Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Increasing risk of Perfect Storm on Internet

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » General Discussion Donate to DU
 
unc70 Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-04-11 05:39 PM
Original message
Increasing risk of Perfect Storm on Internet
There have been recently a rash of high-profile security breaches at Internet sites crucial to authentican and security, for sites, for users, for digital signatures, etc. plus new malware kits to attack SCADA systems used to control critical infrasture (pipelines, factories, water systems, power generation of all types, refineries). They seem to be coming together with the potential to cause widespread disruption and damage.

No system on the Internet is completely secure. The more secure those responsible believe their systems to be, the less it probably is. If you think if possible to have a highly-secure system on the Internet, you probably are aware of many of the types of threats.

I should clarify that not only have I been doing computer and network security for over 40 years, but much of it has been at fairly high levels, from Multics and The Orange Book to NASA JSC, SCADA and S.P.I.D.E.R control systems to real-time global financial systems, and a lot more.

I know what I am talking about, have discussed on DU with increasing levels of alarm how vulnerable we are and how immense the perils we face, and my frustration and anger at those who got us into this mess in spite of all our warnings. Several recent incidents have me very alarmed, not quite to panic. Today, I keep having flashbacks to the Cuban Missile Crisis. Not good.

The hack on RSA is a good example of a multi-stage attack and once breached, not to be trusted. Unfortunately, this time it impacts almost everyone because RSA supplies SecurID and other widely-used services at the very heart of authentication, cryptography, trusted systems, etc. We really don't know how really bad this could be. Make sure to read the comments, too.

http://forums.theregister.co.uk/forum/1/2011/04/04/rsa_...

This describes the recent hack by an Iranian and how he created fake certificates of authentication for web sites and what it means.

http://www.dw-world.de/dw/article/0,,14954119.00/html

This one discusses the problem wrt SCADA systems used for process control -- pipelines, factories, refineries, power generation including nuke. Includes links discussing the worm that apparently was specifically targeted at SCADA used at the Iranian nuclear facilities. Remember to these comments, too.

http://www.theregister.co.uk/2011/03/22/scada_exploits_...


While most of these incidents involve Microsoft and increasingly Adobe products, there have been too many with UNIX, Linux, and Open Source applications and breaches at "Trusted" servers hosting development and downloading. And we have little reason to trust that the hardware is safe.

My journal archive has several earlier rants on this subject.
Printer Friendly | Permalink |  | Top
leveymg Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-04-11 06:04 PM
Response to Original message
1. Are SCADA industrial controllers connected to the web? What about the Siemens designed units
that were reportedly attacked by the Stutznet virus?

What kind of a lunatic hooks critical safety components to computer systems that can be hacked into?
Printer Friendly | Permalink |  | Top
 
babylonsister Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-04-11 06:29 PM
Response to Original message
2. First link not working for me. nt
Printer Friendly | Permalink |  | Top
 
snot Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-04-11 06:35 PM
Response to Original message
3. Um, first two links say "404: Page not found," and the third is
to a general home page on which "SCADA" is not mentioned.
Printer Friendly | Permalink |  | Top
 
unc70 Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-04-11 10:23 PM
Response to Original message
4. Updated links to article


RSA hack explained:

http://www.theregister.co.uk/2011/04/04/rsa_hack_howdun... /

Iranian hack allows creation of fake authentication certificates

http://www.dw-world.de/dw/article/0,,14954119,00.html

Exploit kit for SCADA

http://www.theregister.co.uk/2011/03/22/scada_exploits_... /


The Register has articles on many more similar attacks:

http://www.theregister.co.uk/security/enterprise/
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Sun Apr 20th 2014, 09:54 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » General Discussion Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC