jofny - Slashdot User

The DNSSEC Chicken & Egg Challenge 77

Posted by CmdrTaco on Monday December 20, 2010 @01:24PM from the not-tonight-i-have-a-headache dept.

wiredmikey writes "To begin DNSSEC implementation or not: that is the question facing a host of enterprises, notably any that engage in e-commerce or online financial transactions (online retailers, banks, investment firms, hospitality and travel, etc.). These businesses find themselves in a catch 22; there are obvious security benefits to adopting Domain Name System Security Extensions or DNSSEC, but there are some severe downsides to being too early in the adoption curve – downsides that are becoming more and more apparent every day. While DNSSEC is getting rave reviews for successful deployment at the foundation levels of the DNS, problems are lurking just ahead, since very few widely utilized end-user applications are able to actually utilize DNSSEC at all. Simply put, DNSSEC can only work if it is supported throughout the hierarchy from publisher to visitor..."

Comment Re:Full ICS-CERT advisory on Stuxnet (Score 1) 167

by jofny on Saturday September 18, 2010 @10:20AM (#33619746) Attached to: Stuxnet Worm Infected Industrial Control Systems

Sure, but that's not specific to this particular mess. And, as this doc clearly wasn't analysis of the general impact of worms and malware on control systems in general, they didnt need to say it here.

Comment Full ICS-CERT advisory on Stuxnet (Score 4, Informative) 167

by jofny on Friday September 17, 2010 @06:56PM (#33616154) Attached to: Stuxnet Worm Infected Industrial Control Systems

is here: http://www.us-cert.gov/control_systems/pdf/ICSA-10-238-01B%20-%20Stuxnet%20Mitigation.pdf Probably a little more accurate than crappy media reporting.

Comment Re:Wow (Score 4, Informative) 167

by jofny on Friday September 17, 2010 @06:53PM (#33616138) Attached to: Stuxnet Worm Infected Industrial Control Systems

You can't change the Siemens passwords in this case (and have things keep working).

Stuxnet Worm Infected Industrial Control Systems 167

Posted by Soulskill on Friday September 17, 2010 @06:08PM from the going-for-the-gusto dept.

Sooner Boomer writes "ComputerWorld has an article about the Stuxnet worm, which was apparently designed to steal industrial secrets and disrupt operations at industrial plants, according to Siemens. 'Stuxnet has infected systems in the UK, North America and Korea, however the largest number of infections, by far, have been in Iran. Once installed on a PC, Stuxnet uses Siemens' default passwords to seek out and try to gain access to systems that run the WinCC and PCS 7 programs — so-called PLC (programmable logic controller) programs that are used to manage large-scale industrial systems on factory floors and in military installations and chemical and power plants.' If the worm were to be used to disrupt systems at any of those locations, the results could be devastating."

Comment Re:More common? (Score 1) 58

by jofny on Sunday July 25, 2010 @11:56AM (#33021400) Attached to: Stuxnet May Represent New Trend In Malware

Actually, you are factually incorrect here. The methodologies youre describing do make it more difficult, but we have plenty of insight into what's been happening - it's just either close hold or not making the news. Just because -you- don't know, don't assume "we" don't know.

Comment Re:oh, please (Score 1) 147

by jofny on Monday July 05, 2010 @04:51PM (#32803108) Attached to: TSA Internally Blocking Websites With 'Controversial Opinions'

I fully expect /. to be blocked by TSA there
Ionno - No one gave a crap that I looked at Slashdot when I worked there. Good job taking a poorly worded bureaucratic ass-covering and attributing Dan Brown levels of +eleventy-billion conspiracy powers to it. And feel free to jump to my website, resume, art site, whatever for a pretty decent counter-example to your a$$-hattery here.

//God, some people, they do need babysitters and soft walls.

Anti-Speed Camera Activist Buys Police Department's Web Domain 680

Posted by samzenpus on Tuesday June 08, 2010 @11:54AM from the I-bought-the-law dept.

Brian McCrary just bought a website to complain about a $90 speeding ticket he received from the Bluff City PD — the Bluff City Police Department site. The department let its domain expire and McCrary was quick to pick it up. From the article: "Brian McCrary found the perfect venue to gripe about a $90 speeding ticket when he went to the Bluff City Police Department's website, saw that its domain name was about to expire, and bought it right out from under the city's nose. Now that McCrary is the proud owner of the site, bluffcitypd.com, the Gray, Tenn., computer network designer has been using it to post links about speed cameras — like the one on US Highway 11E that caught him — and how people don't like them."

Comment Re:Cyber warfare: FUD for vendors. (Score 1) 205

by jofny on Tuesday June 08, 2010 @07:56AM (#32494322) Attached to: Is Cyberwarfare Fiction?

Heh. That would be "most of them". There's a reason there're all these bills going before congress about critical infrastructure and cyber security.

Comment Re:Cyber warfare: FUD for vendors. (Score 1) 205

by jofny on Monday June 07, 2010 @12:28PM (#32485154) Attached to: Is Cyberwarfare Fiction?

Not all parts are easily or quickly replaceable and most things aren't designed correctly.

Comment Re:Cyber warfare: FUD for vendors. (Score 4, Insightful) 205

by jofny on Monday June 07, 2010 @11:02AM (#32483952) Attached to: Is Cyberwarfare Fiction?

Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.

You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode. Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.

Comment Different how? (Score 2, Interesting) 42

by jofny on Saturday March 20, 2010 @12:15PM (#31549910) Attached to: IRS Security Faults Leave Taxpayer Data At Risk

Im not a fan of the IRS, but let's be real: 1. There are almost no government agencies or civilian organizations that don't have fairly terrible security...2. These checkbox requirements dont really tell a story. 2. These checkbox requirements dont tell a story of the actual level of security. You'd have to take a look at the whole architecture to figure out whether, for example, those UNIX passwords actually were important or not.

Comment Moratorium (Score 4, Insightful) 452

by jofny on Sunday February 28, 2010 @09:34AM (#31305078) Attached to: US Gov't. Ending Its Hands-Off-the-Internet Stance

There should be a moratorium on government internet legislation of any kind until the first crop of kids who grew up with it and understand it are in power. The current group doesnt and will do long lasting damage - even if their intentions were/are good.

Comment Re:Nervous reactions (Score 1) 452

by jofny on Sunday February 28, 2010 @09:32AM (#31305066) Attached to: US Gov't. Ending Its Hands-Off-the-Internet Stance

No. 1. That wasnt run by the government and it was a joke - even to the government. 2. Do you think the government changes decades old policy in the space of a week or two with such large implications? Not without a lot more motivation.

However, the simulation WAS accurate insofar as it portrayed how the gov't deals with the internet...so it's going to be a fun time the more they get involved ;)

Comment Re:Internet to Powerful, for governments (Score 2, Insightful) 452

by jofny on Sunday February 28, 2010 @09:27AM (#31305038) Attached to: US Gov't. Ending Its Hands-Off-the-Internet Stance

You hit it exactly. They're interested because of its ability to affect political power. Everything other reason is just an excuse.

Slashdot Top Deals