Blog Elements | SecurityOrb.com

Stuxnet appeared on the scene earlier this summer, though it was written more than a year ago. The code, its mechanics, the way it moved from system to system using Zero-Day vulnerabilities in Windows, everything about it was both frightening and shady. The hype given to it was justified, if only because it was a targeted payload, aimed at critical infrastructure.

Earlier in the day a security flaw turned Twitter’s Website into a chaotic and potentially unsafe place, filled with annoying pop-up windows that activated just by rolling the mouse over another user’s tweets.

An interesting article by Steve Ragan at thetechherald.com about the Stuxnet worm. Enclosed is part of the article:

The Christian Science Monitor, citing expert analysis, ran a story on Tuesday reporting that the Stuxnet Worm was a directed attack at a nuclear power plant in Iran.

“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” wrote Ralph Langner, the CEO of Langner Communications, on the company website.

Langner’s research, as well as information from other experts who have seen it, was the basis for the Monitor story. You can see the entire story on a single printer page here.
“The attack combines an awful lot of skills – just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise.”

Based on painstaking research, Langner determined that Stuxnet was programmed to target a single system by fingerprinting it. If the system in question is the one targeted, Stuxnet launches the attack. Otherwise it will remain dormant.
When Stuxnet attacks, it intercepts code from Simatic Manager that is loaded to the Programmable Logic Controller or PLC.

You can read more over here.

On Tuesday morning September 21, 2010, Twitter.com was hacked in a very crafty way. Twitter users needed to only move their mouse cursor over links on their twitter page to be redirected without the user intervention or permission. When redirected, they would be sent to malicious and offensive destinations, such as porn sites and malware sites.

As of 9:45 a.m. EDT, Twitter had identified the exploit and are currently taking steps to recertify the matter. Twitter administrators posted:

“please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is.”

Inserting a line of JavaScript into the tweet, containing the command “onmouseover”, activates the flaw. The exploit is also being used to fill and submit status updates when rolled over, leading to further issues for users.

For now, it is recommended Twitter users access the site from a third-party client, such as TweetDeck, Seesmic or their mobile devices, since they are not vulnerable to the “onmouseover” exploit.

Check out an example of the exploit below:

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

Stuxnet was a directed attack with insider knowledge expert says

Twitter Mouse-Over Flaw Send Users to Dangerous Links

Stuxnet was a directed attack with insider knowledge expert says

Twitter Mouse-Over Flaw Send Users to Dangerous Links

Full Sized Blog Element (Big Preview Pic)

Stuxnet was a directed attack with insider knowledge expert says

Twitter Mouse-Over Flaw Send Users to Dangerous Links

INTERESTING LINKS

Latest News

Business Hours