EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.24.10

Who Needs Windows Back Doors When It’s So Insecure?

Posted in Asia, Microsoft, Security, Windows at 3:11 pm by Dr. Roy Schestowitz

Mohammad Mosaddeq

Summary: Stuxnet is allegedly part of a plan to infect computer systems in Iran for political reasons, according to an increasing body of evidence

SO, it’s starting to look like Stuxnet [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] was part of a plot to derail Iran’s nuclear programme [1, 2]. Stuxnet makes use of zero-day Windows vulnerabilities rather than back doors. Will governments finally realise that foreign governments can use Windows against them? Software freedom is essential to one’s autonomy.

The debate about Stuxnet and Iran is only starting. So far we’ve come across the following reports (there are many more):

i. Advanced Computer Worm Was Specifically Designed to Attack Iranian Nuclear Reactor, Experts Say

The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran’s new Bushehr nuclear reactor, cybersecurity experts say. It’s the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.

Researchers studying the worm say it was built by an advanced attacker with plentiful resources — possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

ii. Synchronize Your OpenOffice Documents With Google Docs, Zoho And WebDAV Servers Using Ooo2gd

iii. Microsoft confirms it missed Stuxnet print spooler ‘zero-day’

Contrary to reports, a bug that Microsoft patched last week had been publicly discussed a year and a half ago, security researchers said this week.

Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.

The vulnerability in Windows Print Spooler service was one of four exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.

iv. Stuxnet virus may be aimed at Iran nuclear reactor

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran’s Bushehr nuclear reactor.

That’s the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they’ve broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker, possibly a nation state, and it was designed to destroy something big.

[...]

One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organisational Block 35. This Siemens component monitors critical factory operations, things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery’s centrifuge to malfunction, but it could be used to hit other targets too, Byres said. “The only thing I can say is that it is something designed to go bang,” he said.

Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.

[...]

Now that the Stuxnet attack is public, the industrial control systems industry has come of age in an uncomfortable way. And clearly it will have more things to worry about. “The problem is not Stuxnet. Stuxnet is history,” said Langner. “The problem is the next generation of malware that will follow.”

Any politically-motived Windows worm shows that technology and politics cannot be separated and they come at a high cost to the public (a side effect). Some people point fingers at Israeli hackers.

Malware believed to be targeting Iran’s Bushehr nuclear power plant may have been created by Israeli hackers

[...]

However Graham Cluley, senior consultant with the online security company Sophos, warned against jumping to conclusions about the target of the attack, saying “sensationalist” headlines were “a worry”. Clulely is wary of reports linking Stuxnet with Israel: “It’s very hard to prove 100% who created a piece of malware, unless you are able to gather evidence from the computer they created it on – or if someone admits it, of course.”

But he said that its characteristics did not suggest a lone group. “I think we need to be careful about pointing fingers without proof, and I think it’s more appropriate – if true – to call this a state-sponsored cyber attack rather than cyber terrorism.”

Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.

Should the whole world be flooded with Windows worms just because of political altercations of few nations? Should a better operating system like GNU/Linux be used to mitigate international threats. When does the cyber threat become greater than nuclear threats in an age when everything from food production to energy extraction [1, 2] and travel depends on connected computers? Without energy and transportation, food cannot be grown, cultivated, and delivered; that is where the most fundamental needs can or cannot be met, especially at times of natural disaster or war, so leaving one’s critical systems (that’s almost any system) under Microsoft’s reign is a strategic blunder. Proprietary software is subjected to the sovereignty of its sole maker.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. In Lawyerland, Simulated UPC 'Trials' and More Extraordinary EPO Propaganda for Change That Would Harm Europe to Help Patent Lawyers and Their Big Clients

    A look at the latest wave of lobbying for the Unitary Patent Court (UPC), courtesy of patent lawyers who profit from patent disputes, and the utterly shameless marketing from the European Patent Office (EPO)



  2. Apple and Microsoft Cannot Keep Up With Android (Linux), More Layoffs Reported

    Having failed to grow (in the operating systems market share sense), proprietary software giants lose loyalty, try to attack the winner (Android/Linux) with software patents, and inevitably make their staff redundant



  3. Links 12/2/2016: Russian's Government With GNU/Linux, India's Wants FOSS

    Links for the day



  4. New EPO Protests Amid Nervous Breakdowns of Spanish EPO Employee (After Institutional Bullying by Battistelli's Goons), Spain Rejects the Unitary Patent (UPC)

    In the face of enormous pressure from non-technical Eurocrats like Battistelli, Spain remains strong and resists the Unitary Patent Court (UPC), which puts more power in the hands of an abusive body that grossly discriminates against Spaniards



  5. Only Half a Dozen Cuban Patents Filed at EPO, But Hugely Unpopular Battistelli Goes to Cuba to Garner Cheap Support

    Now that Spain is antagonising the EPO (and especially the UPC) the President of the EPO helps create some puff pieces in Spanish as he visits Cuba and neighbouring Spanish-speaking nations which are historically renowned for defunct governance and lawlessness (like the EPO itself)



  6. Nepotismo de la UPC, Abusos Políticos, y el Envolvimiento en la UPC de la Firma ¨Legal¨ que la OEP Contrato para Matonear a Techrights

    La Corte Unitaria de Patentes UPC, un sistema arregaldo esta siendo embestida por la gargant de Europa por la OEP. (Nos están metiendo la yuca). Sus grandes clientes (incluso extranjeros), con sus abogados de patentes para que todo el mundo los vea.



  7. Miembro del Parlamente Europe Resalta ¨Las Continuas Violaciones de los Fundamentales Derechos de los Empleados de la OEP¨

    Pregunta a la Comisión Europea de parte de la MEP Portuguesa Ana Gomes, publicado en el sitio del Parlamente Europeo.



  8. Links 11/2/2016: LibreOffice 5.1, HMRC and FOSS

    Links for the day



  9. Microsoft Continues to Use Software Patents to Extort/Blackmail Even More Companies That Use Linux, Forcing/Coercing Them Into Preinstalling Microsoft

    Acer is the latest large OEM to have become a victim of Microsoft's witch-hunt against Android/Linux preloaders, whom Microsoft is coercing into becoming Microsoft's carriers (or face litigation over software patents, with high legal fees if not injunctions or high damages upon secret settlements)



  10. EPO Brain Drain (Even Directors Fed Up With Team Battistelli) and Rumours About Battistelli Becoming President of the UPC

    Words heard through the grapevine of the European Patent Office (EPO), where staff is overwhelmingly against the managers and some people, including high-profile staff, add to the exodus



  11. More Than 20 Years in the Line: European Patent Office and Claims of European Convention on Human Rights Infringement Against Applicants/Stakeholders

    Gross incompetence and potentially an infringement of the European Convention on Human Rights at the European Patent Office (EPO), this time impacting an applicant (one of many in a similar position)



  12. UPC Nepotism, Political Abuses, and UPC Involvement From the Legal Firm That EPO Hired to Bully Techrights

    The Unitary Patent Court (UPC), a rigged system that is being rammed down Europe's throat by the EPO, its big clients (even foreign), and their patent lawyers laid bear for people to see



  13. Member of European Parliament Brings Up “Ongoing Violations of the Fundamental and Employment Rights of the Staff of EPO”

    Question to the European Commission from Portuguese MEP Ana Gomes, as published in the site of the European Parliament



  14. La Oficina Europea de Patentes Pretende que No Pasa Nada y Prepara una Feria de Vanidad

    La estrategia de relaciones públicas de la OEP cuya destructiva estrategia de patentes continua sin disminución (por ahora), se engancha en Colombia y se esfuerza en manufacturar el mito donde el público, examinadores de patentes, y aplicantes de patentes todos estan muy felices con la OEP.



  15. La ‘Internacional’ Commisión de Comercio Impone/Reenfuerza Patentes de Software para Establecer Otro Embargo

    La Comisión Internacional (sic) de Comercio se esta entrometiendo en competición de nuevo permitiendo a un gigante de los Estados Unidos Ciso en este caso, a potencialmente bloquear rivales (no importaciones del extranjero) usando patentes de software.



