[PC-BSD Testing] Would you trust the operation and security of your nuclear facility to Windows, lol?

Ian Robinson fitchkendall at gmail.com
Thu Sep 23 16:42:54 PDT 2010


Would you trust the operation and security of your nuclear facility to
Windows, lol?

Recent news reports link Stuxnet, a highly sophisticated computer worm/root
kit, in an attempt to destroy operations at Iran's Bushehr nuclear reactor.


Stuxnet's code exploited four different unpatched Windows vulnerabilities,
including Windows print spooler.  Microsoft had known about for at least a
year.  "Microsoft confirmed Wednesday that it overlooked the vulnerability
when it was revealed last year."  The code also exploits the same
vulnerability that was used to spread the Conficker virus (a.k.a.
Downadup).  The Stuxnet exploits other flaws and can be used by attackers to
upgrade access privileges on compromised PCs to administrator status.  While
Microsoft says it will patch the flaws in a future update -- Microsoft said
last week that it has not set a timetable for the fixes.

Sources:

http://www.computerworld.com/s/article/9187300/Microsoft_confirms_it_missed_Stuxnet_print_spooler_zero_day_

http://www.pcworld.com/businesscenter/article/205827/was_stuxnet_built_to_attack_irans_nuclear_program.html

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices

Picture of Facility's Control Panel showing Windows Error Message:
http://www.upi.com/News_Photos/Features/The-Nuclear-Issue-in-Iran/1581/2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20100923/d3581343/attachment.html>


More information about the Testing mailing list