EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.24.10

Who Needs Windows Back Doors When It’s So Insecure?

Posted in Asia, Microsoft, Security, Windows at 3:11 pm by Dr. Roy Schestowitz

Mohammad Mosaddeq

Summary: Stuxnet is allegedly part of a plan to infect computer systems in Iran for political reasons, according to an increasing body of evidence

SO, it’s starting to look like Stuxnet [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] was part of a plot to derail Iran’s nuclear programme [1, 2]. Stuxnet makes use of zero-day Windows vulnerabilities rather than back doors. Will governments finally realise that foreign governments can use Windows against them? Software freedom is essential to one’s autonomy.

The debate about Stuxnet and Iran is only starting. So far we’ve come across the following reports (there are many more):

i. Advanced Computer Worm Was Specifically Designed to Attack Iranian Nuclear Reactor, Experts Say

The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran’s new Bushehr nuclear reactor, cybersecurity experts say. It’s the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.

Researchers studying the worm say it was built by an advanced attacker with plentiful resources — possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

ii. Synchronize Your OpenOffice Documents With Google Docs, Zoho And WebDAV Servers Using Ooo2gd

iii. Microsoft confirms it missed Stuxnet print spooler ‘zero-day’

Contrary to reports, a bug that Microsoft patched last week had been publicly discussed a year and a half ago, security researchers said this week.

Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.

The vulnerability in Windows Print Spooler service was one of four exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.

iv. Stuxnet virus may be aimed at Iran nuclear reactor

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran’s Bushehr nuclear reactor.

That’s the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they’ve broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker, possibly a nation state, and it was designed to destroy something big.

[...]

One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organisational Block 35. This Siemens component monitors critical factory operations, things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery’s centrifuge to malfunction, but it could be used to hit other targets too, Byres said. “The only thing I can say is that it is something designed to go bang,” he said.

Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.

[...]

Now that the Stuxnet attack is public, the industrial control systems industry has come of age in an uncomfortable way. And clearly it will have more things to worry about. “The problem is not Stuxnet. Stuxnet is history,” said Langner. “The problem is the next generation of malware that will follow.”

Any politically-motived Windows worm shows that technology and politics cannot be separated and they come at a high cost to the public (a side effect). Some people point fingers at Israeli hackers.

Malware believed to be targeting Iran’s Bushehr nuclear power plant may have been created by Israeli hackers

[...]

However Graham Cluley, senior consultant with the online security company Sophos, warned against jumping to conclusions about the target of the attack, saying “sensationalist” headlines were “a worry”. Clulely is wary of reports linking Stuxnet with Israel: “It’s very hard to prove 100% who created a piece of malware, unless you are able to gather evidence from the computer they created it on – or if someone admits it, of course.”

But he said that its characteristics did not suggest a lone group. “I think we need to be careful about pointing fingers without proof, and I think it’s more appropriate – if true – to call this a state-sponsored cyber attack rather than cyber terrorism.”

Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.

Should the whole world be flooded with Windows worms just because of political altercations of few nations? Should a better operating system like GNU/Linux be used to mitigate international threats. When does the cyber threat become greater than nuclear threats in an age when everything from food production to energy extraction [1, 2] and travel depends on connected computers? Without energy and transportation, food cannot be grown, cultivated, and delivered; that is where the most fundamental needs can or cannot be met, especially at times of natural disaster or war, so leaving one’s critical systems (that’s almost any system) under Microsoft’s reign is a strategic blunder. Proprietary software is subjected to the sovereignty of its sole maker.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. 'Reform' at the EPO Means Destroying the Staff Union, Crushing Patent Examiners, and Imposing on Europe a System It Does Not Want (UPC)

    The chaotic transition at the EPO -- a transition from something which has been workable to something intolerable -- and the role of the Unitary Patent (UPC), which lurks in the shadows and threatens to harm the whole of Europe



  2. Shakeup Against Patent Parasites in the US and More Rumours/Speculations About USPTO Director Michelle Lee After Trump's Inauguration

    The US patent system is becoming ever more hostile towards patent trolls, owing in part to reforms introduced under Michelle Lee's tenure, but people are still not certain that she will maintain her job and continue to fix the system



  3. EPO Abuses Now Make the Netherlands Look Like a Facilitator of Human/Labour Rights Abuses

    Rather than crack down on human rights abuses, the Dutch government now sends out the signal that it's an island for those wish to violate human rights whilst enjoying immunity (EPO)



  4. Links 20/1/2017: Docker 1.13, Linux 4.4.44 LTS

    Links for the day



  5. “Federal Circuit Had Affirmed on Every Issue in 77.4% of the Patent Trial and Appeal Board Appeals it Had Seen” in 2016

    The Federal Circuit (CAFC) and Patent Trial and Appeal Board (PTAB) continue to squash a lot of patents on software, in contrast to that fake news from patent maximalists



  6. Kudelski Group Not Only Acts Like a Patent Troll But Also Run by Intellectual Ventures Person; Mobile Market in Dire State of Patent Armageddon

    The patent thicket which pervades everything that is used by billions of people, mobile technology in particular, can be traced back to a lot of non-practicing parasites (or patent trolls)



  7. Watchtroll and His Swamp Still Blame Google (Where Michelle Lee Came From) for Improving and Gradually Fixing Aspects of the US Patent System

    Shooting the messengers (even wrongly associating yours truly with Google) in an effort to undermine patent reform when it is so desperately needed due to serious injustices



  8. In an Age of Necessary Patent Reform and Permanent Uncertainty for Software Patents the Patent Microcosm Looks for Workarounds and Spin

    Commentary on the status quo in the Michelle Lee era and some examples of bias from the patent microcosm, as well as news regarding the NFL getting sued by the Kudelski Group



  9. Michelle Lee, USPTO Director, Should Recognise That the Patent Microcosm is Her Enemy Which Hates Her

    The latest outburst from the patent microcosm, which has a temper issue and notorious disdain for judges it does not agree with, is more of what we have come to expect



  10. Battistelli is an Autocrat Above the Law and It's OK, Holland's High Council Says

    Battistelli's autocratic tendencies will not be challenged by Dutch authorities, in spite of sheer condemnation from many groups all across Europe and the entire world



  11. Beware Fake News About the Unitary Patent (UPC)

    The UPC is dead, deadlocked, stuck, in a limbo and so on; those who claim otherwise are merely lobbying (in disguise of "analysis" or "news")



  12. Shame on MapR for Pursuing Software Patents While Pretending to Stand for Free/Open Source Software

    The patents gold rush sees another company joining the 'fun', albeit this company should campaign hard against software patents rather than pursue any



  13. Doomsday Scenario in the Back Mirror as Michelle Lee Keeps Her Job (and Much-Needed Patent Reform) at the USPTO

    The future of patent reform, i.e. tackling overpatenting and patent trolls, looks somewhat more promising with today's confirmation of Lee's 'extended tenure' at the Office



  14. Links 19/1/2017: PulseAudio 10.0, Linux 4.9 Longterm Kernel

    Links for the day



  15. Corporate (Wall Street) Media Agrees That Brexit Dooms the Unitary Patent (UPC)

    The nonstop lies or the fake news about the UPC starting "real soon now" don't quite pass a reality check or a basic assessment based on fundamental concepts, such as the UPC's facilitation of subordination (to Europe) in the United Kingdom



  16. Farce of an 'Independence' for the Boards of Appeal as Another Ally of Benoît Battistelli Enters as Parasite Inside the 'Overseer'/Host

    The latest cluster of lies from the President of the European Patent Office (EPO) and direct refutation of false claims of independence for the Boards of Appeal, where the former Vice-Presidents can flock, just like the Mini Minion (Minnoye) of Battistelli



  17. Links 18/1/2017: Red Hat's OpenShift 3.4, Mozilla's New Logo/Branding

    Links for the day



  18. Union-Busting Action by Team Battistelli Takes Heavy Toll, Techrights Will Continue to Expose EPO Injustices to the World

    The Staff Union of the European Patent Office, SUEPO, which faced unprecedented and probably illegal (based on local laws) attacks, is being weakened by the worst President ever, whose own management team seems to be collapsing along with the institution he is destroying in just a few years



  19. A Lot More Fake News About the UPC, Trying to Convince People That the UK is Ratifying (It's Not, It Cannot)

    Response to some of the latest misleading (self-serving) whispers about the fate of the Unified Patent Court (UPC), which is in a deadlock due to Brexit



  20. Rumours Suggest That EPO Management is Aware of Decline in Patent Quality and is Thus Actively Lying About it to the Media/Public

    Whenever Battistelli brags about patent quality he may be consciously and deliberately lying through his teeth if the latest rumours are correct



  21. Links 17/1/2017: GIMP Plans, New Raspberry Pi Product

    Links for the day



  22. Resumption of EPO Propaganda ('Meet the President') Officially Starts Tomorrow

    Yet another one of these foolish 'Meet the President' stunts, scheduled to take place tomorrow morning



  23. Caricature: Battistelli's New Year's Resolution (More EPO Lies)

    The latest cartoon being circulated within the European Patent Office (EPO)



  24. Donald Trump Gives New Hope to Patent Aggressors and Patent Trolls

    Pessimism about the prospects of patent progress or patent reform in an age of staunchly pro-business Conservatives and glorification of protectionism



  25. More Fake News About the Unified Patent Court (UPC) Based on Lobbying Tactics From Bristows UPC and the Preparatory Committee

    Unified Patent Court (UPC) lobbying has gotten so bad that it now infiltrates general media outlets, where people are asked to just blindly assume that the UPC is coming and is inevitable, even though it's clearly in a limbo and is unlikely to see the light of day



  26. EPO Totally Silent for a Month, But Deep Inside There Are Serious Cracks

    The situation at the EPO seems to be pretty grim, even at the top-level management, and the EPO has gone into permanent silence mode



  27. Links 16/1/2017: Linux 4.10 RC4, Linux Mint 18.1 'Serena' KDE Edition Beta

    Links for the day



  28. 'Financial Director' Publishes Fake News About the Unitary Patent (UPC)

    Response to some of the latest UPC propaganda, which strives to misinform Financial Directors so as to enrich the author and his firm



  29. Independent and Untainted Web Sites About Patents Are Still Few and Rare

    Commentary about news sources that we rely on, as well as the known pitfalls or the vested interests deeply ingrained in them



  30. The 20% Rule: Patent Trolling Suffers Double-Digit Declines and Patent Troll Technicolor is Collapsing

    Significant demise or total catastrophe for the modus operandi (method) of going after companies with a pile of patents and threats of litigation


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts