Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

June 28 2013

Un général américain poursuivi pour les fuites sur Stuxnet, le virus informatique tueur de…

Un général américain poursuivi pour les fuites sur #Stuxnet, le virus informatique tueur de centrifugeuses iraniennes - Etats-Unis - RFI

Ce programme avait été révélé en juin de l'année dernière par le New York Times. Barack Obama, très en colère, avait alors annoncé que l'auteur de la fuite serait recherché et traduit en justice : « Ma politique est celle de la tolérance zéro en ce qui concerne ce genre de fuite. Révéler de telles informations constitue un acte criminel ».

Le département américain de la Justice soupçonne maintenant le général James Cartwright d'être à l'origine de la #fuite. Si ce soupçon se confirme, la situation deviendra plus que délicate pour Washington puisque c'est justement le général Cartwright qui avait conçu et coordonné cette #cyber-attaque depuis le Pentagone.

January 18 2013

Seeing peril — and safety — in a world of connected machines

I’ve spent the last two days at Digital Bond’s excellent S4 conference, listening to descriptions of dramatic industrial exploits and proposals for stopping them. A couple of years ago Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments. S4 — which stands for SCADA Security Scientific Symposium — is where researchers convene to talk about exactly that sort of threat, in which malicious code makes its way into low-level industrial controls.

It is modern industry’s connectedness that presents the challenge: not only are industrial firms highly interconnected — allowing a worm to enter an engineer’s personal computer as an e-mail attachment and eventually find its way into a factory’s analytical layer, then into its industrial controls, bouncing around through print servers and USB drives — but they’re increasingly connected to the Internet as well.

Vendors counter that the perfect alignments of open doors that security researchers expose are extremely rare and require unusual skill and inside knowledge to exploit. And the most catastrophic visions — in which malicious code shuts down and severely damages a large city’s water system or an entire electrical grid — assume in many cases a level of interconnection that’s still theoretical.

In any case, industrial security appears to be advancing quickly. Security firms are able to make particularly effective use of anomaly detection and other machine-learning-based approaches to uncover malicious efforts, since industrial processes tend to be highly regular and information flows tightly prescribed. These approaches will continue to improve as the networks that feed information back to analytical layers become more sophisticated and computing power makes its way deeper into industrial systems.

The efforts of industrial security researchers seem to be paying off. In his keynote talk, Digital Bond founder Dale Peterson noted that the exposure of new vulnerabilities has slowed recently and wondered whether security might be subject to something of apredator-prey cycle, in which weak defenses in industrial controls attract hackers, which draws the attention of security researchers, who in turn drive away the hackers by closing vulnerabilities.

If that’s the case, then we’re looking at a gradual victory for the industrial Internet — as long as we don’t reach the last phase of the predator-prey cycle, in which security researchers, feeling they’ve vanquished their enemies, move on to a different challenge.

This is a post in our industrial Internet series, an ongoing exploration of big machines and big data. The series is produced as part of a collaboration between O’Reilly and GE.

February 29 2012

Four short links: 29 February 2012

  1. StuxNet Deep Dive -- extremely technical talk, but this page has a redux. The presenter's thesis, well-argued, is that StuxNet was absolutely aimed specifically at the Natanz facility. (via Chris Douglas)
  2. Smithsonian Digitizing Items (CNet) -- two-person project, only able to do a few items a year, but still an excellent advance. See also Bronwyn Holloway-Smith's art project around artifact replicas.
  3. Collusion (Mozilla) -- have your browser tell you the third parties tracking your web browsing. (via Hacker News)
  4. Survivor (Github) -- HTML5 implementation of an Atari/C64 game. If you wanted to learn how to write HTML5 arcade games, you could do worse than study this project. (via Andy Baio)

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!