Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back”

[Christian Sciberras <uuf6429 () gmail com>]

Well, I know a local datacenter (can't be more than 10 years old) makes use
of a Faraday cage around it.
And it doesn't really keep any mission-critical equipment, so I guess others
out there do the same.

Depending on the type of cage/shielding (don't know about the local one) it
can completely block communications...






On Mon, Oct 10, 2011 at 10:17 PM, Michael Schmidt <mschmidt () drugstore com>wrote:

>  I have no idea, I assume – this is usually what they mean when they talk
> about an “air barrier”****
>
> ** **
>
> *From:* evejou [mailto:girl () techn0ev3 net]
> *Sent:* Monday, October 10, 2011 1:04 PM
> *To:* Michael Schmidt
> *Cc:* Thor (Hammer of God); Christian Sciberras; Michael T;
> full-disclosure () lists grok org uk
>
> *Subject:* Re: [Full-disclosure] “We keep wiping it off, and it keeps
> coming back”****
>
> ** **
>
> As someone kind of young (and thus no historical recollection), I'm kind of
> surprised that this is talked about in past-tense. Does this not happen
> anymore? I could see how this could get super annoying after awhile.****
>
> ** **
>
> ** **
>
> On Mon, Oct 10, 2011 at 2:09 PM, Michael Schmidt <mschmidt () drugstore com>
> wrote:****
>
> I know in the old days (15 years ago) – there were networks that were
> completely separate from the outside world. I remember trying to do
> telephone tech support to someone on a secure network…****
>
>  ****
>
> Tell him to do “this”****
>
> He puts down the phone, goes through physical security, tries “this”****
>
> He comes back though security picks up phone talks to me.****
>
>  ****
>
> Security allowed nothing that looked like portable storage in or out of the
> secure area.****
>
>  ****
>
> Rinse.****
>
> Repeat.****
>
>  ****
>
> Couldn’t even place outside voice calls from the secure network area. I
> don’t know if they do this today. I also know that there used to be setups
> with removable hard drives where one drive connected you to the secure
> network and yet another drive connected to the unsecure network. – Two
> different network cards each enabled for different networks.****
>
>  ****
>
> The good old days****
>
>  ****
>
> *From:* full-disclosure-bounces () lists grok org uk [mailto:
> full-disclosure-bounces () lists grok org uk] *On Behalf Of *Thor (Hammer of
> God)
> *Sent:* Monday, October 10, 2011 10:36 AM
> *To:* Christian Sciberras; Michael T****
>
>
> *Cc:* full-disclosure () lists grok org uk
> *Subject:* Re: [Full-disclosure] “We keep wiping it off, and it keeps
> coming back”****
>
>  ****
>
> Consider the source.  It’s “someone close” to the operations, and that only
> according to this guy.  It could very well be a slot-puller in the casino
> across the street…   I’m always dubious of the reporting of this type of
> thing where the source is some “secret” person, and where there is never any
> ability to refute claims.****
>
>  ****
>
> t****
>
>  ****
>
> *From:* full-disclosure-bounces () lists grok org uk
> [mailto:full-disclosure-bounces () lists grok org uk] *On Behalf Of *Christian
> Sciberras
> *Sent:* Monday, October 10, 2011 7:05 AM
> *To:* Michael T
> *Cc:* full-disclosure () lists grok org uk
> *Subject:* Re: [Full-disclosure] “We keep wiping it off, and it keeps
> coming back”****
>
>  ****
>
> I'm talking more about their engineers than their network.****
>
>  ****
>
> If I had my network infected with a virus, I'd immediately deploy some form
> of logging/monitoring tool (eg, wireshark).****
>
>  ****
>
> Honestly, it all sounds like they're employing inexperienced engineers.
> Which is again strange, considering the field they're in.****
>
>  ****
>
> Regarding your bet, see that's already something. Why exactly can't they
> verify your bet? It isn't like viruses suddenly became invisible, is it?**
> **
>
>  ****
>
> I'm just curious to these questions. It's strange to hear someone saying
> "we basically have no idea what's going on".****
>
>  ****
>
>  ****
>
> On Mon, Oct 10, 2011 at 3:40 PM, Michael T <mt2410689 () gmail com> wrote:***
> *
>
> It's a network that's 'detached', or 'segregated', or whatevered from the
> rest of the world, so it's 'largely immune to viruses'.  That likely means
> they have:
> 1. NO logging
> 2. NO anti-virus
> 3. NO hardening
>
> The very fact that these systems are on a segregated network means they are
> probably more frail, and more susceptible to viruses, than a normal person's
> laptop.
>
> Immune to viruses...  What a crock of shit.  My bet is that it's coming
> from the planes.
>
> Mike****
>
> On Mon, Oct 10, 2011 at 7:51 AM, Christian Sciberras <uuf6429 () gmail com>
> wrote:****
>
>   http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/****
>
>  ****
>
> This is news to me.****
>
>  ****
>
> Moreover, I'm a bit confused as to how they don't track how it's coming
> back.****
>
> I mean, how is it possible that no one stepped in and analyzed how the
> virus acts and where it came from?****
>
>  ****
>
> It sounds fish if you ask me.****
>
>  ****
>
> Chris.****
>
>  ****
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/****
>
>   ****
>
>  ****
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/****
>
>
>
> ****
>
> ** **
>
> --
> ---
> girl () techn0ev3 net
>
> Finché c'è vita, c'è speranza.
> As long as there is life, there is hope. ****
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/