EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.24.10

Who Needs Windows Back Doors When It’s So Insecure?

Posted in Asia, Microsoft, Security, Windows at 3:11 pm by Dr. Roy Schestowitz

Mohammad Mosaddeq

Summary: Stuxnet is allegedly part of a plan to infect computer systems in Iran for political reasons, according to an increasing body of evidence

SO, it’s starting to look like Stuxnet [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] was part of a plot to derail Iran’s nuclear programme [1, 2]. Stuxnet makes use of zero-day Windows vulnerabilities rather than back doors. Will governments finally realise that foreign governments can use Windows against them? Software freedom is essential to one’s autonomy.

The debate about Stuxnet and Iran is only starting. So far we’ve come across the following reports (there are many more):

i. Advanced Computer Worm Was Specifically Designed to Attack Iranian Nuclear Reactor, Experts Say

The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran’s new Bushehr nuclear reactor, cybersecurity experts say. It’s the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.

Researchers studying the worm say it was built by an advanced attacker with plentiful resources — possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

ii. Synchronize Your OpenOffice Documents With Google Docs, Zoho And WebDAV Servers Using Ooo2gd

iii. Microsoft confirms it missed Stuxnet print spooler ‘zero-day’

Contrary to reports, a bug that Microsoft patched last week had been publicly discussed a year and a half ago, security researchers said this week.

Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.

The vulnerability in Windows Print Spooler service was one of four exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.

iv. Stuxnet virus may be aimed at Iran nuclear reactor

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran’s Bushehr nuclear reactor.

That’s the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they’ve broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker, possibly a nation state, and it was designed to destroy something big.

[...]

One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organisational Block 35. This Siemens component monitors critical factory operations, things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery’s centrifuge to malfunction, but it could be used to hit other targets too, Byres said. “The only thing I can say is that it is something designed to go bang,” he said.

Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.

[...]

Now that the Stuxnet attack is public, the industrial control systems industry has come of age in an uncomfortable way. And clearly it will have more things to worry about. “The problem is not Stuxnet. Stuxnet is history,” said Langner. “The problem is the next generation of malware that will follow.”

Any politically-motived Windows worm shows that technology and politics cannot be separated and they come at a high cost to the public (a side effect). Some people point fingers at Israeli hackers.

Malware believed to be targeting Iran’s Bushehr nuclear power plant may have been created by Israeli hackers

[...]

However Graham Cluley, senior consultant with the online security company Sophos, warned against jumping to conclusions about the target of the attack, saying “sensationalist” headlines were “a worry”. Clulely is wary of reports linking Stuxnet with Israel: “It’s very hard to prove 100% who created a piece of malware, unless you are able to gather evidence from the computer they created it on – or if someone admits it, of course.”

But he said that its characteristics did not suggest a lone group. “I think we need to be careful about pointing fingers without proof, and I think it’s more appropriate – if true – to call this a state-sponsored cyber attack rather than cyber terrorism.”

Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.

Should the whole world be flooded with Windows worms just because of political altercations of few nations? Should a better operating system like GNU/Linux be used to mitigate international threats. When does the cyber threat become greater than nuclear threats in an age when everything from food production to energy extraction [1, 2] and travel depends on connected computers? Without energy and transportation, food cannot be grown, cultivated, and delivered; that is where the most fundamental needs can or cannot be met, especially at times of natural disaster or war, so leaving one’s critical systems (that’s almost any system) under Microsoft’s reign is a strategic blunder. Proprietary software is subjected to the sovereignty of its sole maker.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 26/11/2014: Docker Patched, New DragonFlyBSD

    Links for the day



  2. Message to the Corporate Media: Bill Gates is Not an Ebola Expert

    Brainwash in the corporate media, including media that the Gates Foundation bribes in exchange for sheer bias, paints the super-rich as the solution rather than the problem



  3. US Government Finally Probes Microsoft Over Financial Fraud, Microsoft Then Bullies the Government With a Lawsuit

    Microsoft is finally being investigated -- perhaps properly too -- for its well-known tax abuses that have so far proved that Microsoft is "too big to jail"; Microsoft is suing the investigator, exerting its abusive power to discourage further investigation



  4. Gagging Critics: Micro Focus-Run SUSE Bribes Journalists in Exchange for Positive Coverage

    Amid the takeover by Micro Focus, SUSE pays journahayess (especially critics) who in turn become some kind of advertisements feed of Novell



  5. Links 25/11/2014: Tizen News, Jolla Tablet Past Million

    Links for the day



  6. Links 24/11/2014: Linux 3.18-rc6, Qualcomm Eyes GNU/Linux Servers

    Links for the day



  7. Boycotting Micro Focus International

    Microsoft's "Partner of the Year" is taking over the patron of SUSE and all of Novell's remains, except the patents (Microsoft has already grabbed those)



  8. Vesna Stilin's Remarks on Željko Topić: Part XI

    Vesna Stilin speaks about her confrontation with EPO Vice-President Željko Topić, who has criminal lawsuits against him in Croatia



  9. Links 22/11/2014: Linux Mint 17.1, Ubuntu MATE

    Links for the day



  10. Links 21/11/2014: Problems at Debian, Jolla Tablet

    Links for the day



  11. Links 18/11/2014: Linux 3.18 RC 5, New DigiKam

    Links for the day



  12. Special Report: Many Criminal Charges Against EPO Vice-President Željko Topić

    The abuses of Željko Topić, who has gained notoriety in his home country, are rapidly becoming public knowledge across all of Europe



  13. Links 16/11/2014: Xfdesktop 4.10.3, GNU Hello 2.10

    Links for the day



  14. Microsoft is Going Into the Anti-Whistleblowing Business, Dodges Criticism Over 19-Year Bug Door in Windows

    With Aorato acquisition Microsoft helps protect the criminals (from whistleblowers) and with lies about .NET Microsoft distracts from a bug that has facilitated remote access into Windows (by those in the know) for nearly two decades



  15. Reaffirming Microsoft's Long-Known Hostility Towards Net Neutrality, Microsoft Crashed Juniper

    Steve Ballmer is ranting against net neutrality and Juniper's business is in trouble after a lot of executives from Microsoft took over most top positions there



  16. Another Massive Step Towards Elimination of Software Patents as Even CAFC Rules Against Them

    After SCOTUS gets involved in the Ultramercial case, the CAFC finally decides to actually serve justice rather than dogma



  17. The GOP's Patent Reform Plan Not Effective Enough to Stop Massive Patent Trolls Like Microsoft/Nokia

    The corporations-serving GOP says that it wants a patent reform, but another reminder is needed of the futility of the suggested changes



  18. How the EPO's Executive Branch (Battistelli and Topić) Banned Scrutiny and Created Authoritarian Model of Control: Part X

    A look at highly dubious moves by EPO President Battistelli and his right-hand man Topić, whose abuses are becoming hard to oversee or even report



  19. Links 15/11/2014: Linux Mint 17.1 Release Candidate, Popcorn Time 0.3.5

    Links for the day



  20. IRC Proceedings: October 26th, 2014 – November 8th, 2014

    Many IRC logs



  21. The Terrible Joke Which is Microsoft 'Loving' Linux: Nightmares With UEFI 'Secure' Boot (i.e. Windows Monopoly Imposed) Continue to Affect GNU/Linux Users

    A reminder of Microsoft's sheer hostility towards GNU/Linux and long-reaching sabotage of GNU/Linux installations



  22. Patent Lawyers Worry About Section 101 in 'Alice' (and Other Patent News)

    A quick roundup of news of interest regarding software patents



  23. Will Write for FUD (Against FOSS)

    Black Duck rears its ugly head again, serving to show that it is in the business of changing perceptions and not in the information or analysis business



  24. Debunking Several Days of Never-Ending Lies About Microsoft and .NET

    .NET is not "Open Source", it cannot be forked (there remains patent threat), Visual Studio is still completely proprietary and it is expected to come to other platforms only because Windows has lost its dominance and Microsoft wants to perpetually control APIs (with software patents) and hence reign over developers



  25. Links 14/11/2014: LibreOffice 4.3.4, Ads Now in Firefox

    Links for the day



  26. Links 14/11/2014: GNOME 3.14.2, PulseAudio 6.0

    Links for the day



  27. Microsoft Windows is Still Designed as a Paradise of Back Doors, Intrusion, Wiretaps, and Interception

    At many levels -- from communication to storage and encryption -- Windows is designed for the very opposite of security



  28. Forget the FUD About Bash and OpenSSL, Microsoft Windows Blamed for Massive Credit Cards Heist

    Home Depot learns its lesson from a Microsoft Windows disaster, but it stays with proprietary software rather than move to software that is actively audited by many people and is inherently better maintained (Free/libre software)



  29. Windows 'Update' and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

    The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)



  30. Revealed: Microsoft is Trying to Corrupt the UK in Order to Eliminate Its OpenDocument Format-Oriented Standards Policy

    Microsoft interference with Britain's preference for ODF is now confirmed, thanks to a valuable news report from Computer Weekly; OOXML lock-in is being unleashed by Microsoft on Android users


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts