A government-produced worm that may be aimed at an Iranian nuclear plant? Of course it's made headlines.
Computer security experts are often surprised at which stories get picked up by the mainstream media. Sometimes it makes no sense. Why this particular data breach, vulnerability, or worm and not others? Sometimes it's obvious. In the case of Stuxnet, there's a great story.
As the story goes, the Stuxnet worm was designed and released by a government--the U.S. and Israel are the most common suspects--specifically to attack the Bushehr nuclear power plant in Iran. How could anyone not report that? It combines computer attacks, nuclear power, spy agencies and a country that's a pariah to much of the world. The only problem with the story is that it's almost entirely speculation.
Article Controls
Here's what we do know: Stuxnet is an Internet worm that infects Windows computers. It primarily spreads via USB sticks, which allows it to get into computers and networks not normally connected to the Internet. Once inside a network, it uses a variety of mechanisms to propagate to other machines within that network and gain privilege once it has infected those machines. These mechanisms include both known and patched vulnerabilities, and four "zero-day exploits": vulnerabilities that were unknown and unpatched when the worm was released. (All the infection vulnerabilities have since been patched.)
Stuxnet doesn't actually do anything on those infected Windows computers, because they're not the real target. What Stuxnet looks for is a particular model of Programmable Logic Controller (PLC) made by Siemens (the press often refers to these as SCADA systems, which is technically incorrect). These are small embedded industrial control systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines--and, yes, in nuclear power plants. These PLCs are often controlled by computers, and Stuxnet looks for Siemens SIMATIC WinCC/Step 7 controller software.
If it doesn't find one, it does nothing. If it does, it infects it using yet another unknown and unpatched vulnerability, this one in the controller software. Then it reads and changes particular bits of data in the controlled PLCs. It's impossible to predict the effects of this without knowing what the PLC is doing and how it is programmed, and that programming can be unique based on the application. But the changes are very specific, leading many to believe that Stuxnet is targeting a specific PLC, or a specific group of PLCs, performing a specific function in a specific location--and that Stuxnet's authors knew exactly what they were targeting.
It's already infected more than 50,000 Windows computers, and Siemens has reported 14 infected control systems, many in Germany. (These numbers were certainly out of date as soon as I typed them.) We don't know of any physical damage Stuxnet has caused, although there are rumors that it was responsible for the failure of India's INSAT-4B satellite in July. We believe that it did infect the Bushehr plant.
All the anti-virus programs detect and remove Stuxnet from Windows systems.
07 October 2010
25 September 2010
Dean Takahashi: Stuxnet computer worm takes its toll on Iran, where nuclear plant may be target
Iranian officials have confirmed that the Stuxnet computer worm has infected at least 30,000 computers in the country.
The worm attacks industrial control systems. Because of that, officials have wondered whether Iran was targeted because hackers wanted to take down its controversial nuclear reactor, which is feared to be making high-grade plutonium for nuclear weapons. The Stuxnet worm, first discovered in June by Belarus-based security firm VirusBlokAda, might have been an attempt to disable the Bushehr reactor from afar.
Experts from Iran’s Atomic Energy Organization reportedly met this week to discuss how to remove the malware. The worm targets control systems that use Siemens’ SCADA software (supervisory control and data acquisition), which operates all sorts of factories from power plants to military installations. Symantec reported that Iran was hit hardest by Stuxnet, which was spread through universal serial bus (USB) flash memory drives that were left in areas where unsuspecting employees could pick them up and plug them into their computers.
Roughly 60 percent of all incidents related to Stuxnet have been reported in Iran. The question arises as to who created the Stuxnet worm and whether it was a state that doesn’t want Iran to have nuclear weapons.
Stuxnet exploited multiple unpatched vulnerabilities in Windows, relied on stolen digital certificates to disguise the malware, and hid its code by using software known as a rootkit. Microsoft hasn’t fully fixed the vulnerabilities. U.S. cybersecurity officials told the Associated Press they didn’t know who created the worm or what its purpose is. Certainly, it can disable more SCADA-based machines than just those in Iran.
The worm attacks industrial control systems. Because of that, officials have wondered whether Iran was targeted because hackers wanted to take down its controversial nuclear reactor, which is feared to be making high-grade plutonium for nuclear weapons. The Stuxnet worm, first discovered in June by Belarus-based security firm VirusBlokAda, might have been an attempt to disable the Bushehr reactor from afar.