  16. Links 9/2/2016: Linux in Robotics, Hyperledger Project

    Links for the day



  17. Besieged Benoît Battistelli Mimics 'Damage Control' Tactics of FIFA or Blatter as More Judges Start Getting Involved in EPO Scandals

    Rumours and a new rant from Battistelli reinforce suspicions that actions are being organised behind the scenes, possibly as part of an upcoming, high-level campaign to unseat/dethrone Battistelli, who has become a reputational disaster to the European Patent Office (EPO), much like Sepp Blatter at FIFA



  18. Several Political Parties Directly Challenge the European Patent Office for Ignoring the Law, Not Obeying Court Orders

    Politicians make it crystal clear that the EPO, despite its unique status, cannot just raise its nose at the rulings of courts of law, definitely not in Dutch territory where the EPO operates



  19. Even the Legal Community is Upset at Benoît Battistelli for the Damage He Did to the EPO

    A recent article from lawyers' media (in German) speaks of the great damage (or mess) left by its current president, who has become somewhat of a laughing stock and growingly synonymous with farcical trials even in the circles of stakeholders, not just his own staff



  20. EPO Union (SUEPO) Getting Busted: “More and More People are Joining the Union, but Fewer and Fewer People Dare to Take on Leading Positions There.”

    The union-busting actions taken by EPO management in collaboration with Control Risks (for weak accusations against staff representatives) and FTI Consulting (for 'damage control') as described in a recent article, in the words of SUEPO lawyer Liesbeth Zegveld



  21. Microsoft's Copyrights- and Patents-Based Attacks on GNU/Linux Carry on

    The SCO case is still going on and Microsoft has just signed a patent deal with GoPro over its FOSS-based software, relating to “certain file storage and other system technologies”



  22. The EPO's Benoît Battistelli is the Dictator Who Can No Longer Dictate Like He Used to

    The European Patent Office's mechanism of oversight is starting to work just a little because, based on a new report from Juve, Battistelli is now reluctant to make proposals that would prove unpopular among delegates



  23. La Más Detallada Explicación (hasta ahora) de ¿Qué esta mal con la OEP?

    La insistencia de la OEP que permanece arriba de la ley no sólo est bajo fuego en los medios pero también esta siendo desafiada basado en personas familiares con la aplicabilidad de la ley a organizaciones internacionales.



  24. Links 8/2/2016: Vista 10 Nags Help GNU/Linux, Nautilus Updated

    Links for the day



  25. The European Patent Office “is Acting as Though the Law Does Not Apply to It.”

    An article from Nieuwsuur which provides the words of Liesbeth Zegveld (for SUEPO) and Guillaume Minnoye (for the European Patent Office), reaffirming the EPO's bizarre notion that it is above the law, even in the face of human rights violations and a court ruling against the EPO



  26. Microsoft-Connected FRAND Lobbying (Software Patents Against Free/Open Source Software) in Brussels

    Anti-Free/Open Source software (FOSS) talking points and FRAND (anti-FOSS) lobbying groups in Brussels as seen by proponents of FRAND, who also worked for Microsoft



  27. Latest Propaganda From the EPO's Management an Effort to Make the EPO the Tool of Megacorporations

    A quick roundup of some of the latest spin and paid-for (bought) coverage that helps introduce a distorted patent system whose beneficiaries are not European (or even people)



  28. 'Aversion to Change' Propaganda From the EPO Echoes or Parrots Lenin and Stalin

    The out-of-control EPO management is trying to fool the media by blaming staff representatives for getting fired, simply because they stood up to a highly abusive and megalomaniacal dictator



  29. The Gates Foundation Subjected to Criticism, But Over a Decade Too Late

    Reckoning and accepting the fact that even some in the media now openly speak about Bill Gates' corrupting influence in everything, including politics



  30. Links 8/2/2016: Zenwalk 8.0 Beta 2, Q4OS 1.4.7

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts