lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000601c3636c$0c79c2f0$2b02a8c0@dcopley>
From: dcopley at eeye.com (Drew Copley)
Subject: Blackout responsibility? 


> -----Original Message-----
> 
> ....and if blaster actually *did* have something to do with 
> the blackout, 
> what are the chances that the company officials will give the 
> real reason?  
> i mean, they would be lucky that a relatively benign worm got 
> to their 
> systems.  it could have been far worse.


A natural thought, however the odds are against such a cover up in the
long run, because what Ben Franklin said is generally correct:

"Three can keep a secret, if two of them are dead"

The other probability going against this is that utility companies are
not military or intelligence organizations where they might have
experience in keeping secrets. 

The only probability working for this, I would guess, is that if an
utility worker did discover this to be the case... They might not be
believed. Unless they had hard evidence beyond just their own word.

But, mechanically, of course, the strongest probabilities are against
that the worm caused this damage. There are many things far more likely
to have caused this damage and not the blaster nor the variants I have
seen do anything which is extraordinary for worms to do. 

You are right, they are lucky, and I am sure that many of their systems
did get infected. Such institutions generally have been found in the
past to be poorly equipped to handle their own infrastructure security.
Code Red, Slammer, Blaster... All have exploited wide open holes, they
have all be relatively benign compared to previous worms such as CIH
(which may be classified as a worm because it did rather effectively
spread through file transfers)... Further, while the DDoS timed fuse
concept is a potentially dangerous one for a worm, both Code Red and
Blaster have been too loud to really pull it off well... And in their
exposure, they left a wake of patched systems, which prevented a worm
with a far more malicious and stealthy payload to appear.

This probability remains rather high for future vulnerabilities of this
nature (not too high, but a bit). This is because really simple
relatively benign worms are more common, and therefore have a higher
probability of appearing first. 

Personally, I think one of the worst worms has been Sircam which would
take confidential information and send it out to the world... But, worms
like CIH (and numerous other destructive worms, some of which 29a has
pioneered) have shown that the power companies, and indeed, the world,
have been quite lucky. (ref:
http://news.spamcop.net/pipermail/spamcop-list/2001-July/016840.html )





> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