I'm a big Stuxnet fan. Very clever.
People have been doing embedded device hacking for a long time, but the amount of physical knowledge of the target required, and the update system, and the multiple infection vectors? I bet they used Microsoft Project on that job, boy howdy.
I liked the weird "Bible Code" type evidence being mustered. Umm . . . here.
Oh yeah all the numerology is goofy. I like the 0xDEADF007, although it would have been much funnier if they'd found 0xDEADBEEF (it's more traditional, anyhow). DEADF007 could mean a lot of things, but it reeks of overly self-satisfied military dweeb types to me. Maybe it's somebody's WoW character?
4: I didn't do it. (I actually do use 007 in a user name or account name here and there. In my defense, I've been using at least one of those since high school...)
I don't think it has anything to do with 007. I think it's "DEADFOOT".
7: seriously. I'm sure there are dark theories circulating about which hax0r-founded security consultant shop was involved that are basically all nonsense.
I probably know somebody that has a fairly good idea who it was, but I'm not nearly plugged-in enough for anybody to tell me, these days.
8 makes me think 1 and 2 were sarcastic, when I'd been reading them straight.
10: no, not sarcastic. It's cool. 8 was a reference to the goofy cult of secrecy in the hacker world.
And 11 isn't totally fair. It's fun to know deep, dark secrets. Just the lengths to which people are willing to go to have that as a hobby, sheez.
Is this thread for Sifu only or does anyone get to play?
13: I think anyone is allowed to play, but only Sifu will understand.
re: 12
Billy Connolly has a riff in an old stand up routine about male versus female attitudes to secrets. Viz that women can't keep 'em, but men are so into keeping them that they go to massive lengths to generate new secrets, just so they can get off on having secrets -- hence Freemasonry, etc.
15: ha, yes. Secrets are things that women tell each other, and that men tell each other they're not going to tell each other.
15: yeah, exactly. NOBODY CAN KNOW ABOUT OUR CLUBHOUSE.
Heh. Men may not tell each other their secrets, but boy howdy do they get off on telling their secrets to a woman.
I am a really good secret keeper! That shit gets vaulted and no one even knows I have the secret! Guys, in my experience, are frequently looking to leverage their info.
18. This was the plot of most 20th century spy novels, ISTR.
This is an okay article about Stuxnet as well, but I think the most obvious answer to the question of why it broke into the wild is that it was designed (or possibly modified someplace along the way) to break into the wild, to make a point.
This, meawhile:
The virus is a "game changing event" for the anti malware industry, he said - expanding the scope of virus analysis into the political realm and beyond the purview of systems running the Windows operating system.
19 gets it exactly right!
What secrets could Oud be keeping for Di? Hmmm.
While I can contribute precisely nothing to the malware discussion, one theory of the development of modern subjectivity has it that secrets--having them, holding them, nurturing them--are the core of individuality.
Someone like Julian Assange or hardcore haxxors is probably insisting a bit much: "I'm alive! I'm an individual human being!"
22.last: Yes, that aspect of it is being over-hyped as being brand-news. Now, obviously I do not know what double secret probation black shit has really gone on before, but the PLC rootkit does seem to be something rather new (at least out in the public, thinking about it there is a good chance several governments have at least explored the concept). I'm more ambivalent about ascribing motives to how it went wild.
I am not a PLC programmer (IAANAPP), but per 2, I assume for it to really do something nasty or interesting would require extremely detailed knowledge of both the code and the physical devices (and even then, in my experience really critical stuff generally has secondary/failsafe auxiliary controls of some kind).
Final question for Tweety, it does seem like whoever did it used up a good chunk of "hacker capital" in the form of exploits (I think 3 zero days and one kind of forgotten one) plus the certificates. But I don't really know how if I am assessing that correctly.
For example, the people who run the Tea Party can't keep it a secret that they're not opposed to abusing puppies.
The h4xx0rs with whom I am not plugged in have been estimating cost at a quarter or half a million (most of that certificates) and rolling their eyes at the assumption that it must have been a government to spend that much.
Since I ran across a casual mention of a Dallas bathroom that cost 750k yesterday, I rather see their point.
25: I thought the whole point of Julian Assange was that he didn't keep secrets?
The h4xx0rs with whom I am not plugged in have been estimating cost at a quarter or half a million
I'm doubtful - I've seen estimates via Schneier of 5-6 man-years to develop it, and decent computer programmers tend to go for quite a lot more than $50k.
26.last: well, I dunno. I feel like I've known people who had as many as four zero-day windows exploits they were just sitting on. If you developed four exploits from scratch without breathing a word of it to anybody else, that would be time-consuming. But there's plenty of "zero-day" around that really just hasn't bubbled up to awareness. I don't think, as I said, that any one piece is that shocking, but combining all of those things into a targeted attack like that seems like an effort that would try the patience (and not particularly arouse the interest) of an enthusiast.
I thought the whole point of Julian Assange was that he didn't keep secrets?
The man's location is a secret, let alone all of the secrets he sits on until he's ready to release them. He's the secret-master.
From the things I've read I'm a little confused about the specific targeting. Would they actually need insider knowledge of how these Siemens control systems are being used in the specific place they want to target? I can't tell if they're attacking some sort of generic functionality or if they have to know something extremely specific about private code at the particular place they want to target.
32 was I.
You couldn't keep that a secret for more than sixty seconds? Unimpressive.
34: it sounds like the latter; that's why nobody knows what it's specifically supposed to do, because nobody knows what the specific PLC it's attacking does; PLCs essentially allow arbitary parameters to control arbitary outputs based on arbitrary inputs so it's not like there's a standard "hold valve open" function they can fuck with.
Whenever people talk about some revealed secret or other, I think of the last section of John Keegan's Intelligence in War: Knowledge of the Enemy from Napoleon to Al-Qaeda, in which the Keegster expresses a bracing skepticism about the relative value of intelligence and intelligence-gathering and -gatherers (particularly in, Keegan does not quite say, the age of Materialschlacht).
OT: I saw the trailer for the Valerie Plame movie. I would like to be, if possible, the first to call it "Rambo: First Blood, Part II for liberals."
38: Then wouldn't that be the strongest reason to suspect government involvement? It sounds like there's an espionage element to this, not just clever programming.
40: that's definitely a very strong reason to suspect it, but people had pretty strongly suspected it was government well before they knew it was doing that.
34: Once again IAANAPP but I know something of their use and how they work and there would seem to be two scenarios. The first per 26.2 would require extremely specific knowledge of how the thing was used in a specific physical process. The second (more remote) possibility would be if there were general patterns that many (or some specific subset or domain) used--something like "the upper end control point for flows in processes of type X are almost always set at B"--so max the fucker out (or double it ) and see what happens. Although in typing that out, I'm not really seeing it. However, modern PLCs are more general purpose than when I really knew anything about them, so there may be something you can do--but it is most likely to have random non-dire consequences.
ON preview allso ST in 38.
39: Sure, you can be the first to call that movie "Rambo for liberals".
42: I could see your latter theory if you had, for instance, knowledge of the standard practice of a specific Russian contractor that often worked on these systems, but you'd still have to have a pretty specific idea of who you were targeting.
45: knowledge of the standard practice of a specific Russian contractor
Right, something like that. Still pretty targeted.
Don't know if I'm a good secret keeper within personal relationships or not. It was funny, though, when I was writing for a newspaper. At the time my parents were both administrators at schools in the area, so at least half of their day-to-day problems at work were the kinds of things they shouldn't talk about, either management stuff or children confidentiality stuff, but they talked about it anyway just because that's how people unwind and relate. As far as I can remember they talked about it around me just as much after I became a reporter as before, but after I became a reporter they began prefacing it with reminders not to spread it around.
The funny thing is how rarely those reminders are needed. I don't remember them ever mentioning something that I should have blown the whistle on, so either they were smart enough not to say it or I'm dumb enough to have not noticed it. Once in a great while it was something that would have got my parents in genuine trouble for no good reason, but I wouldn't pass that on and if I were dumb enough (or malicious or whatever) to pass it on despite knowing it would cause trouble, a pro forma admonishment wouldn't have stopped me. There were one or two things which they asked me not to talk about, but I found it harmless but interesting and relevant and I made no secret of that, and I passed story ideas phrased very neutrally on to other writers and they followed up, and my parents heard about it in the comfort of their offices when the other writer called them for details, and that never caused any problems. (I guess they could have been using me as a useful idiot, like Chris Matthews or whoever it was that said he talked to important people off the record by default, but come on, we're talking high school administration.)
And the vast majority of "don't mention this at work, Cyrus" things were really trivial stuff that no one at work would have bothered with even if I had bothered to pass them on, so the caution, while a fine general principle, just wasn't necessary in those cases.
