Bonum Certa Men Certa

Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran's Nuclear Facilities

Sadeh fire festival



Summary: Some of the latest security news which affects only Windows users (or people whom Windows is using)

HERE are some security news picks from the past week.



MSBBC



Not a week goes by without some BBC propaganda such as this. Since many former Microsoft UK employees took leading positions in the BBC, new articles like this neglect to mention major facts like the scary story only referring to Windows and not computers by and large (BBC Click is encouraging similar narrow-mindedness right now).

"BBC's usual high standards: no mention of MS Windows," wrote Glyn Moody in response to it. Gordon from TechBytes wrote: "Yet another Windows only story "forgetting" to mention either "Microsoft" or "Windows" #fail !BBC" (he claims to have had a "deja-vu, found another the other day").

Ask the BBC to call out Windows and thus inform the public. "Computer" is not the same as "Microsoft Windows" and taxpayers who fund the BBC deserve to know this.

The rest of the security news is tediously repetitive (yet new), so we just add it below categorised.

Rootkit



i. More Layers, Please

M$ has put many coats of paint on the old barn to secure that other OS but the malware writers have discovered a way to alter the MBR data so that rebooting turns off some of the layers of protection. The result is rootkits on the beloved 64bit “7″. Fortunately, our 64bit machines run Debian GNU/Linux. You need physical access to the machine or root access to alter the MBR with GNU/Linux. That other OS provides the tools by default… The modifications to UAC after the Vista fiasco opened the door to this rootkit. Malware artists have been going through this door since August.


ii. Rootkit able to bypass kernel protection and driver signing in 64-bit Windows

The 64-bit version of the Alureon rootkit / bot is able to bypass the special security features included in the 64-bit versions of Windows 7 and Vista and insert itself into the system. The tricks used have been known about in theory for several years, but until recently had not been used by malware in the wild. The 32-bit version of Alureon made headlines early this year, when the installation of a Microsoft patch left many systems unable to boot. The problem was caused by the previously unnoticed presence of the rootkit, which the patch effectively unmasked.

The 64-bit version of Alureon (aka. TDL) deactivates checks for driver signing and, even during the boot process, reroutes specific API calls in order to bypass the kernel's PatchGuard mechanism. Driver signing is intended to ensure that Windows only loads drivers from known vendors. PatchGuard is intended to protect the operating system kernel from being modified by malicious code.


Stuxnet



i. Stuxnet has a double payload

According to the latest analysis, Stuxnet is aimed not at disrupting a single system, but at two different systems. According to control systems security firm Langner Communications, the worm is not just designed to interfere with specific, variable frequency, motor control systems – it also attempts to disrupt turbine control systems. According to Langner, this would mean that, in addition to Iran's uranium enrichment plant at Natanz, the country's Bushehr nuclear power plant may have been a further target of the Stuxnet attack.

Specialists have been puzzling over the worm's target for several weeks, with early rumours circulating that it was aimed at sabotaging Natanz or Bushehr. However, no-one initially suspected that its aim was to sabotage both plants, although clues that this might be the case have been emerging for some time. Stuxnet attacks Siemens control system types S7-300 (315) and S7-400 (417). The attack modules appear to have been created using different tools – probably even by different teams.

The code for the S7-417 system – used in the turbine control systems at Bushehr – is reported to be much more sophisticated than that for the S7-315 system. The code carries out what amounts to a man-in-the-middle attack in order to pass fake input and output values to the genuine plant control code. User code running on a programmable logic controller (PLC) does not usually query I / O ports directly, but instead reads from an input process image and writes to an output process image. Mapping of physical ports to logical ports is intended to ensure that I / O values do not change during processing cycles.


ii. Stuxnet virus could target many industries (from AP, copyright maximalist and fair use squasher)

A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, government officials and experts said Wednesday.

They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer.


iii. Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment

"Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."


iv. Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage

The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.

Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

“There’s only a limited number of circumstances where you would want something to spin that quickly -– such as in uranium enrichment,” said O Murchu. “I imagine there are not too many countries outside of Iran that are using an Iranian device. I can’t imagine any facility in the U.S. using an Iranian device,” he added.


More links about Stuxnet:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It's So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows


Messenger



i. Microsoft disables Live Messenger links

According to the Vole's blog, disabling the feature was designed to prevent the spread of a malicious worm.

