Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

the real stuxnet authors plz stand up

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


coderman at gmail

Jul 29, 2010, 10:49 AM

Post #1 of 8 (441 views)
Permalink
the real stuxnet authors plz stand up
stuxnet is strategic, and misleading. ... red team off roading?

cybercommand grinning ear to ear, revoked sig mitigates for licensed
and vigilant users while Iran and other distrustfuls remain
particularly exposed, what splendifortuitousness! tis easier to seek
forgiveness ...

one of you two of eight snitches knows the details, full-disclosure! [0]



0. "Blowing the Whistle on the Snitch Racket"
http://cryptome.org/0001/wikileaks-snitch.htm
e.g. Pulling a Lamo, etc.


( in particular, detail sufficient to buttress commentary on
100721305-0305-01. wonder what lucre load that's tagged by wapo, if
they're watching... when does sunshine press pick up that metric? )

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


coderman at gmail

Sep 24, 2010, 8:35 PM

Post #2 of 8 (312 views)
Permalink
Re: the real stuxnet authors plz stand up [In reply to]
On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman [at] gmail> wrote:
> stuxnet is strategic, and misleading. ... red team off roading?
> ...
> one of you two of eight snitches knows the details, full-disclosure! [0]

h0 h0 h0!

this gift keeps on giving...

no more for me thanks.


e4ffa4d8cb70e97af381aea2232d1064b51ecf9bdcd70824fe4675679d9fbf93

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


coderman at gmail

Sep 24, 2010, 9:00 PM

Post #3 of 8 (314 views)
Permalink
Re: the real stuxnet authors plz stand up [In reply to]
natanz focus, not bushehr.

costs and delays to both sites a bonus...

(everyone else, well, you're collateral damage that learned a valuable
lesson, right? :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


coderman at gmail

Sep 24, 2010, 10:57 PM

Post #4 of 8 (310 views)
Permalink
Re: the real stuxnet authors plz stand up [In reply to]
On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman [at] gmail> wrote:
> stuxnet is strategic, and misleading...

misleading because the failures induced in target present as
inefficiencies and mechanical fatigue in centrifuge process; intent is
to cast suspicion and resources on manufacturing and/or assembly of
centrifuge hardware as cursory checks of digital systems (data
presumably acquired from floor) return normative.

good game, sirs!
target spends dollars and weeks/months pursuing errors in physical
supply and installation paths en-route to / on site, all the while the
wear is digitally done; out of sight, out of mind...

this game (offensive, methodical, precision targeted high-assurance
malware) is an odd sort of global-actor assasination politik. like
china blasting sats in space, it was bound to happen sooner or later
:P

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


coderman at gmail

Sep 24, 2010, 11:30 PM

Post #5 of 8 (309 views)
Permalink
Re: the real stuxnet authors plz stand up [In reply to]
On Fri, Sep 24, 2010 at 10:57 PM, coderman <coderman [at] gmail> wrote:
> On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman [at] gmail> wrote:
>> stuxnet is strategic, and misleading...
>
> misleading because the failures induced in target present as
> inefficiencies and mechanical fatigue in centrifuge process...

Qom also hit - the fingerprinting mechanism is essentially mapped to
form and function, rather than specific instance. That is to say, the
Qom centrifuge enrichment deployment is sufficiently similar in
devices and software applied (WinCC, 6ES7-417, 6ES7-315-2, etc.) as to
also fall under precision targeting.

yay full disclosure.

0x04

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


kenneth at voort

Sep 24, 2010, 11:48 PM

Post #6 of 8 (304 views)
Permalink
Re: the real stuxnet authors plz stand up [In reply to]
Get real...
Kenneth Voort
kenneth [at] voort | 647.987.5381

-Sent from my handheld.

-----Original Message-----
From: coderman <coderman [at] gmail>
Sender: full-disclosure-bounces [at] lists
Date: Fri, 24 Sep 2010 22:57:35
To: Full Disclosure<full-disclosure [at] lists>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up

On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman [at] gmail> wrote:
> stuxnet is strategic, and misleading...

misleading because the failures induced in target present as
inefficiencies and mechanical fatigue in centrifuge process; intent is
to cast suspicion and resources on manufacturing and/or assembly of
centrifuge hardware as cursory checks of digital systems (data
presumably acquired from floor) return normative.

good game, sirs!
target spends dollars and weeks/months pursuing errors in physical
supply and installation paths en-route to / on site, all the while the
wear is digitally done; out of sight, out of mind...

this game (offensive, methodical, precision targeted high-assurance
malware) is an odd sort of global-actor assasination politik. like
china blasting sats in space, it was bound to happen sooner or later
:P

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


coderman at gmail

Sep 25, 2010, 12:54 AM

Post #7 of 8 (314 views)
Permalink
Re: the real stuxnet authors plz stand up [In reply to]
On Fri, Sep 24, 2010 at 11:48 PM, Kenneth Voort <kenneth [at] voort> wrote:
> Get real...

i did not say bushehr was not impacted; a side effect of the re-use of
same real-time PLC workflow controller there resulted in cluster fuck
and non-operation.

however, the target was centrifuges and in this regard, it worked
perfectly: the only outward signs of interest at natanz and qom while
affected was then un-explained 2x to 4x under-yield from the
cascades... the running total spinning looked nice though - steady
progress! heh

in any case, you confuse me with someone who has something to say.
really EOT this time...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


datskihuj at gmail

Oct 4, 2010, 3:02 AM

Post #8 of 8 (253 views)
Permalink
Re: the real stuxnet authors plz stand up [In reply to]
coderman its puff puff pass.. you smoked the whole thing!

2010/9/25 coderman <coderman [at] gmail>

> On Fri, Sep 24, 2010 at 11:48 PM, Kenneth Voort <kenneth [at] voort> wrote:
> > Get real...
>
> i did not say bushehr was not impacted; a side effect of the re-use of
> same real-time PLC workflow controller there resulted in cluster fuck
> and non-operation.
>
> however, the target was centrifuges and in this regard, it worked
> perfectly: the only outward signs of interest at natanz and qom while
> affected was then un-explained 2x to 4x under-yield from the
> cascades... the running total spinning looked nice though - steady
> progress! heh
>
> in any case, you confuse me with someone who has something to say.
> really EOT this time...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.