31 - Three zero-day exploits, according (IIRC) to a Symantec white paper about it, plus a relatively recently-discovered exploit.
40, 41: There's some circumstantial evidence/informed guesswork that the target was Iranian enrichment centrifuges, including the resignation of a top Iranian atomic energy official and a cryptic note on WikiLeaks.
Now, if we can just decode the numbers transmission I found on YouTube and head out to the right geocache, we'll be able to stop Pious Flea!
My number station only transmits zeros :(
And apparently it makes me use emoticons. Fucking sad business.
My wife ia always telling me gossip about her friends and starts with: "Now don't tell anybody, but..."
Like I'm one of her girlfriends who spreads this shit. Half the time i can barely remember who these people are, are I certainly don't care enough about their personal life to tell a third party.
As for Stuxnet, wouldn't it be funny if it were the Norks, who supposedly have a big malware academy and either a South Korean sleeper or just a dope released the worm
I'm reminded of the software-based pipeline sabotage the US conducted in the 80's. Worth reading.
Apparently 60% of the infected computers are in Iran.
That combined with the difficulty programing the virus and the need to have inside info about the plc system to have it work makes it reasonable to speculate that it is an attack on a specific system in Iran by US or Israel.
||
OT road rage, subcategory: merge point behavior.
Ok, you motherfucking passive-aggressive Pittsburgh motherfucking fuckwads, when even brain-dead incompetent semi-criminals like PennDOT figure out that you should merge at the merge point, and put up one sign that says "Use both lanes to merge point" and a second that says "Merge Here: Take your turn", why do 90% of you think it better to do the much more inefficient, dangerous and confusing early merge, and then 3 out of 4 times this past week a self-righteous confused person takes it upon themselves to straddle both lanes in an attempt to keep others from doing it the right way. Pittsburgh isn't charming or any of that--it's a blighted area of blighted aged idiots living on crumbling scruffy pathetic little hills pathetically getting their rocks off from watching a football team because no one has the brains or juice to know how to actually fuck another human being.
I was thinking a large animated billboard showing side-by-side simulations of traffic flow doing it right and the Pittsburgh way might do the trick, but out of sheer bloody-mindedness it would probably convince them of the rightness of their sub-Neandertahlic ways.
|>
||
Not an unexplored area of human behavior.
Questions for Tom Vanderbilt, author of Traffic
Q: Was this book really born on a New Jersey highway?
A: Yes, though it could have been any highway in the world, where countless drivers, driving on a crowded road that is about to lose a lane, have had to make a simple decision: When to merge. For my entire driving life, I had always merged "early," thinking it was the polite and efficient thing to do. I viewed those who kept driving to the merge point, to the front of line, as selfish jerks who were making life miserable for the rest of us. I began to wonder: Were they really making things worse? Was I making things worse? Could merging be made easier? Why were there late mergers and early mergers, and why did people get so worked up about the whole thing? In that everyday moment I seemed to sense a vast, largely under-explored wilderness before me: Traffic.|>
55 fails to mention the joys of the Pittsburgh left!
57: Is a Pgh left the same as a NJ left? That is, a right?
57: I actually don't mind that one ... do it a lot myself.
No -- on a normal street with opposing traffic, people yield for the first opposing driver to make a left if she wants to: http://en.wikipedia.org/wiki/Pittsburgh_Left
It was involved in Ben Roethlisberger's motorcycle accident--a driver did one in front of him, not accounting for how fast he would accelerate (IIRC).
60: Ah. A NJ left is a right onto a "jug handle" that twirls you around onto the cross street.
60: Jesus, that sounds like a recipe for a rear-ending on the yielder's car.
The Virginia left is poised to lose at least one congressional seat.
63: Fine, let them drive each other to death, plow the place under and move on with life.
Good mood here today!
There is a special place in Hell for traffic engineers. There was one (maybe more) cloverleaf which forced those entering the freeway to cross with those exiting the freeway. Acceleration, braking, merging all at the same time. Fun!
Portland has many virtues, but its inhabitants' irrational, passive-aggressive refusal to practice the zipper merge makes it Hell on Earth at rush hour.
You'd think the zipper merge would fit the mellow PNW gestalt. Everyone take a turn!
"reasonable to speculate that it is an attack on a specific system in Iran by US or Israel."
Yah, yah, reasonable. But what if it was the stipulated Russian contractor who had been planted by an oiligarch specifically to destabilize non-fossil power planning? Huh? With hacker exploits and semi-state actors, all we need is an inexplicably central NAtlantic hipster to have a Gibson novel.
67: Actually I have found both Portland and Seattle both to have weirdly fucked up geographically-anomalous freeway behavior.
P'burgh drivers usually fail by being *too* polite and I think the burden of that going unacknowledged for years gnaws at their brainstems like a poison and ultimately leads to them lashing out vehicularly at the worst possible times.
One of my top traffic peeves is inappropriate yielding. There's a left turn I take every morning across two lanes of oncoming traffic where at least once a month someone stops and waves at me to make the turn while the adjacent lane is full of oncoming traffic.
someone stops and waves at me to make the turn while the adjacent lane is full of oncoming traffic.
Who is the irritated that you have not partaken of his altruism. Some people!
Today I drove past a car with the license plate "LOL NJ".
Seattle and Portland are the combination of too polite and clueless. As explained here. And no one in the PNW knows the "stay right unless passing" rule.
67.1 -- agree. Definitely my experience up there.
67.2. -- I recall some hairy hill-related driving situations in Pittsburgh. Felt like the odds of someone coming out of nowhere an slamming into you (or the other way around, with you as the slammer) were high. Maybe everyone is paralyzed by fear, hence excessive politeness.
And no one in the PNW knows the "stay right unless passing" rule.
So true. "Slower traffic keep right" is as foreign a concept to PNW natives as cannibalism or the divine right of kings.
Is slower traffic keep right perchance a "natural law"?
re: 73
Heh, I was behind one today with D666. I presume a wannabe [or actual] heavy-metal band member. It was a recent Land Rover Discovery.
77: If drivers who can't understand it are eliminated from the breeding population, it might become one.
Revised Code of Washington 46.61.100
(2) Upon all roadways having two or more lanes for traffic moving in the same direction, all vehicles shall be driven in the right-hand lane then available for traffic, except (a) when overtaking and passing another vehicle proceeding in the same direction, (b) when traveling at a speed greater than the traffic flow, (c) when moving left to allow traffic to merge, or (d) when preparing for a left turn at an intersection, exit, or into a private road or driveway when such left turn is legally permitted. On any such roadway, a vehicle or combination over ten thousand pounds shall be driven only in the right-hand lane except under the conditions enumerated in (a) through (d) of this subsection.
It's so bad, I was actually unsure whether it was a law and had to look it up.
75.2: It takes years to get comfortable with these roads if you grew-up some place flat and sane.
I always enjoyed the Boston left. If you are stopped at a two-way stop, wait for an opening in the right-bound traffic. Then pull out until you have completely blocked all right-bound traffic. Ignore the honking and curses and wait for an opening in the left-bound traffic. Then turn.
80: Get out while you still can Moby, it's too late for me.
80: Oregon law is likely the same, but with the addition of e) when driver wants to drive in any lane at a leisurely pace and thinks that everyone should honor that without being all uptight about the efficient movement of traffic.
Our latest local traffic controversy is whether to call the new road the "Meadowcreek Parkway" or the "Meadow Creek Parkway". Scandalous!
You forget f) if the driver wishes to enforce the speed limit by preventing others from passing.
60: on a normal street with opposing traffic, people yield for the first opposing driver to make a left if she wants to
Good lord, at first I thought: I do that! That is wrong?
But the wikipedia page clarifies that this is at a stoplight; whew, okay, don't do that at stoplights. I do do it at stop signs, however. That is, if I and thee are facing one another on two way street, both stopped at our stop signs, if I'm going left and you're going straight across, I take my left first. Right?
Lately, I keep hearing drivers hook at drivers who yield to pedestrians. I tell myself they honk only because they can't see the pedestrian, but I know that's a lie.
if I and thee are facing one another on two way street, both stopped at our stop signs, if I'm going left and you're going straight across, I take my left first. Right?
It's been twelve years since I took the test, but I'm pretty sure that, in Virginia, whoever got there first goes first, regardless of intended next move.
87: Just be glad "MeadowCreek" isn't one of the options.
95: I'm going to start a petition for "Meadow CreekPark Way". Yes. That sounds very nice and will look great on the signage.
93: Yeah, that would be the case if it were a 4-way stop. At the particular intersection I'm thinking of, we're facing each other at our stop signs, and the crossing traffic doesn't have stop signs. They're just continually streaming past, and we're both watching them. When an opening arrives, we glance straight across at each other, and I, having been signaling my intention to go left, go first (we've been sitting there a minute or two).