The worm requires users to click a link within a message, upon which it will load a webpage that downloads the worm to your PC and then it sends the same message to people in your contact list.

It only affected those who had not upgraded to the newest version of Messenger that uses Microsoft's Smartscreen, which shows up when you click on any link shared via Messenger.

A spokesperson said that the malicious worm was trying to spread itself through many of the world's largest instant messaging and social networks, including Windows Live Messenger 2009.


Windows will never be secure. "Our products just aren't engineered for security," said Brian Valentine, one of the top Windows executive at the time.

Comments

Recent Techrights' Posts

An "Efficient Windows 11 Experience" is Removing a Text Editor (Less than 5 Megabytes in Size) and Adding Chatbots That Require a New PC/Datacentre
Vista 11 24H2 update removes WordPad
 
The Campaign to 'End' Richard Stallman - Part II - Scaring People Who Produce Videos in Support of Stallman
There are allegations of threats, defamation, and censorship
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: Targeting My Wife
In my view, it is a form of overt sexism
[Chart] Chromebooks in Micronesia Grew at the Expense of Microsoft Windows
As of today...
Linus Torvalds Mocked "Cloud Native" in His Latest Talk (Arguing It's Just Hype), 'Linux' Foundation 'Research' (Marketing) Chooses Proprietary Software to Query Its Adopters
The name "Linux" is overused, abused, even grossly misused
Links 29/05/2024: More Arrests of Regime Critics and Hate Crimes
Links for the day
Brittany Day (linuxsecurity.com) Now Leverages Microsoft Chatbots to Promote Microsoft Propaganda Disguised as "Linux"
What Brittany Day does is an attack both on the Web and on Linux
[Meme] Don't Trust Users to Boot Their Own PCs?
UEFI 'secure' boot
Links 29/05/2024: Hack The Box, Why I Left Healthcare, and Chatbots as Health Risk
Links for the day
Gemini Links 29/05/2024: BESM Retro Second Edition and Itanium Day
Links for the day
Azerbaijan: Microsoft Falls From 99.5% to Almost Nothing or Less Than 20% (Windows Down Sharply, GNU/Linux Surges)
Based on statSounter
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 28, 2024
IRC logs for Tuesday, May 28, 2024
The Campaign to 'End' Richard Stallman - Part I - Two Canceled Talks in a Row?
RMS has left Europe, so the concept of "delayed" talk is facetious or deeply cynical
On Desktops/Laptops in Andorra Windows Fell to Less Than Half, 20% If One Counts Mobile as Well
And this is a European country
[Meme] 3 Years Later
If you're going to start a fight, make sure you can handle it
When You Leave a Bad Employer and Move on to Better Things
Perhaps my main mistake was not resigning from my job sooner
No, Your Site Likely Does Not Need WordPress
I was one of the first users of WordPress
GNU/Linux in Cameroon: Rising Steadily While Windows Falls From 99% to Just 6%
If one also counts mobile (mostly Android)
Monkey See, Monkey Share
on deprivation of users
From 0.17% to 10% or More (GNU/Linux in Dominica)
Dominica isn't well known, but it does seem to have embraced Chromebooks in recent years
Links 28/05/2024: Tensions in East Asia, UK Mandatory National Service
Links for the day
Gemini Links 28/05/2024: NetCrawl and Living in Lagrange
Links for the day
Guardian Digital, Inc (linuxsecurity.com) Handed Over Its Web Site to Chatbots That Generate SEO Garbage
They need to be called out on it
statCounter Sees Microsoft Windows at Below 1% in American Samoa
Not even 1%!
Windows Down to 60% of Guam's Desktops/Laptops and Down to a Quarter Overall
No wonder Microsoft is panicking
Today in UEFI 'Secure' Boot Debates (the Frog is Already Boiling and Melting)
Over at LQ today
[Meme] A "Modern" Web's Message in a Bottle
So-called 'security'
Brittany Day: Still Chatbot Slinging, Producing Fake 'Articles' About "Linux"
random garbage produced (and censored) by Microsoft
Almost 4k Gemini Capsules, 5th Anniversary Only Weeks Away
The Web will continue to deteriorate
Microsoft: $1 Million a Day for Contempt of Court Orders (Justice Department)
Microsoft behaves as if it's 100% exempt from laws
Catbodia? In Cambodia, Microsoft's Windows Fell to All-Time Low of Less Than a Quarter.
Cambodia is leaving Microsoft behind
[Meme] Deadnaming
Guess who uses a name that was deprecated well over a decade ago?
