Re: “We keep wiping it off, and it keeps coming back”

[Michael Schmidt <mschmidt () drugstore com>]

I know in the old days (15 years ago) – there were networks that were completely separate from the outside world. I 
remember trying to do telephone tech support to someone on a secure network…

Tell him to do “this”
He puts down the phone, goes through physical security, tries “this”
He comes back though security picks up phone talks to me.

Security allowed nothing that looked like portable storage in or out of the secure area.

Rinse.
Repeat.

Couldn’t even place outside voice calls from the secure network area. I don’t know if they do this today. I also know 
that there used to be setups with removable hard drives where one drive connected you to the secure network and yet 
another drive connected to the unsecure network. – Two different network cards each enabled for different networks.

The good old days

From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
Thor (Hammer of God)
Sent: Monday, October 10, 2011 10:36 AM
To: Christian Sciberras; Michael T
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back”

Consider the source.  It’s “someone close” to the operations, and that only according to this guy.  It could very well 
be a slot-puller in the casino across the street…   I’m always dubious of the reporting of this type of thing where the 
source is some “secret” person, and where there is never any ability to refute claims.

t

From: full-disclosure-bounces () lists grok org uk<mailto:full-disclosure-bounces () lists grok org uk> 
[mailto:full-disclosure-bounces () lists grok org uk]<mailto:[mailto:full-disclosure-bounces () lists grok org uk]> On 
Behalf Of Christian Sciberras
Sent: Monday, October 10, 2011 7:05 AM
To: Michael T
Cc: full-disclosure () lists grok org uk<mailto:full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back”

I'm talking more about their engineers than their network.

If I had my network infected with a virus, I'd immediately deploy some form of logging/monitoring tool (eg, wireshark).

Honestly, it all sounds like they're employing inexperienced engineers. Which is again strange, considering the field 
they're in.

Regarding your bet, see that's already something. Why exactly can't they verify your bet? It isn't like viruses 
suddenly became invisible, is it?

I'm just curious to these questions. It's strange to hear someone saying "we basically have no idea what's going on".


On Mon, Oct 10, 2011 at 3:40 PM, Michael T <mt2410689 () gmail com<mailto:mt2410689 () gmail com>> wrote:
It's a network that's 'detached', or 'segregated', or whatevered from the rest of the world, so it's 'largely immune to 
viruses'.  That likely means they have:
1. NO logging
2. NO anti-virus
3. NO hardening

The very fact that these systems are on a segregated network means they are probably more frail, and more susceptible 
to viruses, than a normal person's laptop.

Immune to viruses...  What a crock of shit.  My bet is that it's coming from the planes.

Mike
On Mon, Oct 10, 2011 at 7:51 AM, Christian Sciberras <uuf6429 () gmail com<mailto:uuf6429 () gmail com>> wrote:
http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

This is news to me.

Moreover, I'm a bit confused as to how they don't track how it's coming back.
I mean, how is it possible that no one stepped in and analyzed how the virus acts and where it came from?

It sounds fish if you ask me.

Chris.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/