search result

There’s Passwording and there’s Security

Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of

It Wasn’t an Army

As I mentioned in a previous blog, Wired Magazine reported it would take a Nation State to pull off a takedown of the electric grid. Actually, Mother Nature, back hoes, and potentially a worm have had major impacts in the past, but the recent use of the LNK file vulnerability shows it doesn’t take the

(Windows) Shellshocked, Or Why Win32/Stuxnet Sux…

…But that doesn’t mean that this particular attack is going to vanish any time soon, AV detection notwithstanding. Now that particular vulnerability is known, it’s certainly going to be exploited by other parties, at least until Microsoft produce an effective fix for it, and it will affect some end users long after that…

Stuxnet Information and Resources (2)

[Update 23rd January 2011: volume 3 of this resource has just kicked off at /2011/01/23/stuxnet-information-and-resources-3/: volume 1 is at /2011/01/03/stuxnet-information-and-resources/.] @imaguid microblogged today about his annoyance at "the analysts and journalists who breathlessly fawn over #stuxnet", and suggested that we call it even. I hope he won't think I'm fawning by maintaining resource lists in

From sci-fi to Stuxnet: exploding gas pipelines and the Farewell Dossier

In researching today’s SC Magazine Cybercrime Corner article “From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier”, I came across this ‘Damn Interesting’ article which showcases the successful cyberwarfare compromise of a SCADA / pipeline control system nearly thirty years ago, an event which I had heard stories about in Navy circles but

Iran Admits Stuxnet Infected Its Nuclear Power Plant

While the defining research on the Stuxnet topic doesn’t go this far, Forbes writer Trevor Butterworth went out on a limb to name names along with detailing the warfare aspects: As I noted last week – and as the news media have only begun to grasp – Stuxnet represents  a conceptual change in the history

Top Ten of Top Tens

Well, not exactly, though actually a top ten of top tens isn't a bad idea: apparently, top tens usually attract plenty of readers.  As do top fives. twenties etc, though probably not top thirteens. Security Memes a Lot to Me Still, there is a touch of recursion to this post. I got a notification from

From Megatons to Megapings: Cyberwarfare

A bit of news this week dealt with Cyberwarfare. Far from becoming part of the tinfoil hat crowd, cyberwarfare has been growing in real world relevance in the past eighteen months and is the primary impetus for pending legislation. While in the Cold War, detente could be measured in the megatonnage of nuclear weapons, the

There’s a Trojan in my Fuse Box

Well, hopefully my power sockets are not leaking computer viruses and keyloggers, but who knows? Quite a few news outlets have picked up on a story in the Wall Street Journal claiming that spies from China and Russia have "penetrated the U.S. electrical grid". Scary… A little too scary and not enough detail to convince some

Stuxnet Part Umpteen

I notice there’s a flurry of articles around the “Stuxnet anniversary” and “After Stuxnet” themes…

Stuxnet: Cyberwarfare’s Universal Adaptor?

Now that cyberwarfare is out of the bottle, will anyone agree to not use it? In the summer of 1945 in New Mexico, the Trinity test gave rise to the term ground zero. Could Stuxnet may be measured as a definitive ground zero in cyberwarfare comparable to Trinity? Concerning Stuxnet’s latest rise in China, David

Stuxnet the Inscrutable

This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel.

Assessing Intent

There have been recent articles with fantastic titles such as “New threat: Hackers look to take over power plants” and “Hackers Target Power Plants and Physical Systems” in the wake of the Stuxnet worm that targeted certain industrial control systems (ICS). The reality is that hackers targeting ICS is nothing new. I am not clear

ESET predictions and trends for cybercrime in 2016

It’s that time of the year when the information security industry takes part in its annual tradition: coming up with cybercrime predictions and trends for the next 12 months.

Internet Kill Switch – Armageddon Will Have To Wait

In recent months there has been a lot of discussion in the US about an Internet kill switch. The real idea behind the kill switch is not to protect the infrastructure as claimed, but rather for political control such as has been recently observed in Egypt and other countries. Proponents of the Internet kill switch

Bricking your cell phone: Mayhem on a Massive Scale

What would happen if every single one of the four BILLION cell phones on this planet just went dark? Or most likely, what would happen if every single cell phone went dark in one country? One scenario is a combined DoS attack on the internet was combined with a DoS attack on the cellular phone infrastructure at the same time.

Siemens-branded CCTV webcams require urgent firmware patch

Your business’s CCTV camera could be coughing up your admin passwords. Patch now, or regret later.

Infrastructure attacks: The next generation

ESET’s David Harley revisits the Stuxnet phenomenon: How has the way we see the malware and its impact changed?

BlackEnergy trojan strikes again: Attacks Ukrainian electric power industry

The recent attacks on the electrical power industry in Ukraine are connected to attacks on the media and to targeted cyber-espionage attacks against Ukrainian governmental agencies.

Cybersecurity and commitment: issues in the fight against cybercrime

Cybersecurity and cybercrime are a hot political topic in America these days, but a history of ignoring warning signs suggests a lack of commitment to acting on the rhetoric.

Copyright © 2017 ESET, All Rights Reserved.