EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.24.10

Who Needs Windows Back Doors When It’s So Insecure?

Posted in Asia, Microsoft, Security, Windows at 3:11 pm by Dr. Roy Schestowitz

Mohammad Mosaddeq

Summary: Stuxnet is allegedly part of a plan to infect computer systems in Iran for political reasons, according to an increasing body of evidence

SO, it’s starting to look like Stuxnet [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] was part of a plot to derail Iran’s nuclear programme [1, 2]. Stuxnet makes use of zero-day Windows vulnerabilities rather than back doors. Will governments finally realise that foreign governments can use Windows against them? Software freedom is essential to one’s autonomy.

The debate about Stuxnet and Iran is only starting. So far we’ve come across the following reports (there are many more):

i. Advanced Computer Worm Was Specifically Designed to Attack Iranian Nuclear Reactor, Experts Say

The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran’s new Bushehr nuclear reactor, cybersecurity experts say. It’s the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.

Researchers studying the worm say it was built by an advanced attacker with plentiful resources — possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

ii. Synchronize Your OpenOffice Documents With Google Docs, Zoho And WebDAV Servers Using Ooo2gd

iii. Microsoft confirms it missed Stuxnet print spooler ‘zero-day’

Contrary to reports, a bug that Microsoft patched last week had been publicly discussed a year and a half ago, security researchers said this week.

Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.

The vulnerability in Windows Print Spooler service was one of four exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.

iv. Stuxnet virus may be aimed at Iran nuclear reactor

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran’s Bushehr nuclear reactor.

That’s the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they’ve broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker, possibly a nation state, and it was designed to destroy something big.

[...]

One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organisational Block 35. This Siemens component monitors critical factory operations, things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery’s centrifuge to malfunction, but it could be used to hit other targets too, Byres said. “The only thing I can say is that it is something designed to go bang,” he said.

Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.

[...]

Now that the Stuxnet attack is public, the industrial control systems industry has come of age in an uncomfortable way. And clearly it will have more things to worry about. “The problem is not Stuxnet. Stuxnet is history,” said Langner. “The problem is the next generation of malware that will follow.”

Any politically-motived Windows worm shows that technology and politics cannot be separated and they come at a high cost to the public (a side effect). Some people point fingers at Israeli hackers.

Malware believed to be targeting Iran’s Bushehr nuclear power plant may have been created by Israeli hackers

[...]

However Graham Cluley, senior consultant with the online security company Sophos, warned against jumping to conclusions about the target of the attack, saying “sensationalist” headlines were “a worry”. Clulely is wary of reports linking Stuxnet with Israel: “It’s very hard to prove 100% who created a piece of malware, unless you are able to gather evidence from the computer they created it on – or if someone admits it, of course.”

But he said that its characteristics did not suggest a lone group. “I think we need to be careful about pointing fingers without proof, and I think it’s more appropriate – if true – to call this a state-sponsored cyber attack rather than cyber terrorism.”

Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.

Should the whole world be flooded with Windows worms just because of political altercations of few nations? Should a better operating system like GNU/Linux be used to mitigate international threats. When does the cyber threat become greater than nuclear threats in an age when everything from food production to energy extraction [1, 2] and travel depends on connected computers? Without energy and transportation, food cannot be grown, cultivated, and delivered; that is where the most fundamental needs can or cannot be met, especially at times of natural disaster or war, so leaving one’s critical systems (that’s almost any system) under Microsoft’s reign is a strategic blunder. Proprietary software is subjected to the sovereignty of its sole maker.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Further Attacks on EPO Staff and the Appeal Boards; Former EPO Boards of Appeal Member Speaks About EPO Scandals

    In the process of devaluing EPO workers and perhaps preparing them for a large round of layoffs information is also revealed about further repressions against the independence of the Boards of Appeal



  2. End of the UPC Lobby and Withdrawal of UPCA May Seem Imminent

    The Unitary Patent fantasy (of mass litigation firms) is coming to an end; in fact, the German government and courts (Bundesverfassungsgericht to be specific) now deem the complaint to be admissible and thus likely legitimate in spite of many attempts to shoot it down



