Gen. Patton looks down on this and smiles.
Showing posts with label internet leader. Show all posts
Showing posts with label internet leader. Show all posts
Saturday, January 25, 2020
Saturday, June 29, 2019
Ten years ago on this blog
Google was already noticing the scribblings here. Weird, but it led to a post category.
#1 out of a quarter Billion sites. That's a powerful lot of so what, right there.
Borepatch: The Internet Leader in "So What?"
#1 out of a quarter Billion sites. That's a powerful lot of so what, right there.
Friday, October 8, 2010
I totally own Google
Number one out of 9 million. I guess you can't trust Google any more than you can trust Wikipedia ...
Tuesday, October 5, 2010
The definitive reason not to trust Wikipedia
It seems that I'm a referenced source for one of their articles. Sweet Jesus, save us.
UPDATE 5 October 2010 13:20: To the commenters discussing my, err, "fame", heh:
UPDATE 5 October 2010 13:20: To the commenters discussing my, err, "fame", heh:
Friday, September 24, 2010
Did Israel hack Iran's Nuclear Program?
People have been asking, and The Czar of Muscovy is looking for a report. As always, he has interesting ideas, and you should first of all go read his post. This will be a longish Sitrep, and the Czar provides excellent background material that you'll need to make sense of this post.
Then you should go read one of my old posts, How To Hack A Classified Network. It also is longish, but it gives you a lot of information that I'm going to build on in this post.
Then, you should go read an even older post of mine about the intricacies of software, and how easy it is to mess up security. It amplifies some of what the Czar wrote, and gives you a Real World example of how a computer that controlled a factory was accidentally taken down. It's not precisely analogous to what's happening with the StuxNet worm (that's in How To Hack A Classified Network), but it is something that happened to me, on my watch.
Back now? OK, let's think about "Embedded Process Controllers" - computers that control manufacturing processes. SCADA systems - the ones I keep yammering on about how someone could attack them and take down our power grid - are a variant of these. Typically, there's a hierarchy of devices: (a) The SCADA system(s) as the Master Control unit at the top, (b) a distribution layer that talks to SCADA on the top tier and individual devices at the bottom tier, and (c) the individual devices (e.g. welding electric switch, pipe valve actuator, etc) at the bottom.
The (c) layer is 100% custom software. There aren't a lot of people who understand this, and they're very well paid indeed. Were I Dr. Evil, directing a hacking effort, I wouldn't waste any time here. The next level up (b) typically runs on Linux, but a stripped down version. It's exploitable, but is not only a harder target, but if you did get in, the opportunity for mischief is less. You could focus here, but that's not where the smart money will bet.
It's the top tier that's the big win. SCADA runs on Windows (insert Dr. Evil maniacal laughter here), so you know that it's a target rich environment. These systems are unlikely to be patched (for reasons that you should read here; another one of my very old posts that explains why people don't like to patch). So while the StuxNet worm seems to include multiple "Day Zero" exploits (attacks for which there is no security patch to stop it), you probably don't need them. They're insurance.
Once you're in the SCADA system, you have high level control options (as opposed to low level "device on/device off" ones at the lower tiers). If you want to make something go boom, this is where you'd do it. Well, that's where I would do it, except I only use my Powers for Good ...
Can you really make something go boom? Absolutely, and this has been done before:
So what are we left with at this point? As the Mythbusters would say, the scenario is plausible. The technology exists or could be created to do any number of types of mischief. Insertion of the code is clearly not a major problem, even into totally isolated networks (as our own Defense Department has discovered to its dismay). This would be expensive, and would require the resources of a Nation State actor, and one of probably a dozen or so actors (Israel qualifies as a member of this club). The government of Israel certainly has the motivation to do this, and pervasive corruption throughout the Middle East offers a selection of insertion points.
Means, motive, and opportunity. This is the "Holy Trinity" of mystery stories, is it not?
