Missed lesson of Stuxnet.
This blog set to display 20 days of posts. Sorry Blogspot only shows 3 days, waiting for a Google fix, G
Missed lesson of Stuxnet.
Missed lesson of Stuxnet.
While everyone is focused on the Threat
many have missed the context.
This type of WMD can only be programed
by a State because of the cost, time and expertise
to develop it.
Stuxnet was conceived to by pass all anti-virus
and anti-malware system. And it successfully did
so. No known security suite could stop it.
Iran and the Security Vendors can't get rid of it.
Iran has tried for 5 months now to rid its computer
systems of stuxnet, and only achieved momentary
success.
It can infect computers not connected to the WWW.
This context says the paradigm for computer security
is a total failure.
The security vendors turn out to be "patent medicine"
purveyors, Sellers of nostrum remedium, snake oil.
Proof of concept, there is NO security on the WWW
for computers.
Further proof even Google caretaker of the worlds
biggest data base, holder of humankind's personal
secrets couldn't stop Chinese hackers. I'm convinced
it was an inside job. Google is so big, world wide in scope
of servers, even knowing where to go to steal prime code
had to have inside info. Spys inside Google is a National
Security risk.
The Pentagon and Sate Dept. couldn't keep hackers
out. they sat inside DOD for 3 days just observing.
These proof of concept attacks portend a massive
cyber strike crippling not only a state but our civilization.
Our seminal song a dos attack on the WWW nodes,
song we have been singing since 2007, goes unheard.
As US cyber forces continue to focus on defending
intranets, leaving the WWW unprotected.
These capable US cyber forces will find themselves
behind a well defended intranet un-connected to
any thing else, with the WWW down, in effect an
useless safe intranet without connections to the
outside world.
Conflicker is such a botnet capable of bringing
down the WWW with an attack on the nodes.
And Conflicker continues unabated. Security
vendors unable to take it down for over 3 yrs
now. And researchers able to penetrate some
botnets have been eunuchs. Ball-less kids
unwilling to take a shot at the botnets.
Lacking in any intestinal fortitude.
The failure of the WWW paradigm lies with
the Operating systems. MicroSoft continues
to focus on bells and whistles rather than core
security.
This lack of security on the WWW puts civilization
as we know it at risk.
The recent attacks by Anonymous point to
the desire to destroy without consideration
for the cause. Just as Wikileaks has duped
Anonymous so has al qaeda duped Islam.
The paradigm to bring down the whole
system is there, the desire is there,
and we have seen proofs of concept.
Its only a matter of time.
Security Vendors are an epic fail,
they are not capable of securing MS
operating system.
The hackers have won,
the "coup de gras" just has not yet
been administered yet.
We are sheep awaiting the slaughter.
Buying snake oil security suites.
Naked with our Heads buried in the Sand.
We must pay attention to the security
Context, and start a crash program
for a secure OS.
Gerald
War Anthropologist
Tactical Internet Systems analyst.
.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home