[LINK] cyberwar and stuxnet
Kim Holburn
kim at holburn.net
Sun Sep 26 10:06:12 AEST 2010
I was just reading about the stuxnet virus. It's interesting for
several reasons.
It was a very professionally built piece of malware.
It had a particular target - Windows systems in Siemen's industrial
control systems. According to some: in particular Iranian nuclear
installations.
It used 4 zero day exploits and that it hid in a signed device
driver. It used certificates stolen from Realtek and JMicron. People
have valued the 4 0day exploits at around a million US.
This is being viewed as a cyber attack from an entity with the
resources of a government.
It highlights two things:
1. The badness of having windows systems in industrial control
networks. Windows was never designed for this. Apparently people are
moving away from this. Most industrial control systems only need a
low resource real-time OS, adding all the functions of windows can
make them dangerously unstable.
2. I wonder about the whole "signed" driver thing. It sounds like
such a good idea until something like this. How can such certificates
be revoked? Do systems check a revocation list when installing a
driver? Do they check afterwards? What would it mean if a computer
discovered its network driver was signed with an invalid certificate?
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list