A short comment piece on how Facebook memetic games could be used in a data aggregation attack.

Security can’t be purely the responsibility of the government, the police, the security industry, the ISPs, the public sector, private industry, or any permutation thereof.

I have a theory that says improving information system security–the security of our operating systems, network connections, and applications–just means the bad guys will focus more attention on our endpoints, the digital devices we use to access the information and systems we need to do our work. Furthermore, as we improve endpoint security technology, the

Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database. One aspect that’s attracted attention on specialist lists is the mention of a large US power company

Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945…

Added to the Stuxnet resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011: Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher. As previously mentioned at http://blog.eset.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!) David Harley CITP FBCS CISSP ESET Senior Research Fellow

Some extra resources: J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see http://blog.eset.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I

A few more developments in the Never-Ending Story: Michael Joseph Gross on A Declaration of Cyber War in Vanity Fair. Despite a somewhat breathless tone in the introduction – "the world’s top software-security experts were panicked by the discovery of a drone-like computer virus" (where's my Valium?!) – actually a comprehensive and largely accurate account. It

Links added today to the Stuxnet resources page…

…the conclusion does support what does appear to be the official Iranian line that this was an attack against Iranian nuclear operations, but that it wasn’t successful…