[Meme] 'Secure' Boot in a Nutshell
Ask Microsoft if it is "safe" to boot Linux
New Press Report Explains Microsoft Severance and Quiet (Undisclosed) Layoffs
Some people will call this "loophole", whereas others will opine that it is outright illegal (but kept secret to circumvent scrutiny)
Global South is Android/Linux (Windows Era Has Come to an End Already)
I've decided to take a quick glance at South American trends for all operating systems
[Meme] Unified Patent Troll
Unified Patent Court remains illegal and unconstitutional
The European Patent Office is Sinking
Officials (or national delegates) at the European Patent Organisation have long been warned about this (by staff representatives from the European Patent Office), but they ignored the warnings
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: Targeting Guest Writers (Intimidation)
Some high-profile people have told me that the serial defamer is a "monster" (their word), so why would Neil Brown wish to help him?
Summer in the Air
We have a good pace going on owing to health, positivity, inertia and good software tools
GNU/Linux Activity in Belize
From an economic point of view, Microsoft needn't worry about Belize, but when it comes to preserving the Windows monopoly/monoculture Belize matters
Links 28/05/2024: Back to MP3, NVIDIA Sued by Authors
Links for the day
Gemini Links 28/05/2024: Bad Beach and TLS
Links for the day
Microsoft Windows Fell From 100% to Just 7.5% in Sierra Leone
Based on statCounter
In Benin, Microsoft's Windows Fell Below 10%, GNU/Linux Surged to 6% or Higher on Desktops/Laptops
That's nearly 7% - a lot higher than the average in Africa
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 27, 2024
IRC logs for Monday, May 27, 2024
Delayed Series About Dr. Richard Stallman
A lot of the attacks on him boil down to petty things
[Meme] Elephant in the Asian Room
With ChromeOS included GNU/Linux is at 6% across Asia
GNU/Linux in Bangladesh Up From 0.5% to Over 4% (Windows Slid From 95% to 18%)
Bangladesh is one of the world's most densely-populated countries
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: Targeting Several Webhosts (in Collaboration and Conjunction With Mentally-Ill Flunkies)
Every attempt to nuke the current hosting failed, but it's still worth noting
Links 27/05/2024: One Month Left for ICQ, More Openwashing Highlighted
Links for the day
Gemini Links 27/05/2024: Back to GNU/Linux, Librem 5 Assessed
Links for the day
StatCounter (or statCounter) Has Mostly Recovered From a Day's Downtime (Malfunction)
Some of the material we've published based on the statCounter datasets truly annoys Microsofters
Google: We Don't Have Source Diversity, But We Have Chatbot Spew in Place of Sources (and It's Not Even Accurate)
Search engines and news search never looked this bad...
[Meme] Security is Not a Failure to Boot (or Illusion of Security Due to 'Unknown' System)
Red Hat is largely responsible for this mess
What is Secure Boot?
Security means the user feels safe and secure - i.e. confident that the machine would continue to work following a reboot or a system upgrade (or kernel upgrade)
StatCounter (or statCounter) Has Been Broken for Nearly 24 Hours. Who Benefits? Microsoft.
StatCounter is broken right now and has been broken for nearly 24 hours already
Links 27/05/2024: Chatbots Generate Hateful Output, TPM Performance Scrutinised
Links for the day
David Heinemeier Hansson (DHH) Realises What He Should Have Decades Ago
seeing that DHH is moving away from Apple is kind of a big deal
Reinvigorating the Voice of GNU/Linux Users (Not Companies Whose Chiefs Don't Even Use GNU/Linux!)
Scott Ruecker has just announced his return
"Tech" in the Context of Even Bigger Issues
"Tech" (or technology) activism is important; but there's a bigger picture
A Decade of In-Depth Coverage of Corruption at the European Patent Office (EPO)
The world needs transparency and sunlight
Hopefully Not Sunset for StatCounter
We hope that StatCounter will be back soon.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 26, 2024
IRC logs for Sunday, May 26, 2024
Links 27/05/2024: Self-Publishing, Patent Monopolies, and Armed Conflicts
Links for the day
Gemini Links 27/05/2024: Tethering Connection and PFAs
Links for the day
Imagine Canada Enabling Rapists to Harass Their (Rape) Victims
This analogy is applicable because abusers are empowered against the abused