Quite interesting news:
An early version of Stuxnet dating back to 2009 contained executable code that targeted what was then an unknown security flaw in Microsoft Windows, a discovery that brings the number of zero-day vulnerabilities exploited by the malware to at least five, researchers from Kaspersky Lab said Monday morning. Even more significantly, they discovered that a 6MB chunk of code found in the Stuxnet.A (1.0) variant contained the guts of today’s Flame. In addition to unearthing previously overlooked data about how Stuxnet hijacked targeted networks, the discovery is important because it establishes the first positive connection between the developers of Stuxnet and those behind Flame, which came to light two weeks ago as a highly sophisticated espionage platform that targeted computers in Iran and other Middle Eastern countries.
The techie in me is boggled at the resources they poured into discovering zero-day exploits, applications to exploit them, and the entire malware package wrapped around it.
The citizen in me is just amazed that the U.S. government is comfortable committing so much sabotage, espionage, and military action against nations with which we are not at war. It’s just another reminder that you cannot trust your government.
via Discovery of new “zero-day” exploit links developers of Stuxnet, Flame | Ars Technica.
Government will always be the most dangerous threat to cyberspace, and to freedom in general. Does your DRP cover bureaucrats going bonkers?
Such seizures are becoming commonplace under the Obama administration. For example, the U.S. government program known as Operation in Our Sites acquires federal court orders to shutter sites it believes are hawking counterfeited goods, illegal sports streams and unauthorized movies and music. Navas said the U.S. government has seized 750 domain names, “most with foreign-based registrars.”
via Uncle Sam: If It Ends in .Com, It’s .Seizable | Threat Level | Wired.com.
The Wall Street Journal cites unnamed sources as saying that the NSA has issued a $100-million contract to defense contractor Raytheon to build a system dubbed “Perfect Citizen,” which will involve placing “sensors” at critical points in the computer networks of private and public organizations that run infrastructure, organizations such as nuclear power plants and electric grid operators.
In an email obtained by the Journal, an unnamed Raytheon employee describes the system as “Big Brother.”
“The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security,” the email states. “Perfect Citizen is Big Brother.”
You know, I don’t feel any safer knowing the government twisted the NSA’s mandate to spying on everyone inside the nation. For some reason, I don’t think the government’s “security” goals are the same as my own.
via Report: NSA creating spy system to monitor domestic infrastructure | Raw Story.