In-vader
In-sidious

Funny, I thought it was the other way 'round.

They were looking to take out a some droids.

Better take that laptop to Anchorhead tomorrow and have its memory erased.

How exactly does one gather intelligence from a PLC? You can download the program, sure, but that doesn't tell you all that much. Also, no one in their right mid runs them in anything but run mode so you are not going to be able to mess with it without physical access.

\hackers can be really stupid some times

gozar_the_destroyer: How exactly does one gather intelligence from a PLC? You can download the program, sure, but that doesn't tell you all that much. Also, no one in their right mid runs them in anything but run mode so you are not going to be able to mess with it without physical access.

\hackers can be really stupid some times

Stuxnet targeted PLC code in order to modify it to break centrifuges and hide its tracks.

Duqu looks to be more in the way of a conventional intel-gatherer: keylogging, directory structure, permissions, architecture, etc.

apeiron242: In-vader
In-sidious

Darth Trocious

benmecha: gozar_the_destroyer: How exactly does one gather intelligence from a PLC? You can download the program, sure, but that doesn't tell you all that much. Also, no one in their right mid runs them in anything but run mode so you are not going to be able to mess with it without physical access.

\hackers can be really stupid some times

Stuxnet targeted PLC code in order to modify it to break centrifuges and hide its tracks.

Duqu looks to be more in the way of a conventional intel-gatherer: keylogging, directory structure, permissions, architecture, etc.

You can't modify the code unless it is in the program mode.

And keylogging to a system that has no outside access is pointless.

Darth Solent
Darth Cestuous
Darth Terrupt
Darth Dia
Darth Kypinkyblinkyandclyde

"The research says the Trojan exploited a previously unknown vulnerability"

How does a programmer creating a program not see the flaws in it? Seems like that would be like someone constructing a house and not noticing that they didn't put a lock on every door

Begun, the Cyber Wars have.

Cloudchaser Sakonige the Red Wolf: "The research says the Trojan exploited a previously unknown vulnerability"

How does a programmer creating a program not see the flaws in it? Seems like that would be like someone constructing a house and not noticing that they didn't put a lock on every door

My code is secure. HIS code is secure. In fact every person on the team is writing secure code. Mash them all together on the build machine and .... ponder WTF just happened as something with more security holes than a string vest appears.

sarah_t_s: Cloudchaser Sakonige the Red Wolf: "The research says the Trojan exploited a previously unknown vulnerability"

How does a programmer creating a program not see the flaws in it? Seems like that would be like someone constructing a house and not noticing that they didn't put a lock on every door

My code is secure. HIS code is secure. In fact every person on the team is writing secure code. Mash them all together on the build machine and .... ponder WTF just happened as something with more security holes than a string vest appears.

Clearly indicating that your code is not secure as you claimed. Neither is his code. If you are gonna write a function that is receiving data from some source external to your code itself(so just about everything), don't assume the data will always fall within the expected parameters. Do a check on the input data to make sure its valid enough before you do anything else.

That said, a lot of vulnerabilities come from the realities of programming. Very often you are just re-using code because it is that much more productive. Very often that code you are re-using might not have been written with your current usage in mind. You are often using someone else's code, or your own code that you wrote so long ago that you have no idea how its written. Often, you only might know what the re-used code is supposed to do, but not how it does it.

Even an OS kernel I would expect is the same. I imagine that a lot of the code that was in Windows NT4 is still around in Windows 7. Some of it might have been updated, and some of it may remain untouched.

About the house construction analogy. Its more like you are constructing several miles worth of skyscrapers, and not noticing a window is improperly installed on one of them. There are a lot of lines of code. LOTS.

Cloudchaser Sakonige the Red Wolf: "The research says the Trojan exploited a previously unknown vulnerability"

How does a programmer creating a program not see the flaws in it? Seems like that would be like someone constructing a house and not noticing that they didn't put a lock on every door

As a programmer who works with home contractors, I'm really getting a kick out of this reply...

/happens more often than you seem to think

apeiron242: In-vader
In-sidious

Mind.Blown.