I wasn't expecting much of this, but (apart from the irritating graphics and spurious code), I was quite impressed. Good interviews with some seriously smart people, and well edited together into an interesting story.
A bit OT for d-i-y but we did got a plug for the Mossad history book: "Spies Against Armageddon". That the Iranians could open a sluice gate on an American dam (albeit they chose just a little one) was a tad worrying.
rusty
Yes it was good in that it could actually hold up as a radio documentary in my view. I enjoyed it with no vision.
It is now rather more obvious why relations between use and Israel are a bit strained for some years. Not only did they try to force the US into getting involved with military action, when they used the hack, they changed it without anyone telling the other parties. Talk about shooting ones self in the foot!
In any case paranoia seems to be being substituted for facts in the Iran situation. They are not stupid, and although they may have the ability to build nuclear weapons, actually using them would be counter productive as the rest of the world would obliterate them if they did in anything other than a defensive scenario by which point we would all be doomed in any case.
I'd be more worried about what non state organisations have and what North Korea does myself. Brian
With Obama (my Thunderbird just auto-corrected it to Osama... says it all really) in the White House I can't blame them for not taking his opinion into consideration.
En el artículo , newshound escribió:
It's been available since last February, so I'm not sure why the BBC is passing it off as their own and saying "first shown 16 jan 2017"
but yes, a good documentary save for the annoying CGI.
Well this predated him of course it was Bush the younger who agreed to using it first. Brian
In what way are the BBC passing if off as their own?
It clearly says in the credits who produced it
tim
En el artículo , tim... escribió:
It's "BBC branded" on the relevant iPlayer webpage, and touted as part of the BBC's own Storyville series. Not one mention that it's not a BBC production, much less that it was first produced a year ago.
They're even offering to sell it on the BBC Store for a fiver!
who reads the credits?
Those that want to kn ow who made it or contributed to the making of it.
Um,
" BBC Four - Storyville Series - showcasing the best in international documentaries."
The raison d'etre of the branding is that it specifically isn't a program made by the BBC.
tim
newshound used his keyboard to write :
If you Google 9500h and PLC, there is a lot more on the subject to be found..
This is the first paragraph of the first link which google gives me:
"We first mentioned that W32.Stuxnet targets industrial control systems (ICSs) -- such as those used in pipelines or nuclear power plants -- 2 months ago in our blog here and gave some more technical details here."
As it can't resist mentioning nuclear power plants, can I throw in a little of what I know about their control systems?
The first two generations of UK commercial nuclear plant (Magnox and AGR) pre-dated even 8 bit microprocessors, so their original control systems of course had no such vulnerabilities.
The UK nuclear industry is very conservative, so the C&I guys have always been cautious about PLCs and the like, but even without that the UK regulator (ONR, formerly NII) has always been very concerned about replacing traditional electromechanical systems with anything which suggests "computers" for at least two decades, from my personal and direct experience. The original concern related to the untestability of anything a bit complicated, the possibility that there *might* be some unique combination of inputs or circumstances where code would fail. Later, of course, vulnerabilities to "hacking" became another concern.
As time has moved on, it has become impossible to boycott computers completely, for example "paper" chart recorders became more or less obsolete and were replaced with scrolling display types which rely on PLCs or similar. I was involved with one project which needed to have a high integrity winch, the sort of thing which these days will have all sorts of current, torque, and speed sensors, coupled to limit switches and brakes by some sort of PLC. The main design contractor offered a clever electromechanical system at least 30 years old, which they had used a lot (I suspect in sensitive military as well as civil systems), and the regulator was very happy with that. Our problem was that it had no CE marking, and with design concepts and details lost in the mists of time we were told there was no way of achieving it. I don't know how that was resolved, but this was the system which was used.
But the key safety systems in nuclear power plant are still electromechanical. Obviously, it is possible that malicious code could get onto the site, but it could not make a reactor blow up or a turbine overspeed: at worst, systems would go into a controlled shut-down or trip.
[35 lines snipped]
AFAIK, Stuxnet was aimed at nuclear enrichment plants, not power plants, but I imagine few journalists and even fewer bloggers appreciate the difference. After all, they had to change the name of NMR scanners, since it had a Scary Word in it.
AISB, systems which are not connected to the Internet will not be vulnerable to hacking. You need to avoid Windows too.
Any computer not networked is impossible to remote hack by any other method than using the human operator.
Its far more likely that an operator that thinks his system is invulnerable will be hackable than a windows user that thinks he is vulnerable.
You can also load a large, variable, and therefore unknown to the hacker, set of anti hacking tools on some OSes and that makes it far more difficult to hack than something you know all about.
Quite so. Which raises the question. If bad guys wanted to hack such an isolated system, say a network of machines running a power station or dam, what methods are available to them apart from suborning an operator?
physically getting a connection to the network is possible. Basically plugging in say a wifi hotspot or a 4G phone-as-router...
However its unlikely most of these power stations even have networks, for control, they are that old...
IIRC theres one running on a PDP11 still.
Hopefully, neither of you work in IT Security.
You can hack a computer from any attached terminal on the site.
One common trick is discarding USB memory sticks where target plant operatives are likely to find them or using visiting maintenance engineers at other less secure sites as intermediate vectors.
This seemed to be how the original Stuxnet was intended to be done until the Israeli's made it into a profligate self replicating worm.
Humans are invariably the weakest point. Guessable passwords or passwords on postits attached to the console being all too common!
It was the way they used multiple (valuable) zero day exploits in the same virtually error free code that effectively signed it. Releasing it into the wild with such a profligate propagation mechanism was bound to result in it attracting the attention of the AV community. Now that it is out there similar variations on that theme become easier to do. It isn't possible to put the genie back in the bottle once its been used.
Our own infrastructure has been put at risk. I liked their demo blowing up a balloon for 5s with and without the malign influence of Stuxnet.
Just because you are paranoid doesn't mean they are not all out to get you.
I think a nuclear capable North Korea is a very serious problem. It may be that in the end China has to sort them out.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.