You could add layers of misdirection to this scenario. The Russians have sold much of the technology to the Iranians, in the face of weak and ineffectual protests on the part of our State Department. Is it possible that there is a quid pro quo where we let the Russians sell the technology (to get the hard currency), but the technology is actually sabotaged a la the Siberian Pipeline of the 1980s? The cover story now becomes a worm did the damage, to keep the Russian's hands "clean". If so, then it's possible that we created this. Absolutely we have people who know how to do this (I know some of them).
Or maybe the Russians did it - after all, it was a Russian antivirus company that "discovered" the worm. What the Russian's motivations would be are left as an exercise to people better at Realpolitik than I (perhaps our dread Czar?). Certainly the idea of nuclear proliferation into the 'Stans isn't something that the Kremlin looks to eagerly.
One thing that I'd bet cash money on, at long odds - the worm code itself will not provide clues that point back to its creators, at least not easy ones.
My own feeling is that you won't hear about a boom. While dramatic, there are a lot of moving parts in a process control system that would need to be sabotaged at the same time, and anyone smart builds manual governors and overrides into systems like these. However, nuclear warheads are terribly finicky things. Everything has to be just right, or your incredibly expensive "physics package" (as they call it in the business) is really nothing more than a falling rock. If I were Dr. Evil, and charged with doing this, I'd make sure that the processes almost worked perfectly - so close that the parts pass QA inspection, but far enough off that the bomb won't detonate.
Disclaimer: I don't really know what I'm talking about, and absolutely did not rely on anything classified for this post (or the ones linked). It's informed speculation based on what I know from my days in Internet Security, and from people well versed with atomic weapons. Your mileage may vary, void where prohibited, do not remove tag under penalty of law.
UPDATE 24 September 2010 16:18: The Register has more, and it worth a read in its entirety. If you were to attack a single point in the process, the centrifuges would be the logical place. You might even get a catastrophic failure that would take months or years to recover from. However, it's an obvious failure, as opposed to non-obvious failures like warheads that won't detonate. Again, all disclaimers apply.
UPDATE 24 September 2010 19:20: Hmmm ...
UPDATE 24 September 2010 22:01: Well, that didn't take long:
First out of 1.1 Million pages. Google's my bitch.
Then you should go read one of my old posts, How To Hack A Classified Network. It also is longish, but it gives you a lot of information that I'm going to build on in this post.
Then, you should go read an even older post of mine about the intricacies of software, and how easy it is to mess up security. It amplifies some of what the Czar wrote, and gives you a Real World example of how a computer that controlled a factory was accidentally taken down. It's not precisely analogous to what's happening with the StuxNet worm (that's in How To Hack A Classified Network), but it is something that happened to me, on my watch.
Back now? OK, let's think about "Embedded Process Controllers" - computers that control manufacturing processes. SCADA systems - the ones I keep yammering on about how someone could attack them and take down our power grid - are a variant of these. Typically, there's a hierarchy of devices: (a) The SCADA system(s) as the Master Control unit at the top, (b) a distribution layer that talks to SCADA on the top tier and individual devices at the bottom tier, and (c) the individual devices (e.g. welding electric switch, pipe valve actuator, etc) at the bottom.
The (c) layer is 100% custom software. There aren't a lot of people who understand this, and they're very well paid indeed. Were I Dr. Evil, directing a hacking effort, I wouldn't waste any time here. The next level up (b) typically runs on Linux, but a stripped down version. It's exploitable, but is not only a harder target, but if you did get in, the opportunity for mischief is less. You could focus here, but that's not where the smart money will bet.
It's the top tier that's the big win. SCADA runs on Windows (insert Dr. Evil maniacal laughter here), so you know that it's a target rich environment. These systems are unlikely to be patched (for reasons that you should read here; another one of my very old posts that explains why people don't like to patch). So while the StuxNet worm seems to include multiple "Day Zero" exploits (attacks for which there is no security patch to stop it), you probably don't need them. They're insurance.
