Friday, May 20, 2011

Uh oh

Item the first:  SCADA exploit demo canceled:
Security researchers decided to cancel a planned demonstration of security holes in industrial control systems from Siemens following requests from the German manufacturer and a security response team.


They shared their research beforehand with Siemens, ICS-CERT (Industrial Control Systems Cyber Emergency Response Team – a division of the Department of Homeland Security), and the Idaho National Lab. Siemens asked the two researchers to hold fire on the talk, which covered possible mechanisms to attack industrial control systems along with a practical demonstration.
SCADA systems control gobs of the systems that make our modern lives possible: oil refineries, electric power generation, that sort of thing.  The SCADA systems were what the StuxNet worm attacked, taking the Iranian uranium enrichment centrifuges offline.

I've been saying for a while that it's a target rich environment, and this shows that people are paying attention to the problem.  It's a Good Thing that the researchers talked to Siemens and held their fire.  But there will be a ton more of these, and I expect that our infrastructure is fragile and will break quickly and hard when the first of these gets into the wild.

Stock up on food, water, ammunition, and Krugerrands.

Item the second: Explosion of malware aimed at Macintosh:
Yesterday I spent several hours going through and collecting requests for help from Mac users who have been affected by this issue. I found more than 200 separate discussion threads, many of them from people who have been tricked into installing this software and are desperately trying to remove it. It started with four posts on April 30; this past weekend there were 42 unique, new discussion threads on this subject.
A little while ago someone released a malware development kit that made malware for the Mac.  There's been a huge spike in reported Mac pwnage.  Apple is doing what Apple always does about security problems: sweeping them under the rug:

Apple officials have instructed members of the company's support team to withhold any confirmation that a customer's Mac has been infected with malware or to assist in removing malicious programs, ZDNet's Ed Bott reported on Thursday.

He cited an internal document titled "About 'Mac Defender' Malware," which was last updated on May 16 and says that the trojan, which surfaced earlier this month and masquerades as legitimate security software for the OS X platform, is an "Issue/Investigation In Progress."


"Porn sites just started popping up on my MacBook Pro," one user wrote. "Is this a virus? I have never had a virus on a Mac before and I have been using Macs for years. Please help!"
Apple fanboys, Borepatch's First Law applies to you: "Free download" is Internet-speak for "open your mouth and close your eyes."  Any web page you visit or email you read that tells you that you're infected is flogging malware at you.  Don't click it, don't download it, don't let it install.  Windows users already know this.  Welcome to the club.

Apple really has the worst attitude about security of any company I've ever seen, and I've seen a lot.  It's pathetic that their customers will get more help here than from Apple.

Item the third: Mobile malware is exploding, too:

SUNNYVALE, Calif., May 10, 2011 — In a global mobile threat study released today, Juniper Networks (NYSE: JNPR) found that enterprise and consumer mobile devices are exposed to a record number of security threats, including a 400 percent increase in Android malware, as well as highly targeted Wi-Fi attacks. Through close examination of recent malware exploits, the study outlines new areas of concern and delivers clear recommendations on essential security technologies and practices to help consumers, enterprises/SMBs, and government entities guard against mobile device exploits.


The report, "Malicious Mobile Threats Report 2010/2011" was compiled by the Juniper Networks Global Threat Center New Window (GTC) research facility, a unique organization dedicated to conducting around-the-clock security, vulnerability and malware research tailored specifically to mobile device platforms and technologies. The GTC examines increasingly sophisticated attacks from 2010 and 2011, such as, Myournet/Droid Dream, Tap Snake and Geinimi as well as the pirating of the "Walk and Text" application, new threat vectors for mobile cybercrime, and the potential for exploitation and misuse of mobile devices and data.
Juniper makes some righteous corporate firewalls.  They know what they're talking about.


Arthur said...

Huh, from reading at Og's place I had gotten the impression that Siemens equipment was first rate.

SiGraybeard said...

Thanks, bro'.

If you need me, I'll be under the bed. Stroking my ammo box.