Welcome to today's issue of the Nerdy Buffalo
Send any questions or responses to me at
bbrabant@sault.com and put Nerdy in the subjectline.!
buffalo
~~~~~~~~~~~~~~~~~~~~~~~
Please Visit Our Sponsor
~~~~~~~~~~~~~~~~~~~~~~~~
Be Alert, Keep Track!
Get Your Sleep Diary!
Many people suffer sleeping disorders and keeping track of sleeping habits
is the first step in finding a solution! With Quality Health's FREE sleep
diary, being alert and keeping track has never been easier.
Act Now - Copy and paste the link below into your browser's address bar:
http://buffaloschips.com/slpdry
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
buffalo Says
A story and a question for you today
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reader's Respond
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Via Freddy
In the 20th century, this would have been a job for James Bond.
The mission: Infiltrate the highly advanced, securely guarded
nemyheadquarters where scientists in the clutches of an evil master are
secretly building a weapon that can destroy the world. Then render that
eapon armless and escape undetected.
But in the 21st century, Bond doesn't get the call. Instead, the job is
handled by a suave and very sophisticated secret computer worm, a jumble of
code called Stuxnet, which in the last year has not only crippled Iran's
nuclear program but has caused a major rethinking of computer security
around the globe.
Intelligence agencies, computer security companies and the nuclear industry
have been trying to analyze the worm since it was discovered in June by a
Belarus-based company that was doing business in Iran. And what they've all
found, says Sean McGurk, the Homeland Security Department's acting director
of national cyber security and communications integration, is a "game
changer."
The construction of the worm was so advanced, it was "like the arrival of an
F-35 into a World War I battlefield," says Ralph Langner, the computer
expert who was the first to sound the alarm about Stuxnet. Others have
called it the first "weaponized" computer virus.
Simply put, Stuxnet is an incredibly advanced, undetectable computer worm
that took years to construct and was designed to jump from computer to
computer until it found the specific, protected control system that it aimed
to destroy: Iran's nuclear enrichment program.
The target was seemingly impenetrable; for security reasons, it lay several
stories underground and was not connected to the World Wide Web. And that
meant Stuxnet had to act as sort of a computer cruise missile: As it made
its passage through a set of unconnected computers, it had to grow and adapt
to security measures and other changes until it reached one that could bring
it into the nuclear facility.
When it ultimately found its target, it would have to secretly manipulate it
until it was so compromised it ceased normal functions.
And finally, after the job was done, the worm would have to destroy itself
without leaving a trace..
That is what we are learning happened at Iran's nuclear facilities -- both
at Natanz, which houses the centrifuge arrays used for processing uranium
into nuclear fuel, and, to a lesser extent, at Bushehr, Iran's nuclear power
plant.
At Natanz, for almost 17 months, Stuxnet quietly worked its way into the
system and targeted a specific component -- the frequency converters made by
the German equipment manufacturer Siemens that regulated the speed of the
spinning centrifuges used to create nuclear fuel. The worm then took control
of the speed at which the centrifuges spun, making them turn so fast in a
quick burst that they would be damaged but not destroyed. And at the same
time, the worm masked that change in speed from being discovered at the
centrifuges' control panel.
At Bushehr, meanwhile, a second secret set of codes, which Langner called
"digital warheads," targeted the Russian-built power plant's massive steam
turbine.
Here's how it worked, according to experts who have examined the worm:
--The nuclear facility in Iran runs an "air gap" security system, meaning it
has no connections to the Web, making it secure from outside penetration.
Stuxnet was designed and sent into the area around Iran's Natanz nuclear
power plant -- just how may never be known -- to infect a number of
computers on the assumption that someone working in the plant would take
work home on a flash drive, acquire the worm and then bring it back to the
plant.
--Once the worm was inside the plant, the next step was to get the computer
system there to trust it and allow it into the system. That was accomplished
because the worm contained a "digital certificate" stolen from JMicron, a
large company in an industrial park in Taiwan. (When the worm was later
discovered it quickly replaced the original digital certificate with another
certificate, also stolen from another company, Realtek, a few doors down in
the same industrial park in Taiwan.)
--Once allowed entry, the worm contained four "Zero Day" elements in its
first target, the Windows 7 operating system that controlled the overall
operation of the plant. Zero Day elements are rare and extremely valuable
vulnerabilities in a computer system that can be exploited only once. Two of
the vulnerabilities were known, but the other two had never been discovered.
