[LINK] cyberwar and stuxnet

[Kim Holburn]

I was just reading about the stuxnet virus.  It's interesting for  
several reasons.

It was a very professionally built piece of malware.

It had a particular target - Windows systems in Siemen's industrial  
control systems. According to some: in particular Iranian nuclear  
installations.

It used 4 zero day exploits and that it hid in a signed device  
driver.  It used certificates stolen from Realtek and JMicron.  People  
have valued the 4 0day exploits at around a million US.

This is being viewed as a cyber attack from an entity with the  
resources of a government.

It highlights two things:

1. The badness of having windows systems in industrial control  
networks.  Windows was never designed for this.  Apparently people are  
moving away from this.  Most industrial control systems only need a  
low resource real-time OS, adding all the functions of windows can  
make them dangerously unstable.

2. I wonder about the whole "signed" driver thing.  It sounds like  
such a good idea until something like this.  How can such certificates  
be revoked?  Do systems check a revocation list when installing a  
driver?  Do they check afterwards? What would it mean if a computer  
discovered its network driver was signed with an invalid certificate?


-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request