I've stopped maintaining Stuxnet resource pages recently, but occasionally I come across an article that adds something useful to the mix, or simply summarizes aspects of the Stuxnet story neatly and accurately. Besides, its authors must be feeling a little left out with all that fuss about TDL4. ;-) A recent report in Wired gives
At a time where the West is, generally speaking, not at the top of its game economically, I can see why defence contractors, like anyone else, are anxious to save money, but outsourcing critical systems purely for economic advantage in the hope of submitting the lowest tender is a risky strategy.
Links to two Stuxnet-related stories have been added to the resources page at /2011/01/23/stuxnet-information-and-resources-3/. Kim Zetter, in Wired's "Threat Level" column Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant, summarizes the latest update to Symantec's Threat Dossier. Symantec researchers now believe that Stuxnet targeted five organizations in Iran as staging posts
Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of
How secure is your Social Security Number? If your answer is "Very: I only ever give it to organizations who are entitled to know it", that may not be as safe as it sounds. Of course, there are a couple of fairly generic issues: some legitimate, convenient organizations may ask for it who are, nevertheless,
Sadly, I’m now back in not-so-sunny England, but one of my colleagues forwarded me an item about security breaches reported by healthcare organizations. On January 1st it became mandatory in California for such organizations to report incidents where non-anonymized patient data may be been intentionally or unintentionally disclosed to someone unauthorized. In the first five months,