Experts say no hacker would waste Zero Days in that manner.
--After penetrating the Windows 7 operating system, the code then targeted
the "frequency converters" that ran the centrifuges. To do that it used
specifications from the manufacturers of the converters. One was Vacon, a
Finnish Company, and the other Fararo Paya, an Iranian company. What
surprises experts at this step is that the Iranian company was so secret
that not even the IAEA knew about it.
--The worm also knew that the complex control system that ran the
centrifuges was built by Siemens, the German manufacturer, and --
remarkably -- how that system worked as well and how to mask its activities
from it.
--Masking itself from the plant's security and other systems, the worm then
ordered the centrifuges to rotate extremely fast, and then to slow down
precipitously. This damaged the converter, the centrifuges and the bearings,
and it corrupted the uranium in the tubes. It also left Iranian nuclear
engineers wondering what was wrong, as computer checks showed no
malfunctions in the operating system.
Estimates are that this went on for more than a year, leaving the Iranian
program in chaos. And as it did, the worm grew and adapted throughout the
system. As new worms entered the system, they would meet and adapt and
become increasingly sophisticated..
During this time the worms reported back to two servers that had to be run
by intelligence agencies, one in Denmark and one in Malaysia. The servers
monitored the worms and were shut down once the worm had infiltrated Natanz.
Efforts to find those servers since then have yielded no results.
This went on until June of last year, when a Belarusan company working on
the Iranian power plant in Beshehr discovered it in one of its machines. It
quickly put out a notice on a Web network monitored by computer security
experts around the world. Ordinarily these experts would immediately begin
tracing the worm and dissecting it, looking for clues about its origin and
other details.
But that didn't happen, because within minutes all the alert sites came
under attack and were inoperative for 24 hours.
"I had to use e-mail to send notices but I couldn't reach everyone. Whoever
made the worm had a full day to eliminate all traces of the worm that might
lead us them," Eric Byres, a computer security expert who has examined the
Stuxnet. "No hacker could have done that."
Experts, including inspectors from the International Atomic Energy Agency,
say that, despite Iran's claims to the contrary, the worm was successful in
its goal: causing confusion among Iran's nuclear engineers and disabling
their nuclear program.
Because of the secrecy surrounding the Iranian program, no one can be
certain of the full extent of the damage. But sources inside Iran and
elsewhere say that the Iranian centrifuge program has been operating far
below its capacity and that the uranium enrichment program had "stagnated"
during the time the worm penetrated the underground facility. Only 4,000 of
the 9,000 centrifuges Iran was known to have were put into use. Some suspect
that is because of the critical need to replace ones that were damaged.
And the limited number of those in use dwindled to an estimated 3,700 as
problems engulfed their operation. IAEA inspectors say the sabotage better
explains the slowness of the program, which they had earlier attributed to
poor equipment manufacturing and management problems. As Iranians struggled
with the setbacks, they began searching for signs of sabotage. From inside
Iran there have been unconfirmed reports that the head of the plant was
fired shortly after the worm wended its way into the system and began
creating technical problems, and that some scientists who were suspected of
espionage disappeared or were executed. And counter intelligence agents
began monitoring all communications between scientists at the site, creating
a climate of fear and paranoia.
Iran has adamantly stated that its nuclear program has not been hit by the
bug. But in doing so it has backhandedly confirmed that its nuclear
facilities were compromised. When Hamid Alipour, head of the nation's
Information Technology Company, announced in September that 30,000 Iranian
computers had been hit by the worm but the nuclear facilities were safe, he
added that among those hit were the personal computers of the scientists at
the nuclear facilities. Experts say that Natanz and Bushehr could not have
escaped the worm if it was in their engineers' computers.
"We brought it into our lab to study it and even with precautions it spread
everywhere at incredible speed," Byres said.
"The worm was designed not to destroy the plants but to make them
ineffective. By changing the rotation speeds, the bearings quickly wear out
and the equipment has to be replaced and repaired. The speed changes also
impact the quality of the uranium processed in the centrifuges creating
technical problems that make the plant ineffective," he explained.
In other words the worm was designed to allow the Iranian program to
continue but never succeed, and never to know why.
One additional impact that can be attributed to the worm, according to David
Albright of the Institute for Science and International Studies, is that
"the lives of the scientists working in the facility have become a living
hell because of counter-intelligence agents brought into the plant" to
battle the breach. Ironically, even after its discovery, the worm has
succeeded in slowing down Iran's reputed effort to build an atomic weapon.
And Langer says that the efforts by the Iranians to cleanse Stuxnet from
their system "will probably take another year to complete," and during that
time the plant will not be able to function anywhere normally.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please Visit Our Sponsor
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Press Dough - Design your own cookie creations
Make fun, editable art with Press Dough. Take cookie making to a new level
with creating patterns, animals, shapes, and more. All Pieces are dishwasher
safe so clean up is a breeze. Just press, bake and decorate--Eat all the fun
you make.
Learn More
http://buffaloschips.com/presdo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bytes & PC's
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sensitivity Training
http://www.buffaloschips.com/898.htm
Serv 3 Chunk
http://www.buffaloschips.com/81810.htm
Sex In The Future
http://www.buffaloschips.com/81811.htm
Short Dip
http://www.buffaloschips.com/81812.htm
Singing Monkey
http://www.buffaloschips.com/81813.htm
Dirty Sneakers
http://www.buffaloschips.com/jdj.htm
Dodge Viper VS Tzero Electric Car
http://www.buffaloschips.com/89uy.htm
Dog In Trance
http://www.buffaloschips.com/t43e.htm
Don't Eat While Driving
http://www.buffaloschips.com/t54.htm
Energy Star
http://www.buffaloschips.com/gre3.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please Visit Our Sponsor
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My Scent - Refillable Perfume Atomizer
Take your favorite perfume wherever you go with My Scent. Refillable
atomizer as small as a lipstick - fits in any purse or pocket. It features a
clear window to indicate when it's time to refill. My Scent comes in three
fun colors - black, silver and pink.
Stay fragrant all day with My Scent,
Buy 1, Get 1 Free
Learn More
http://buffaloschips.com/mycent
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next Up on Deck
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tomorrow's questions that will be answered... If you recognize the
problem in any of following questions send me your response for
tomorrow's issue...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
### If you do not see your question in this section please look up
top to see if it has been answered there###
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
this is just a "fun" question - not a problem!
I recently bought a 20" widescreen monitor. What size wallpaper should I
choose for the desktop? So far, the only info I've been able to locate is:
"For 23-inch to 28-inch widescreen LCD monitor, the native resolution is
1920x1200"
Happy Holidays and continued good work, Buff, Robert and all the rest of the
herd!! Thanks for all the help you give us all year long.
Sue
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please Visit Our Sponsor
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Consumer Cellular(R)
We're Simply Different(R)
The Phone You Need at a Price You'll Like
Complimentary
Motorola Phone*
Plans as Low
as $10 per Month.
Limited time offer. Sign up today and well DOUBLE YOUR MINUTES for 3 months
at no additional cost++.
Find the phone that's right for you. Our plans
come with a complimentary Motorola phone,
or you can select an affordable alternative.*
Customize a cellular plan that fits your needs.
With Consumer Cellular you enjoy:
- A Complimentary phone*
- Plans as low as $10 per month
- Reliable service
- Nationwide coverage
- 30-day no risk guarantee
- No contracts to sign
AARP(R) Discounts -
AARP(R) Members ask for your special
discount and other benefits when
starting new service
Learn More
http://buffaloschips.com/comdir
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please be sure to send a detailed description of your problems
including all the specifics about your computer and its problem i.e.
brand, OS, processor, etc.. plus any error message you have
received, to me at bbrabant@sault.com archives for The Nerdy
Buffalo are located at
http://groups.yahoo.com/group/The_Nerdy_Buffalo/messages
Subscribe send a blank email to:
The_Nerdy_Buffalo-subscribe@yahoogroups.com
Unsubscribe send a blank email to:
The_Nerdy_Buffalo-unsubscribe@yahoogroups.com
----------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.869 / Virus Database: 271.1.1/3249 - Release Date: 11/10/10
14:34:00
You are free to share the content of this mailing with others in its entirety. Due to the work put into this writing by the owner and dedicated members you may not send any portion of this mailing out in mass mailings form unless the group address and message number is included to insure proper credit.
Regarding any problems unsubscribing from this opt-in mailing list
In accordance with the 2004 Can-Spam act you can contact me at:
Nancy Cantafio
3955 West 5 Mile Rd
Sault Ste. Marie, MI 49783
No comments:
Post a Comment