  3. EPO's Board 28 Spikes Article 53 in CA/3/18, Apparently After Battistelli Withdrew It

    The latest plot twist, as odd as that may seem, is that the attack on the rights of thousands of workers (many of whom are rumoured to be on their way out) is curtailed somewhat, at least for the time being



  4. Links 21/2/2018: Apper 1.0, New Fedora ISOs

    Links for the day



  5. Rumour: European Patent Office to Lay Off a Significant Proportion of Its Workforce

    While the Administrative Council of the EPO praises Battistelli for his financial accomplishments (as laughable as it may seem) a lot of families stuck in a foreign country may soon see their breadwinner unemployed, according to rumours



  6. The Patent Trolls' Lobby, Bristows and IAM Among Others, Downplays Darts-IP/IP2Innovate Report About Rising If Not Soaring Troll Activity in Europe

    Exactly like last year, as soon as IP2Innovate opens its mouth Bristows and IAM go into "attack dog" mode and promote the UPC, deny the existence or seriousness of patent trolls, and promote their nefarious, trolls-funded agenda



  7. Links 20/2/2018: Mesa 17.3.5, Qt 5.11 Alpha, Absolute 15.0 Beta 4, Sailfish OS 2.1.4 E.A., SuiteCRM 7.10

    Links for the day



  8. Replacing Patent Sharks/Trolls and the Patent Mafia With 'Icons' Like Thomas Edison

    The popular perceptions of patents and the sobering reality of what patents (more so nowadays) mean to actual inventors who aren't associated with global behemoths such as IBM or Siemens



  9. The Patent Trolls' Lobby is Distorting the Record of CAFC on PTAB

    The Court of Appeals for the Federal Circuit (CAFC), which deals with appeals from PTAB, has been issuing many decisions in favour of § 101, but those aren't being talked about or emphasised by the patent 'industry'



  10. Japan Demonstrates Sanity on SEP Policy While US Patent Policy is Influenced by Lobbyists

    Japan's commendable response to a classic pattern of patent misuse; US patent policy is still being subjected to never-ending intervention and there is now a lobbyist in charge of antitrust matters and a lawyer in charge of the US patent office (both Trump appointees)



  11. The Patent Microcosm's Embrace of Buzzwords and False Marketing Strives to Make Patent Examiners Redundant and Patent Quality Extremely Low

    Patent maximalists, who are profiting from abundance of low-quality patents (and frivolous lawsuits/legal threats these can entail), are riding the hype wave and participating in the rush to put patent systems at the hands of machines



  12. Today, at 12:30 CET, Bavarian State Parliament Will Speak About EPO Abuses (Updated)

    The politicians of Bavaria are prepared to wrestle with some serious questions about the illegality of the EPO's actions and what that may mean to constitutional aspects of German law



  13. Another Loud Warning From EPO Workers About the Decline of Patent Quality

    Yet more patent quality warnings are being issued by EPO insiders (examiners) who are seeing their senior colleagues vanishing and wonder what will be left of their employer



  14. Links 19/2/2018: Linux 4.16 RC2, Nintendo Switch Now Full-fledged GNU/Linux

    Links for the day



  15. PTAB Continues to Invalidate a Lot of Software Patents and to Stop Patent Examiners From Issuing Them

    Erasure of software patents by the Patent Trial and Appeal Board (PTAB) carries on unabated in spite of attempts to cause controversy and disdain towards PTAB



  16. The Patent 'Industry' Likes to Mention Berkheimer and Aatrix to Give the Mere Impression of Section 101/Alice Weakness

    Contrary to what patent maximalists keep saying about Berkheimer and Aatrix (two decisions of the Federal Circuit from earlier this month, both dealing with Alice-type challenges), neither actually changed anything in any substantial way



  17. Makan Delrahim is Wrong; Patents Are a Major Antitrust Problem, Sometimes Disguised Using Trolls Somewhere Like the Eastern District of Texas

