Dailydave mailing list archives
COUNTDOWN TO ZERO DAY
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 23 Dec 2014 09:29:40 -0500
It is a lot of work to take compile times from various Stuxnet, Flame, Duqu, etc. DLL's and correlate them with the list of centrifuge replacements that the IAEA puts out from the Iranian nuclear program. You don't have to do any of that work. Kim Zetter has already done so, and compiled them, with some interesting human interest interviews from AV reverse engineers into her book <http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/>. It is worth a read, less for the parts about Stuxnet perhaps, than for how Iran operated as it hid its nuclear weapons program from the public with pathetically transparent lies and chicanery. The book falters for predictable reasons: people not in the Paladin-like white-hat world of AV are not going to talk to Kim about Stuxnet. Her access to sources with insight into the world of mirrors is essentially zero so some of the meat of the book is re-processed from the work of Sanger (who had a General leaker to write from). The entire last chapter (incomplete in the Google Play version of the book) reads like a journalist wrote it, without any internal voice. It tries to predict the future using the events of the book by quoting from various "expert sources". It is the weakest chapter in the book. In the same way the book, while balanced, avoids all the hard questions. Did Microsoft have logs of the Flame authors getting their fake certificate? Were they obviously complicit? Is the US behind the assassinations of the Iranian nuclear scientists? Is that going too far? Are cyber-scientists next? All the AV characters seem mystified that nobody in the US establishment seems curious where Stuxnet came from, or wants to put a lot of effort into investigating it, and Kim seems oblivious when her US-CERT sources blatantly lie to her face about it. What does it /mean /that every AV company seems pretty good at finding every other country's implants, but not their own country's? Mikko Hypponen has commented <http://www.wired.com/2012/06/internet-security-fail/> on the rather emotional state of things when you've sold a product that is supposed to detect malware and it clearly is performing poorly, since Stuxnet and Friends have been around for almost a half-decade? Also missing is the aftermath. It's hard to talk Stuxnet without looking at the Cyber Sword of Justice and the personalities behind the Iranian cyber team - many of whom are public and active on twitter/facebook/DD etc. Without amore global view <http://imgur.com/gallery/E4tFuD6> of the conflict (and listening to Halvar) you miss the signs pointing directly to Sony <https://docs.google.com/presentation/d/1pD_BRXg6sgWdNtIEnTpZYXqQ2MEoAGdfrQsvuj9YeDA/edit?pli=1#slide=id.p>. -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- COUNTDOWN TO ZERO DAY Dave Aitel (Dec 23)
- Re: COUNTDOWN TO ZERO DAY Andre Gironda (Dec 24)
- Re: a wilderness of cybermirrors Richard Thieme (Dec 26)