Once you're in the SCADA system, you have high level control options (as opposed to low level "device on/device off" ones at the lower tiers). If you want to make something go boom, this is where you'd do it. Well, that's where I would do it, except I only use my Powers for Good ...
Can you really make something go boom? Absolutely, and this has been done before:
The CIA was tipped off to the Soviet intentions to steal the control system plans in documents in the Farewell Dossier and, seeking to derail their efforts, CIA director William J. Casey followed the counsel of economist Gus Weiss and a disinformation strategy was initiated to sell the Soviets deliberately flawed designs for stealth technology and space defense. The operation proceeded to deny the Soviets the technology they desired to purchase to automate the pipeline management, then, a KGB operation to steal the software from a Canadian company was anticipated, and, in June 1982, flaws in the stolen software led to a massive explosion of part of the pipeline.Important note: My knowledge of this comes from "Open Source" intelligence only; the people that I know who would know something about this are in the Intelligence community. I haven't asked them, and they wouldn't tell me if I did (it's classified, duh).
So what are we left with at this point? As the Mythbusters would say, the scenario is plausible. The technology exists or could be created to do any number of types of mischief. Insertion of the code is clearly not a major problem, even into totally isolated networks (as our own Defense Department has discovered to its dismay). This would be expensive, and would require the resources of a Nation State actor, and one of probably a dozen or so actors (Israel qualifies as a member of this club). The government of Israel certainly has the motivation to do this, and pervasive corruption throughout the Middle East offers a selection of insertion points.
Means, motive, and opportunity. This is the "Holy Trinity" of mystery stories, is it not?
You could add layers of misdirection to this scenario. The Russians have sold much of the technology to the Iranians, in the face of weak and ineffectual protests on the part of our State Department. Is it possible that there is a quid pro quo where we let the Russians sell the technology (to get the hard currency), but the technology is actually sabotaged a la the Siberian Pipeline of the 1980s? The cover story now becomes a worm did the damage, to keep the Russian's hands "clean". If so, then it's possible that we created this. Absolutely we have people who know how to do this (I know some of them).
Or maybe the Russians did it - after all, it was a Russian antivirus company that "discovered" the worm. What the Russian's motivations would be are left as an exercise to people better at Realpolitik than I (perhaps our dread Czar?). Certainly the idea of nuclear proliferation into the 'Stans isn't something that the Kremlin looks to eagerly.
One thing that I'd bet cash money on, at long odds - the worm code itself will not provide clues that point back to its creators, at least not easy ones.
My own feeling is that you won't hear about a boom. While dramatic, there are a lot of moving parts in a process control system that would need to be sabotaged at the same time, and anyone smart builds manual governors and overrides into systems like these. However, nuclear warheads are terribly finicky things. Everything has to be just right, or your incredibly expensive "physics package" (as they call it in the business) is really nothing more than a falling rock. If I were Dr. Evil, and charged with doing this, I'd make sure that the processes almost worked perfectly - so close that the parts pass QA inspection, but far enough off that the bomb won't detonate.
Disclaimer: I don't really know what I'm talking about, and absolutely did not rely on anything classified for this post (or the ones linked). It's informed speculation based on what I know from my days in Internet Security, and from people well versed with atomic weapons. Your mileage may vary, void where prohibited, do not remove tag under penalty of law.
UPDATE 24 September 2010 16:18: The Register has more, and it worth a read in its entirety. If you were to attack a single point in the process, the centrifuges would be the logical place. You might even get a catastrophic failure that would take months or years to recover from. However, it's an obvious failure, as opposed to non-obvious failures like warheads that won't detonate. Again, all disclaimers apply.
UPDATE 24 September 2010 19:20: Hmmm ...
UPDATE 24 September 2010 22:01: Well, that didn't take long:
Monday, March 8, 2010
Wednesday, February 17, 2010
Borepatch: The Internet Leader in sons first beer with dad
What's weird is I only see the ones that led someone to my blog. I expect that there are some far stranger ones, deep in the bowels of Google ...
