Archive for July, 2010

The good news is they’re not blowing anything up

July 23, 2010

Siemens warns users: Don’t change passwords after worm attack | Security Central – InfoWorld

According to Byres, however, changing the WinCC password would prevent critical components of the system from interacting with the WinCC system that manages them. “My guess is you would basically disable your whole system if you disable the whole password.”

New virus targets industrial secrets

To get around Windows systems that require digital signatures — a common practice in SCADA environments — the virus uses a digital signature assigned to semiconductor maker Realtek. The virus is triggered anytime a victim tries to view the contents of the USB stick. A technical description of the virus can be found here (pdf).

It’s unclear how the authors of the virus were able to sign their code with Realtek’s digital signature, but it may indicate that Realtek’s encryption key has been compromised. The Taiwanese semiconductor maker could not be reached for comment Friday.

In many ways, the virus mimics proof-of-concept attacks that security researchers like Wesley McGrew have been developing in laboratories for years. The systems it targets are attractive to attackers because they can provide a treasure-trove of information about the factory or utility where they’re used.

Back in the old days, when SCADA systems ran unconnected to absolutely anything else, a hardcoded password might not have been such a bad idea: it lets you connect to other bits of off-the-shelf software that insist on a password even when it’s not necessary. And it avoids lousy software developers writing yet another password storage and management package that just breaks when you need it most.

But that was 20 years ago.

The other kinda funny thing about this exploit is that keeping your SCADA system away from the internet isn’t good enough. It’s the USB sticks you have to watch out for.

When even the good news is horrific

July 21, 2010

BBC News – Scientists say vaginal gel cuts HIV-infections by half

They said the gel, containing Aids drug tenofovir, cut infection rates among 889 women by 50% after one year of use, and by 39% after two and a half years.

If you look at the numbers they report, only 8% of women in the treatment group became infected with HIV over the course of 2.5 versus 13% in the placebo group. Which is great. And means that over the course of, say, 12.5 years at the same rate of sexual activity, if the efficacy remains constant, only about a third of the women in the treatment group will become infected, versus a little more than half of untreated women. Only about a third. (And over 25 years, the numbers would be “only” 60% versus 75% in the control group.)

This is what success looks like, and it’s very sad.