Iranian President Mahmoud Ahmadinejad inspects centrifuges at a uranium enrichment plant.
Reporting for the New York Times, David Sanger confirms what internet security researchers suspected all along: Stuxnet, the worm that targeted computers in Iran's central nuclear enrichment facilities, was a US/Israeli project and part of an expanded effort at cyberweaponry by the Obama administration. Read the rest
A nice piece of frightening securityspeak to conjure with: forever-day bugs
, which are known bugs that the vendor has no intention of patching. These are often found in control systems, and are the sort of thing that Stuxnet exploited to attack the Iranian nuclear program. These controllers are also found on other kinds of industrial lines and, of course, in aircraft. "Forever day is a play on 'zero day,' a phrase used to classify vulnerabilities that come under attack before the responsible manufacturer has issued a patch. Also called iDays, or 'infinite days' by some researchers..." [Ars Technica] Read the rest