Tuesday, January 5, 2010
I see my work here is done
Heh. Number 6 out of 1.9 million. And what does the intrepid Googler find when he clicks through to my little corner of Al Gore's Intarwebz? This:
Double heh.
Thursday, September 17, 2009
Nothing I could write would improve on that sentence. part the fifth
Precisely:
Then ponder the Democrat's Healthcare plan. And tremble.
And while you're over there, check out the Czar of Muscovy's challenge to smarty-pants lefty intellectuals.
... the kids who come in are often times high on themselves and their SAT scores and have increasingly not been exposed to alternative moral systems, like traditional religion, in which they'd hear, "Yeah, you're smart, but so what? Are you good?" Or have pointed out to them that not a few brilliant men have gone on to do profound evil. So they think of themselves and their unconsidered philosophy as those entitled to rule in a more just world. They're smarter than everyone else—the SAT said so!—and intelligence is the sole criterion of worth they've been held to. They go to the best schools which are often echo chambers of the intelligence-über-alles ethic and learn What Smart People think and consider themselves Intellectuals (without ever running across the pejorative origins of the term, which contrasted with "scholar"), emerging as unconscious, smug élitists and natural Progressives.I've never understood the attraction of Rousseau, even back when I was a smug lefty elitist. The Volgi lays out the repeated "progressive" attempts to build the new secular Jereusalem on a mountain of skulls. If you don't read anything else this month, go read this.
Then ponder the Democrat's Healthcare plan. And tremble.
And while you're over there, check out the Czar of Muscovy's challenge to smarty-pants lefty intellectuals.
Saturday, August 29, 2009
Friday, August 14, 2009
Borepatch: The Internet Leader in Things That Cause Global Warming
Actually, I have another post about just how lousy the quality of the data is behind the whole Global Warming Medicine Show, as soon as I get a few minutes to spare.
Saturday, August 8, 2009
Tuesday, July 28, 2009
Some folks are fixin' to be disappointed
It seems that search.cnn.com has made me the top result for "erin andrews nude pix". Oh, boy. Google, too.
My blog is sadly - tragically, even - nude free. Not that we don't appreciate the fairer sex, of course. Particularly when well armed.
And let me repeat what I said in the post that seems to be CNN flypaper:
But it's given me a great new tag name ...
My blog is sadly - tragically, even - nude free. Not that we don't appreciate the fairer sex, of course. Particularly when well armed.
And let me repeat what I said in the post that seems to be CNN flypaper:
So if you absolutely must chase smut, don't use Internet Explorer, don't click through to any "security" sites you see advertised at the smut shop, and don't download any helpful "security" programs from the smutters.No extra charge - it's all part of the service.
I kind of think that this all goes without saying, but a million pwned computers in the global botnet zombiepocalypse army would tell me that I'd be wrong.
But it's given me a great new tag name ...
Monday, July 20, 2009
Borepatch: The Internet Leader in World's Oldest Cities
Strange. I also posted on Henry Allingham, but it's nowhere near the top. This is #4 out of 45 Million.
Sunday, July 19, 2009
Borepatch: The Internet Leader in Cool Handguns
Monday, June 29, 2009
Borepatch: The Internet Leader in "So What?"
#1 out of a quarter Billion sites. That's a powerful lot of so what, right there.
Monday, June 22, 2009
Tuesday, May 19, 2009
Monday, May 18, 2009
Borepatch: The Internet Leader in Glue-Sniffing Recovery 12-Step Programs
Well, almost the leader.
It's very strange, how Google sets its page rankings.
It's very strange, how Google sets its page rankings.
Saturday, May 9, 2009
Borepatch: The Leader in Internet Vedic Astrology
I have proof. At least for Audie Murphy:
Al Gore's Intarwebz isn't just weird. It's weirder than we can possibly imagine.
Glad to be doing my part to help.
Al Gore's Intarwebz isn't just weird. It's weirder than we can possibly imagine.
Glad to be doing my part to help.
Subscribe to:
Posts (Atom)