/ SUBMIT / SEARCH / STORE / MENU
Cory Doctorow / 2:00 pm Fri, Nov 1, 2019

My review of Sandworm: an essential guide to the new, reckless world of "cyberwarfare"

For years, I've followed Andy Greenberg's excellent reporting on "Sandworm," a set of infrastructure-targeted cyberattacks against Ukraine widely presumed to be of Russian origin, some of which escaped their targeted zone and damaged systems around the world. Read the rest

Cory Doctorow / 7:40 am Wed, Feb 8, 2017

Son of Stuxnet: "invisible," memory-resident malware stalks the world's banks

Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives. Read the rest

Xeni Jardin / 9:00 am Fri, Jun 1, 2012

Stuxnet, the worm that targeted Iran's nuclear facilities, was created by US and Israel

Iranian President Mahmoud Ahmadinejad inspects centrifuges at a uranium enrichment plant.

Reporting for the New York Times, David Sanger confirms what internet security researchers suspected all along: Stuxnet, the worm that targeted computers in Iran's central nuclear enrichment facilities, was a US/Israeli project and part of an expanded effort at cyberweaponry by the Obama administration. Read the rest

Cory Doctorow / 1:50 pm Tue, Apr 10, 2012

Forever-day bugs

A nice piece of frightening securityspeak to conjure with: forever-day bugs, which are known bugs that the vendor has no intention of patching. These are often found in control systems, and are the sort of thing that Stuxnet exploited to attack the Iranian nuclear program. These controllers are also found on other kinds of industrial lines and, of course, in aircraft. "Forever day is a play on 'zero day,' a phrase used to classify vulnerabilities that come under attack before the responsible manufacturer has issued a patch. Also called iDays, or 'infinite days' by some researchers..." [Ars Technica] Read the rest