stating that we do it because:
Not all of us are such sad, trendy, hopeless cases to have signed up for a google+ account in the first place.
You want to give all your social network information to a company that makes money by indexing other people's data? Sounds pretty silly to me.
To compare: if Google buys a company, there's a good chance they'll handle the existing userbase reasonably well. If Oracle buys a company, the user base is almost guaranteed to be fucked over.
Oracle are just following their own corporate slogan: 'Maximize profit by herding slaves onto the upgrade treadmill'.
Don't try to fool me. Everybody knows that chiropractic medicine is quack science, just like global warming or vaccinations for children. The truth is that subluxations are easily cured with a homeopathic bleach solution. And don't get me started on radiation. Just sleep under a crystal pyramid each night like a normal person and you don't have to worry about radiation. Or Thetans.
Don't try to out-looney the resident looney. It won't work.
You are a loony. People will dismiss what you say as lonny babble and may associate your nonsense with the real reasons to avoid the TSAs lightly tested radiation machines.
You do the world a great disservice with your crazy talk.
Oh, right... We can fully expect our friendly ISPs to go along with this nice, convenient fully centralized 'service'... Pleeeze
Worse than that, the ISPs would have to perform deep packet analysis and attempt decryption on every HTTPS connection going though their core routers. Any design that depends on increasing CPU load on core routers by at least an order of magnitude just isn't going to work.
Also the system relies on ISPs, many of them, keeping the magic private key secret from whoever the censor is. That's much too risky to bet your freedom on.
Indeed, in most cases this works... unless the DHCP server is smart enough to know that the re-request came way too early (the Mac still has a lease, and it's still valid several hours...)
What DHCP server behaves in that way? It sounds likely to go wrong.
Slashdot Mirror
No I'm not. Put a filtering bridge in front of every windows SCADA control system.
Computers are cheap.
Is Twitter Rendered Obsolete By Google+?
No.
Iran were only less skilled at censorship and keeping the lid on. Your country was better at it.
WTF? There's this site called Wikileaks... you may have heard of it...
Do you believe the leaks on wikileaks detail every single incident that the public has the right to know about?
The US would consider an attack of this type an act of war....
Hasn't the US been at war basically non-stop since the war of independence? The US doesn't seem to need much pushing to go to war.
So you're taking the Iranians' word that the virus they caught came from the US.
It would be sensible to assume that stuxnet came from the country with the most to lose if Iran ever got nuclear weapons. That would be Israel.
There is no way of being sure though. There are no doubt many things going on that we don't know about.
Dont use industrial machines that run Windows....
Just saying.....
I agree totally. However if that's what the retards at Siemens give customers Iran has the choice to use it or reverse engineer it and setup their own software. Reverse engineering this stuff might well take years.
"Stuxnet was not purged from Iran's nuclear sites... in recent days that it is installing newer and faster centrifuges at its nuclear plants and intends to speed up the uranium enrichment process, according to the country's foreign ministry."
So...
now they are installing newer and faster centrifuges to get the job done faster and better... talk about backfire
Yay!?
The broken centrifuges must have cost an absolute fortune. However the development costs of something like stuxnet may well have cost more. The last thing I read on stuxnet said it contained 4 zero days and valid signed drivers from JMicron and RealTek. This thing is light years beyond the capabilities of the half-hearted IT 'consultants' like Wipro, Infosys, EDS. It's light years beyond the capabilities of any known government agency who screw up big time on even small projects.
However as you say the result is that it slowed Iran down a bit and wasted a load of Iranian money. Nothing more.
Stuxnet is a really complex and well thought out windows worm but it's not magic and it can be beaten. Abusing holes in windows isn't some new thing that stuxnet invented.
Dealing with windows worms isn't nearly as complex as creating them.
Easy clean up process:
1) Disconnect affected windows machines from your network.
2) Overwrite the disks on these machines with zeros at least once.
3) Physically break the USB, firewire, sound, floppy connectors, extra disk connectors, serial ports, parallel ports on the motherboard of these computers. Break them in such a way they can't be fixed without significant effort.
4) Reinstall windows from clean CDs. Do not connect the machine to any network.
5) Reinstall SCADA software from clean CDs. Do not connect the machine to any network.
6) Setup one OpenBSD filtering bridge per SCADA control system to filter traffic to and from your new control machine and only allow traffic you have to. That means SCADA control traffic only. No windows update, no anti-virus updates, no domain authentications, no STP, and if possible not even ARP. Test with tcpdump and if 1 single network packet you don't fully understand gets though start again from step 1.
Done.
BTW I'm not a US citizen, a US visa holder, or in US controlled territory. I suspect that any US citizen or anyone in US controlled territory who assists Iran in any way is committing a criminal act. US export laws.. land of the free.. my arse.