I seem to think this is correct, if only because most people intending to go straight across pause and let me go. On the rare occasion on which the other person barrels straight across -- in my left-turning path! -- there's a bit of face-making on everybody's part.
The F150 with the mismatched passenger-side front quarter panel and bald tires has the right of way.
98: I did fell that I lost something when I quit driving old beaters.
98: That's just for merging and lane changes, silly.
Uneasy lies the head that wears a crown. Because the tongue takes time to warm to the new comer.
If I drive to work I have to go around a little roundabout whose sole purpose is to exemplify the truism that Americans do not understand roundabouts.
We've touched on this question before.
Successful navigation of the roundabout requires a spirit of cooperation that is anathema to the American ethos of individualism.
And/or: there are so few roundabouts on American roadways that most US drivers don't know what sort of game is being played on those rare occasions when they encounter one.
(New Jersey has roundabouts; and also a seemingly bizarre definition of the U-turn, which involves getting off the main road at an officially designated but probably confusingly-signed site, in order to drive a half a mile or so in some other direction and then backtrack. If you miss the exit, you're toast).
Massachusetts has rotaries, which are very similar, and despite our aggressive driving style they work fine.
We've talked about New Jersey's jughandle turns, as well as the many other varieties of left turns off of trunk roads, too many times before for me to find the link again. For this I apologize.
I am also reminded again how excited I am not to have to drive every day.
Massachusetts has rotaries, which are very similar, and despite our aggressive driving style they work fine.
The other day I was talking to an Israeli guy who just moved to NJ from Boston, and he made some remark about traffic, and I said something like "well, at least the drivers aren't as aggressive as the ones in Boston". He looked extremely confused and said "the only thing I ever noticed about Boston drivers is they're slow and way too cautious!" So I'm guessing that driving in Israel would reduce me to a whimpering mess.
107: True. Not having to drive increased your drive many, many times.
There's a little roundabout in front of my house with parking in the center. The rule for drivers is, "What? I can't stop! I'm going in a circle here!" The rule for pedestrians is "Cower between the parked cars, then run."
I don't know, seems like a perfect opportunity to try out, "When in danger or in doubt, run in circles scream and shout."
||
I was just at the rug dealer/ repair guy's place to go over how much I am willing to put into repairing my rug. He sources all of his materials in Iran for the Persian rugs.
I asked him about the embrago, and he said that that was just for the NY Times and the White House. You can get anything. There are just more middlemen. You can get someone in the country for $5,000. This guy has a law degree.
|>
116: Well with the rapid pace of commenting here if was bound to happen sometime.
I seem to think this is correct, if only because most people intending to go straight across pause and let me go. On the rare occasion on which the other person barrels straight across -- in my left-turning path! -- there's a bit of face-making on everybody's part.
Gah. People and their fictional road rules are a godamn menace. You're the one turning, which means you have to yield to oncoming traffic.
People and their fictional road rules are a godamn menace.
As long as they aren't actually reading fiction, they're probably doing above par.
e) when driver wants to drive in any lane at a leisurely pace and thinks that everyone should honor that without being all uptight about the efficient movement of traffic.
Man, I'm going to lose my mind if people don't knock this off when I commute. Look, I understand not wanting to go above the speed limit when I'm in a marked car. But then get the fuck out of the fast lane so that I can lead the normal people on a 80 mph commute the way god intended.
It was involved in Ben Roethlisberger's motorcycle accident
People turning in front of mopeds and motorcycles yield some pretty brutal accident scenes. Stuff like "hey I found a chunk of this dude's femur".
113: He was talking about a Mexican guy who had paid $5K to get in without papers.
123: That wreck was at a bad corner.
Yeah, one in Pittsburgh.
124: And that's different from Ogged how?
112 - C was just telling me this evening about how some colleague of his went to an auction this week, of Persian antiques, and there was a reminder at the beginning about the embargo. In case of 300 year old booby traps.
118: People and their fictional road rules are a godamn menace. You're the one turning, which means you have to yield to oncoming traffic.
Jeepers, gswift. I, uh, I, well, the opposite traffic isn't oncoming, as in streaming, it's just sitting there at its stop sign as well, and it's usually just one car, and it usually seems to expect me to take my left before it proceeds straight through, so. I honestly don't know why this seems to be the agreement around here, when the area does not subscribe to the Pittsburgh left (at an actual stoplight), but there it is.