Useful Links
SMBlog
RSS feed RSS icon
About this blog
About me
Archives of Dave Farber's IP list
Archives of RISKS Digest
The Legal Information Institute at Cornell University
Thinking Security
Firewalls and Internet Security: Repelling the Wily Hacker
The Electronic Frontier Foundation
The Tor Project
The Center for Democracy and Technology
Freedom to Tinker blog
Bruce Schneier's blog
Matt Blaze's blog
Matthew Green's A Few Thoughts on Cryptographic Engineering
Krebs on Security
July 2010
Comments on the National Strategy for Trusted Identities in Cyberspace (11 July 2010)
Clarke and Knake's "Cyberwar" (13 July 2010)
How DRM Can Hurt Sales (15 July 2010)
Scary Security Developments (16 July 2010)
Recent Posts
A Last Blog Post About Voting (4 November 2024
Voting: The Role of Process (3 November 2024
Voting While Temporarily Disabled (31 October 2024
My Retirement Talk (9 May 2024
Brief Notes on Computer Word and Byte Sizes (7 March 2023
In Memoriam: Frederick P. Brooks, Jr. --- Personal Recollections (18 November 2022
Attacker Target Selection (5 July 2021
Where Did "Data Shadow" Come From? (26 June 2021
Vaccine Scheduling, APIs, and (Maybe) Vaccination Passports (2 April 2021
Security Priorities (25 February 2021
Archive
2007 (43)
2008 (39)
2009 (21)
2010 (15)
2011 (16)
2012 (14)
2013 (6)
2014 (16)
2015 (14)
2016 (6)
2017 (17)
2018 (16)
2019 (17)
2020 (15)
2021 (4)
2022 (1)
2023 (1)
2024 (4)
 
Full Index
Tag Index

Scary Security Developments

16 July 2010

There’s a report out of a new vulnerability in Windows. That alone isn’t particularly significant. There are, however, two interesting and scary things about the malware that exploited this flaw.

First, the code included two drivers that were digitally signed by a reputable company, Realtek. That is, the source of the code was strongly identified. Perhaps such schemes aren’t that helpful as a security measure.

The second thing I noticed was the target of the code: a SCADA system. If you’re going to launch a cyberwar or engage in cyberextortion, this is the sort of tool you want.

So — we have a 0-day attack that has bypassed a crucial authentication scheme to do really dangerous things to critical infrastructure, and it’s in the wild. That’s scary.

https://www.cs.columbia.edu/~smb/blog/2010-07/2010-07-16.html