[Extra link and commentary added 26th September 2011; extra link added 27th September]
I notice there's a flurry of articles around the "Stuxnet anniversary" and "After Stuxnet" themes. Some of them are even interesting, if not always for the right reasons…
I'll be back to this, though probably not today. Watch this space.
In fact, the interview with Langner is, if a little deferential, not way off-beam. I was asked about Stuxnet, oddly enough – well, maybe not that oddly – in an interview over the weekend, and while I won't "spoil" the interview by repeating what I said (briefly) there, it wasn't too different to Langner's position. The problem isn't going to be identikit Stuxnet code, but the fact that most of the assumptions about the air gap between critical systems and the world of Internet attacks are unsafe.
And not directly connected, but not irrelevant either: I was unable to attend Joe Weiss's recent ACS conference, but this gives some of the flavour of what I (and probably you) missed.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, ESET