    Debates and open disagreements over the stance of the lobbyist who is the current United States Assistant Attorney General for the Antitrust Division



  18. Patent Trolls Watch: Microsoft-Connected Intellectual Ventures, Finjan, and Rumour of Technicolor-InterDigital Buyout

    Connections between various patent trolls and some patent troll statistics which have been circulated lately



  19. Software Patents Trickle in After § 101/Alice, But Courts Would Not Honour Them Anyway

    The dawn of § 101/Alice, which in principle eliminates almost every software patent, means that applicants find themselves having to utilise loopholes to fool examiners, but that's unlikely to impress judges (if they ever come to assessing these patents)



  20. In Aatrix v Green Shades the Court is Not Tolerating Software Patents But Merely Inquires/Wonders Whether the Patents at Hand Are Abstract

    Aatrix alleges patent infringement by Green Shades, but whether the patents at hand are abstract or not remains to be seen; this is not what patent maximalists claim it to be ("A Valentine for Software Patent Owners" or "valentine for patentee")



  21. An Indoctrinated Minority is Maintaining the Illusion That Patent Policy is to Blame for All or Most Problems of the United States

    The zealots who want to patent everything under the Sun and sue everyone under the Sun blame nations in the east (where the Sun rises) for all their misfortunes; this has reached somewhat ludicrous levels



  22. Berkheimer Decision is Still Being Spun by the Anti-Section 101/Alice Lobby

    12 days after Berkheimer v HP Inc. the patent maximalists continue to paint this decision as a game changer with regards to patent scope; the reality, however, is that this decision will soon be forgotten about and will have no substantial effect on either PTAB or Alice (because it's about neither of these)



  23. Academic Patent Immunity is Laughable and Academics Are Influenced by Corporate Money (for Steering Patent Agenda)

    Universities appear to have become battlegrounds in the war between practicing entities and a bunch of parasites who make a living out of litigation and patent bubbles



  24. UPC Optimism Languishes Even Among Paid UPC Propagandists Such as IAM

    Even voices which are attempting to give UPC momentum that it clearly lacks admit that things aren't looking well; the UK is not ratifying and Germany make take years to look into constitutional barriers



  25. Bejin Bieneman Props Up the Disgraced Randall Rader for Litigation Agenda

    Randall Rader keeps hanging out with the litigation 'industry' -- the very same 'industry' which he served in a closeted fashion when he was Chief Judge of the Federal Circuit (and vocal proponent of software patents, patent trolls and so on)



  26. With Stambler v Mastercard, Patent Maximalists Are Hoping to Prop Up Software Patents and Damage PTAB

    The patent 'industry' is hoping to persuade the highest US court to weaken the Patent Trial and Appeal Board (PTAB), for PTAB is making patent lawsuits a lot harder and raises the threshold for patent eligibility



  27. Apple Discovers That Its Patent Disputes Are a Losing Battle Which Only Lawyers Win (Profit From)

    By pouring a lot of money and energy into the 'litigation card' Apple lost focus and it's also losing some key cases, as its patents are simply not strong enough



  28. The Patent Microcosm Takes Berkheimer v HP Out of Context to Pretend PTAB Disregards Fact-Finding Process

    In view or in light of a recent decision (excerpt above), patent maximalists who are afraid of the Patent Trial and Appeal Board (PTAB) try to paint it as inherently unjust and uncaring for facts



  29. Microsoft Has Left RPX, But RPX Now Pays a Microsoft Patent Troll, Intellectual Ventures

    The patent/litigation arms race keeps getting a little more complicated, as the 'arms' are being passed around to new and old entities that do nothing but shake-downs



  30. UPC Has Done Nothing for Europe Except Destruction of the EPO and Imminent Layoffs Due to Lack of Applications and Lowered Value of European Patents

    The Unified Patent Court (UPC) is merely a distant dream or a fantasy for litigators; to everyone else the UPC lobby has done nothing but damage, including potentially irreparable damage to the European Patent Office, which is declining very sharply


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts