Thursday Morning: Mostly Cloudy with a Chance of Trouble

This video came from a random browse for new artists. I don’t know yet if I have an opinion; first minute is rocky, but improves. Think I need to sample some more by this artist. You can find Unknown Mortal Orchestra on SoundCloud.com if you want to sample more without the video — I do like the cover of Sitting on the Dock of the Bay. Verdict still out on the more experimental atmospheric stuff.

Looking for more trouble…

House passed Email Privacy Act (H.R. 699) 419-0
Sampling of reports: Phys.org | Reuters  |  Forbes

A few opinions: ACLU | EFF  |  Americans for Tax Reform

Wow. An issue everybody could love. Do read the Forbes bit as they had the most objections. Caveat: You may have to see John Stossel’s mug if you read the ATR’s opinion.

Next up: Senate, which is waffling thanks to Grassley

But it was unclear if Senate Judiciary Committee Chairman Chuck Grassley, who holds jurisdiction over the legislation, intends to move it forward during an election year.

The Iowa Republican will review the House bill, consult with stakeholders and his committee “and decide where to go from there,” a spokeswoman told Reuters in an email.

Apple crisp

  • Apple’s stock tanked yesterday falling 7% in response to a drop in demand for iPhones; Apple suppliers likewise took a hit. Come on, there’s a finite number of smartphone users, and the limit must be reached some time. Shouldn’t have rattled the market so much — not like the market didn’t notice China’s market woes and subsequent retrenchment of purchasing over the last 6 months, too.
  • FBI said it wouldn’t disclose the means by which a “grey hat hacker” cracked the San Bernardino shooter’s work-issued iPhone 5c. Wouldn’t, as in couldn’t, since the FBI didn’t acquire intellectual property rights to the method. Hmm.
  • coincidentally, FBI notified Apple of a vulnerability in older iPhones and Macs, though an unnamed source said the problem had already been fixed in iOS9 and in Mac OS C El Capitan. Nice of FBI to make an empty gesture validate the problem.
  • And because I mentioned it, Apple Crisp. I prefer to use Jonathans and Paula Reds in mine.

Malware everywhere

  • The Gundremmingen nuclear power plant in Bavaria found malware in computers added in 2008, connected to the fuel loading system. Reports say the malware has not posed any threat, though an investigation is under way to determine how the plant was infected. Not many details in German media about this situation — timing and method of discovery aren’t included in news reports.
  • A report by Reuters says the malware was identified and includes “W32.Ramnit” and “Conficker” strains. The same report implies the malware may have been injected by devices like USB sticks found in the plant, though the report does not directly attribute the infection to them.
  • BONUS: Reuters quoted cybersecurity expert Mikko Hypponen of F-Secure about the nuclear plant’s infection — but Hypponen elaborated on the spread of viruses, saying that

    he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.

    Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger.

    Pretty sure Reuters hadn’t counted on that tidbit.

  • Give their report on Gundremmingen’s infection, it’s odd that Reuters’ op-ed on the state of nuclear safety post-Chernobyl made zero reference to cybersecurity of nuclear facilities.

Miscellania

  • Online gaming community Minecraft “Lifeboat” breach exposed 7 million accounts (NetworkWorld) — Minecraft took its tell notifying users because it says it didn’t want to tip off hackers. Wonder how many of these accounts belonged to minors?
  • On the topic of games, feckless Sony leaks like a sieve again, tipping off new game (Forbes) — Jeebus. Sony Group’s entire holding company bleeds out information all the time. This latest leak is about the next version of Call of Duty. Not certain which is more annoying: yet another Sony leak, or that “Infinite Warfare” is the name of the game.
  • Open source AI consortium OpenAI shows a bit of its future direction (MIT Technology Review) — Looks like the near term will be dedicated to machine learing.
  • Just another pretty face on Cruz’ ticket may bring conflict on H-1B visas (Computerworld) — Seems Cruz wants to limit low-cost H-1B labor, and new VP choice Fiorina is really into offshoring jobs. Commence headbutting. (By the way, I’m being snarky about ‘another pretty face.’ They deserve each other.)

I may have to quit calling these morning roundups given all the scheduling issues I have on my hands right now. At least it’s still morning in Alaska and Hawaii. Catch you here tomorrow!

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.
13 replies
  1. lefty665 says:

    Curious that they didn’t run anti virus/malware over generations of windows based powerplant computers. Both worms have been detected and cleaned long and merry ago. Conficker includes a keylogger which could profoundly compromise the fuel process, and it also can turn infected computers into bots. How’s that for a joy, your local nuclear plant as part of a DDOS attack? Ramnit is a little newer, ca 2010, and allows remote access and operation.
    .
    Makes ‘ya wonder if they were just commercial malware, or state level precursors of Stuxnet et al. In either case, the lack of basic security, like in Bangladesh is scary.

  2. P J Evans says:

    Jeebus, the company I worked at disabled the USB ports in our computers. (The people who really needed to use them had to get authorization. The tech guys knew what jumpers to reset.)

  3. earlofhuntingdon says:

    Fiorina. Cruz couldn’t have made a better choice if he wanted to hollow out America. Next, he’ll nominate the head of Bain as his Economics Czar.

    • bloopie2 says:

      Well, think of Carly this way: (1) She’s good at losing money for her employer. (2) the USA is likely the world’s largest money loser. (3) What’s not to like?

  4. Rayne says:

    lefty665 and P J Evans — probably worth keeping in mind the equipment might be process control stuff which often lasts for more than a decade, not often patched/upgraded, and isn’t generally attached to the internet. Gets updated by CD or USB device, so they can’t lock up USB ports, must trust USB drives. And did the drives come into the plant before Conficker or Ramnit were identified as malware by security experts? Could have been there that long.

    I would not be one bit surprised to find process control equipment involved was a combo of Microsoft Win + Siemens, with a thumb drive provided early after install to facilitate patch/upgrade.

    I have long thought that Siemens was in on Stuxnet as a covert partner, that at least one of the entities felt they could head off long-term problems at Natanz and any other nuke facility by ensuring that ALL Siemens PLCs were compromised or at least accessible when necessary.

    • P J Evans says:

      The tech guys we had used CDs for updating, but did it more frequently over the internal network. (They’d do it with their admin’s login, generally after 4pm.)

  5. bloopie2 says:

    Guardian, today: “President Trump fills world leaders with fear: ‘It’s gone from funny to really scary’. Most of the world seems to agree a Donald Trump presidency is a disturbing possibility that would inflict unthinkable damage, Guardian reporters found”.
    .
    Let’s think about that one. To what extent are we running America for the good of the rest of the world? Should we let the opinions of other world leaders (many of whom are schlock) inform our decision as to who our leader should be? Are these world leaders concerned with “unthinkable damage” to the world as a whole, or to their individual countries? If the latter, then screw them.

  6. lefty665 says:

    [email protected]:25 So what do you figure, if the machines were isolated from the web they couldn’t call home? No harm, no foul?

  7. Rayne says:

    lefty665 (3:59) — I’m not saying the infection was okay. I’m saying the malware couldn’t do the rest of its job in isolation. Conficker ‘phoned home’ with info it captured from infected devices. It could have appeared in a thumb drive as part of an update/patch applied to an isolated PLC in late 2008/early 2009. Keep in mind that part of Stuxnet did the same thing — shook hands, embedded itself, ID’d the type of device it was on and its location, ‘phoned home’ and then a refresh instruction could be obtained, perhaps pushed to a device if it was on a network.

    Think Ramnit did something similar to Conficker, but it was more tightly associated with crime than intelligence. Could still have appeared later on a thumbdrive when a patch/update applied to unnetworked device.

    It’s the call home and then receiving pushed content afterward which would have been really problematic for a nuke plant. After keylogging device info, Conficker could push info to a peer, then it would download from a domain instructions for blocking updates/patches/anti-malware, and possibly more if customized. But this requires an internet connection.

    • martin says:

      quote”It’s the call home and then receiving pushed content afterward which would have been really problematic for a nuke plant. After keylogging device info, Conficker could push info to a peer, then it would download from a domain instructions for blocking updates/patches/anti-malware, and possibly more if customized. But this requires an internet connection.”unquote

      Attention Rayne.. please report to your favorite local repository of great Beers/Food/live music with at least 6 of your best friends for a 4 hour reset of dancing, laughter, comeraderee and general forgetting what a shit fucked world we live in. Please report back..

  8. Rayne says:

    P J Evans (8:38) — Yeah, CDs, and it probably took forever. *snooze* Gives me some ugly flashbacks to updating server farms with CDs. Ugh, and over a LAN…Conficker and Ramnit will map LANs for use like botnets, IIRC. Definitely don’t want USB touching internal network.

    martin (8:47) — That’s on the schedule for tomorrow night when my eldest kid comes home for the weekend. We’ll binge on something fluffy on Netflix and polish off all the wine, eat all the bacon, pretend everything’s just hunky-dory.

  9. lefty665 says:

    Rayne, thanks for the follow up. USBs/CDs/phones as slow connections, making a network with indeterminate latency but eventual web access. Hygiene is important everywhere.

Comments are closed.