Experts from Iran’s Atomic Energy Organization reportedly met this week to discuss how to remove the malware. The worm targets control systems that use Siemens’ SCADA software (supervisory control and data acquisition), which operates all sorts of factories from power plants to military installations. Symantec reported that Iran was hit hardest by Stuxnet, which was spread through universal serial bus (USB) flash memory drives that were left in areas where unsuspecting employees could pick them up and plug them into their computers.
Roughly 60 percent of all incidents related to Stuxnet have been reported in Iran. The question arises as to who created the Stuxnet worm and whether it was a state that doesn’t want Iran to have nuclear weapons.
Stuxnet exploited multiple unpatched vulnerabilities in Windows, relied on stolen digital certificates to disguise the malware, and hid its code by using software known as a rootkit. Microsoft hasn’t fully fixed the vulnerabilities. U.S. cybersecurity officials told the Associated Press they didn’t know who created the worm or what its purpose is. Certainly, it can disable more SCADA-based machines than just those in Iran.
19 February 2010
Why is the U.S. flag worn “backwards” on the uniform?
Army Regulation 670-1, Wear and Appearance of Army Uniforms and Insignia, is the governing authority for the wear of Army uniforms. Paragraph 28-18 governs the wear of the United States Flag on Army Uniforms.
The flag may only be worn on the utility and organizational uniforms (such as the camouflage BDU). The flag may only be worn during joint-duty and multinational deployments. When the servicemember returns to home station, the flag must be removed. (Guide Note: A message went out in February 2004 changing this restriction, and making the U.S. Flag a mandatory uniform componant for all soldiers, effective October 1, 2005.
Chapter 1, Title 4, United States Code, provides for the design of the U.S. flag and specifies the colors as red, white, and blue. Colors other than red, white, and blue violate the U.S. Code; therefore, subdued-colored flags are not authorized for wear. Joint commanders have to make the decision as to whether or not the wear of a full-color flag, for morale purposes, is more important than having all aspects of the uniform camouflaged.
When approved for wear, the full-color U.S. flag cloth replica is sewn 1/2 inch below the right shoulder seam of the temperate, hot-weather, enhanced hot-weather, and desert BDU; the BDU field jacket; and the cold-weather uniform. The flag is worn on the right shoulder, because, in the military, the “place of honor” is to a military member’s right.
The full-color U.S. flag cloth replica is worn so that the star field faces forward, or to the flag’s own right. When worn in this manner, the flag is facing to the observer’s right, and gives the effect of the flag flying in the breeze as the wearer moves forward.
The rule dates back to the Army’s early history, when both mounted cavalry and infantry units would designate a standard bearer, who carried the Colors into battle. As he charged, his forward momentum caused the flag to stream back. Since the Stars and Stripes are mounted with the canton closest to the pole, that section stayed to the right, while the stripes flew to the left.
Sumber :
http://adoptaplatoon.org/site/?p=77
01 January 2010
How to change hostname on Fedora
To change hostname on Fedora, you can do it in 3 ways. That are : edit the /etc/hosts file, edit the /etc/sysconfig/network file and running command line "hostname". As default, content of
/etc/hosts is :
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 lenovo localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
As default, content of /etc/sysconfig/network file is :
NETWORKING=yes
HOSTNAME=localhost.localdomain
To change hostname, it's better to edit /etc/sysconfig/network file become :
NETWORKING=yes
HOSTNAME=lenovo
Suppose, the hostname is "lenovo". Don't forget to reboot the computer to make effect.
Beside that, you can change hostname with not permanently with command line "hostname". The code is :
# hostname "lenovo"
/etc/hosts is :
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 lenovo localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
As default, content of /etc/sysconfig/network file is :
NETWORKING=yes
HOSTNAME=localhost.localdomain
To change hostname, it's better to edit /etc/sysconfig/network file become :
NETWORKING=yes
HOSTNAME=lenovo
Suppose, the hostname is "lenovo". Don't forget to reboot the computer to make effect.
Beside that, you can change hostname with not permanently with command line "hostname". The code is :
# hostname "lenovo"
Subscribe to:
Posts (Atom)