informIT: Stuxnet = hard core software security

[Gary McGraw <gem () cigital com>]

hi sc-l,

The initial flurry of coverage about the Stuxnet worm (all about 0days, rootkit stealth, and botnet CC) was barking up 
the wrong tree.  Turns out that Stuxnet was aimed at injecting code directly into a programmable logic controller and 
thus directly impacting a physical system.  On Tuesday, I was in the room with a bunch of hard core process control 
engineers when the first analysis was published.  Stunning.  And awful.

Here are my thoughts about stuxnet in "How to p0wn a Process Control System" 
<http://www.informit.com/articles/article.aspx?p=1636983>

It is critical that we all understand that software security goes well beyond web applications.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________