There have been recently a rash of high-profile security breaches at Internet sites crucial to authentican and security, for sites, for users, for digital signatures, etc. plus new malware kits to attack SCADA systems used to control critical infrasture (pipelines, factories, water systems, power generation of all types, refineries). They seem to be coming together with the potential to cause widespread disruption and damage.
No system on the Internet is completely secure. The more secure those responsible believe their systems to be, the less it probably is. If you think if possible to have a highly-secure system on the Internet, you probably are aware of many of the types of threats.
I should clarify that not only have I been doing computer and network security for over 40 years, but much of it has been at fairly high levels, from Multics and The Orange Book to NASA JSC, SCADA and S.P.I.D.E.R control systems to real-time global financial systems, and a lot more.
I know what I am talking about, have discussed on DU with increasing levels of alarm how vulnerable we are and how immense the perils we face, and my frustration and anger at those who got us into this mess in spite of all our warnings. Several recent incidents have me very alarmed, not quite to panic. Today, I keep having flashbacks to the Cuban Missile Crisis. Not good.
The hack on RSA is a good example of a multi-stage attack and once breached, not to be trusted. Unfortunately, this time it impacts almost everyone because RSA supplies SecurID and other widely-used services at the very heart of authentication, cryptography, trusted systems, etc. We really don't know how really bad this could be. Make sure to read the comments, too.
http://forums.theregister.co.uk/forum/1/2011/04/04/rsa_hack_howdunnit This describes the recent hack by an Iranian and how he created fake certificates of authentication for web sites and what it means.
http://www.dw-world.de/dw/article/0,,14954119.00/htmlThis one discusses the problem wrt SCADA systems used for process control -- pipelines, factories, refineries, power generation including nuke. Includes links discussing the worm that apparently was specifically targeted at SCADA used at the Iranian nuclear facilities. Remember to these comments, too.
http://www.theregister.co.uk/2011/03/22/scada_exploits_releasedWhile most of these incidents involve Microsoft and increasingly Adobe products, there have been too many with UNIX, Linux, and Open Source applications and breaches at "Trusted" servers hosting development and downloading. And we have little reason to trust that the hardware is safe.
My journal archive has several earlier rants on this subject.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