Well, if you're running a business you should have your own internet address and preferably your own mail server, but for a personal address the free ones are far superior. If I change ISPs I have to change email addresses as well if that's the address I use. With something like Yahoo or Hotmail it doesn't matter who your ISP is.
I learned this the hard way. The School of Hard Knox has the highest tuition and the best teachers.
You learned the hard way to use the bad option because it's better than the very bad option.
You misunderstood the lesson your 'School of Hard Knox' taught you.
Do not forget Exchange as well.
Exchange is junk. You need three servers just to run a single mailbox: exchange server, PDC, BDC. The performance is terrible compared to any any modern mailer on any modern unix and the costs are astronomical. Postfix on Linux will run 50 or so mailboxes with a few hundred mails each a day on a 486 without showing much strain. Exchange needs 3 DL380 servers just to boot..
because someone has to actually host the mailserver. Not everyone knows how to do that themselves.
You have the option of paying a company to do it or use a free service like hotmail/gmail/yahoo(not sure if yahoo or hotmail let you use your own domain, I don't touch them)
The problem with free services is that they are paid for somehow. In Google's case by trolling though your private data and serving you adverts. If you give all your data to google you can't get it back, you can't delete it, it looks like they keep a copy forever.
I don't understand what the big deal over gmail is. The interface is nasty. Labels are ridiculous; give me proper folders any day.
Webmail might be useful when you're not near your own computer, but I'd prefer a fully-fledged MUA over any of the available webmail interfaces any day.
Webmail can be convenient when you are away from any device you can get a real MUA on. That's why I use roundcube mail. Squirrelmail and illohamail are also popular. Webmail is just an interface, it doesn't mean giving all your data away when you host the webmail yourself.
If you have lots of important things in mail you should not be storing them in a free mail service. You certainly should not be storing them in a free mail service that searches though your mail in order to show you adverts.
Perhaps we should all cancel our Google+ accounts, stating that we do it because:
Not all of us are such sad, trendy, hopeless cases to have signed up for a google+ account in the first place. You want to give all your social network information to a company that makes money by indexing other people's data? Sounds pretty silly to me.
To compare: if Google buys a company, there's a good chance they'll handle the existing userbase reasonably well. If Oracle buys a company, the user base is almost guaranteed to be fucked over.
Oracle are just following their own corporate slogan: 'Maximize profit by herding slaves onto the upgrade treadmill'.
dd conv=ascii <in >out
Wait, so you're into chiropractics and you think think that these are deadly dangerous...
Cool, they're probably fine then. I shall no longer worry about it. Not that I really did anyway.
He is really from the TSAs marketing department trying to make you believe these machines are harmless.
Most likely they are harmless but we can't be totally sure for another 10 years at least.
Don't try to fool me. Everybody knows that chiropractic medicine is quack science, just like global warming or vaccinations for children. The truth is that subluxations are easily cured with a homeopathic bleach solution. And don't get me started on radiation. Just sleep under a crystal pyramid each night like a normal person and you don't have to worry about radiation. Or Thetans.
Don't try to out-looney the resident looney. It won't work.
You are a loony. People will dismiss what you say as lonny babble and may associate your nonsense with the real reasons to avoid the TSAs lightly tested radiation machines.
You do the world a great disservice with your crazy talk.
Project Manager: Did it build?
Developer: Yea, but we haven't even run the thing yet
Project Manager: Ship it!
There doesn't seem to be a mod for '+1 sad but true'.
No. The names are not important but the difference is that anyone sniffing your traffic can't tell you are communicating with a 'station' at all.
Read the article, it's quite interesting and pretty short. It's also quite impossible due to cost and cooperation issues.
The key innovation is that those ISPs are expected to perform deep packet analysis and decryption on every HTTPS connection passing though them.
The costs in router upgrades would be incredible if this is even possible at all.
They even put this punchline on their website:
The main idea behind Telex is to place anticensorship technology into the Internet's core network infrastructure, through cooperation from large ISPs.
BWAHAHAHA!
... though massive expenditure on new equipment by large ISPs ...
BWAHAHAHA Indeed, this can't work.
Oh, right... We can fully expect our friendly ISPs to go along with this nice, convenient fully centralized 'service'... Pleeeze
Worse than that, the ISPs would have to perform deep packet analysis and attempt decryption on every HTTPS connection going though their core routers. Any design that depends on increasing CPU load on core routers by at least an order of magnitude just isn't going to work.
Also the system relies on ISPs, many of them, keeping the magic private key secret from whoever the censor is. That's much too risky to bet your freedom on.
Indeed, in most cases this works... unless the DHCP server is smart enough to know that the re-request came way too early (the Mac still has a lease, and it's still valid several hours...)
What DHCP server behaves in that way? It sounds likely to go wrong.