mersenneforum.org

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   Tales From the Crypt(o) (https://www.mersenneforum.org/forumdisplay.php?f=130)
-   -   'All Your Data ❝Я❞ Belong To Us' Thread (https://www.mersenneforum.org/showthread.php?t=20713)

chalsall 2018-03-16 01:33

[QUOTE=Dubslow;482457][url]https://www.us-cert.gov/ncas/alerts/TA18-074A[/url][/QUOTE]

For those who don't know about it, [URL="http://www.dpstele.com/scada/introduction-fundamentals-implementation.php"]SCADA[/URL] controls your world's infrastructure.

For those who do know about, be very afraid if any part of that network is connected to the Internet.

Even "air gaps" can be a problem....

ewmayer 2018-03-22 00:47

[QUOTE=Dubslow;482457][url]https://www.us-cert.gov/ncas/alerts/TA18-074A[/url][/QUOTE]

I have three questions which I'd like to see the Intel agencies address:

[1] How reliable is the Russian-government attribution? IOW, was spoofing ruled out, and if so, how?

[2] Are the Deplorable Rooskies uniquely bad in this regard, or are other state-level actors doing similar probing?

[3] Are we to believe our own Intel complex is not engaged in similar activities?

Dubslow 2018-03-22 02:00

[QUOTE=ewmayer;483023]I have three questions which I'd like to see the Intel agencies address:

[1] How reliable is the Russian-government attribution? IOW, was spoofing ruled out, and if so, how?

[2] Are the Deplorable Rooskies uniquely bad in this regard, or are other state-level actors doing similar probing?

[3] Are we to believe our own Intel complex is not engaged in similar activities?[/QUOTE]

Although I can't speak to 1 and 2, I should think that 3 is a very obvious "no". In fact I would think we're supposed to think that "we" are doing it even better than this report states.

Dr Sardonicus 2018-03-24 15:13

[QUOTE=ewmayer;483023]I have three questions which I'd like to see the Intel agencies address:

[1] How reliable is the Russian-government attribution? IOW, was spoofing ruled out, and if so, how?[/quote]

Dunno.

[quote][2] Are the Deplorable Rooskies uniquely bad in this regard, or are other state-level actors doing similar probing?[/quote]

Dunno, but my guess is, "No, yes -- and non-state-level actors, too."

[quote][3] Are we to believe our own Intel complex is not engaged in similar activities?[/QUOTE]

No. Have been, for a long time. My vague recollections from the distant past conjured the parameters "malware russia gas line explosion" for a Google search. Among the hits was this 2004 [url=https://www.nytimes.com/2004/02/02/opinion/the-farewell-dossier.html]William Safire column[/url].

In my estimation, the real problem on the US end is, the folks running power plants -- like the folks running a lot of companies in the private sector -- aren't taking this sort of thing seriously.

xilman 2018-03-24 18:17

[QUOTE=Dr Sardonicus;483271]In my estimation, the real problem on the US end is, the folks running power plants -- like the folks running a lot of companies in the private sector -- aren't taking this sort of thing seriously.[/QUOTE]Another real problem, and I wish I could remember the guy's name, is that a PhD student had his thesis classified because its first version contained the locations of about a dozen locations where about a dozen back-hoes could take out over 90% of the internet in the US. His university kicked up a fuss and a censored version was submitted to allow him to gain his doctorate.

Nothing I've learned since suggests that the situation is any more resilient to spetznaz activity. Perhaps no news really is good news in this respect.

Nick 2018-03-24 22:00

Our credit card company is introducing two factor authentication for Internet purchases: in addition to the existing checks, they want to send a mobile text message (SMS) which you then type in as well to complete the online transaction
At the same time, we have the impression that our telco is busy replacing its expensive old telephony switches with VOIP technology (they have just announced an end date for two-channel ISDN, for example).

So apparently we shall be relying more and more on the independence of the phone network while the distinction between it and the Internet becomes less and less...:confused2:

Dr Sardonicus 2018-03-26 14:49

[QUOTE=xilman;483286]Another real problem, and I wish I could remember the guy's name, is that a PhD student had his thesis classified because its first version contained the locations of about a dozen locations where about a dozen back-hoes could take out over 90% of the internet in the US. His university kicked up a fuss and a censored version was submitted to allow him to gain his doctorate.

Nothing I've learned since suggests that the situation is any more resilient to spetznaz activity. Perhaps no news really is good news in this respect.[/QUOTE]
As I like to say, "Today's fiber-optic network is no match for an idiot with a backhoe." But that's unfair to backhoe operators, because it seems to be more often the case, the problem is a bad job of locating underground utilities.

Speaking of digging, a few minutes' worth of Googling turned up a

[url=https://www.washingtonpost.com/archive/politics/2003/07/08/dissertation-could-be-security-threat/32266f9d-0ae4-4185-84d5-967ce77f4fa8/]2003 WAPO story[/url]

that may refresh your memory about that dissertation.

Uncwilly 2018-03-26 17:52

[QUOTE=Dr Sardonicus;483425]As I like to say, "Today's fiber-optic network is no match for an idiot with a backhoe." But that's unfair to backhoe operators, because it seems to be more often the case, the problem is a bad job of locating underground utilities.[/QUOTE]
Speaking from personal experience, sometimes it is not the location services fault either. I consulted on a breach of a high pressure gas line in the 15 cm diameter range. The backhoe hit it after the meter, which is past the utilities responsibility. Meter by like :spinner: The utility reps had no idea about the line. The local fire brigade was called to the location. Lots of fun....

chalsall 2018-03-26 18:43

[QUOTE=Uncwilly;483442]I consulted on a breach of a high pressure gas line in the 15 cm diameter range. The backhoe hit it after the meter, which is past the utilities responsibility. Meter by like :spinner:[/QUOTE]

Yeah. Known in the industries as the "demarcation point".

[QUOTE=Uncwilly;483442]The utility reps had no idea about the line. The local fire brigade was called to the location. Lots of fun....[/QUOTE]

I bet!

Hopefully no one was stupid enough to try to light a ciggy during the incident! :wink:

Dr Sardonicus 2018-03-27 19:21

[QUOTE=Uncwilly;483442]Speaking from personal experience, sometimes it is not the location services fault either. I consulted on a breach of a high pressure gas line in the 15 cm diameter range. The backhoe hit it after the meter, which is past the utilities responsibility. Meter by like :spinner: The utility reps had no idea about the line. The local fire brigade was called to the location. Lots of fun....[/QUOTE]
That's interesting -- having what amounts to an HP gas main [i]on the user's side of a meter[/i]. I'm guessing the customer was a major industrial operation -- which would be good, in the sense that it would probably be well away from residential areas. But -- with a meter right there, surely utility reps would at least have been able to identify who the customer was.

Uncwilly 2018-03-27 20:20

[QUOTE=chalsall;483447]Hopefully no one was stupid enough to try to light a ciggy during the incident! :wink:[/QUOTE]The backhoe operator shut off the machine as soon as they realised what happened.[QUOTE=Dr Sardonicus;483562]But -- with a meter right there, surely utility reps would at least have been able to identify who the customer was.[/QUOTE]
The incident happened about 1.5km (pipe distance) from the meter. Yes it was an industrial site. They had not used the line (much, to heat the office, etc.) in several years. The on-site personnel did not know about the line.


All times are UTC. The time now is 16:12.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.