Iran can't stop Stuxnet infections

.







Debka.com published an article claiming that Iran can't stop Stuxnet infections on their SCADA
systems, so they are trying to hire security experts from West and East Europe.
But foreigner experts don't buy the offer because Tehran doesn't want to reveal any details
about what systems were compromised and the location where they'll need to work.

Also let me quote a part of the article:

"While Tehran has given out several conflicting figures on the systems and networks struck by
the malworm - 30,000 to 45,000 industrial units - debkafile's sources cite security experts as
putting the figure much higher, in the region of millions. If this is true, then this cyber weapon
attack on Iran would be the greatest ever. "

I must say I'm extremely happy seeing Iran nuclear infrastructure going down, fuck you
Ahmadinejad, this is just a bit of justice after all the people you and your people murdered and
tortured.

You can read the full article at http://www.debka.com/article/9050/

.

Stuxnet worm

.
Since a few days I'm reading all I found about this newly found worm called Stuxnet.
This malware is something never seen before it uses 2 valid certificates one belonging to Realtek
and the other one to JMicron, and also uses 4 windows 0-Day exploits, everything in order to
attack Siemens SCADA (supervisory control and data acquisition) systems, that means that it
was designed to attack industrial control systems.




















The amount of 0Day used, the software complexity and the extremely specific targets selected
suggest someone with tons of money was involved in it and that this is product of team work,
and the fact that the most heavily infected country is Iran suggest that this was created to attack
Iran's nuclear energy plants. And it seems it succeeded as Iran confirmed that computers from
Bushehr nuclear power plant were infected.

Maybe this was created by a Tiger Team from US or Israel?

Guys from ESET created a really nice white paper explaining Stuxnet inner workings, you can
get a copy from HERE also people from Symantec wrote about the PLC infection process, you
can see it HERE.

Symantec's guys also plan to release a paper at Virus Bulletin conference, to be held in
Vancouver this September 29th, called "An indepth look into Stuxnet" that supposedly will
reveal more details about this fascinating malware.

.

Ekoparty 2010 pictures

.










Golmatt created a picasa gallery for the Ekoparty latest edition pictures

Check it out at:

http://picasaweb.google.com/golmatt/Ekoparty2010#

And here is Cedric Blancher's album:

http://sid.rstack.org/gallery/?galerie=201009_BuenosAires

.

POET vs. ASP.NET

.
Thai Duong and Juliano Rizzo presented in the latest Ekoparty a tool called POET
(Padding Oracle Exploit Tool ) that allows a user to decrypt and forge cookies, that
could lead to an information disclosure or a full system compromise as you will be
able to see in the following video.




In this video we show how to use POET to attack the latest version of ASP.NET. The
target application is DotNetNuke. The attack consists of two phases:

1. In the first phase, we use POET to extract DotNetNuke's secret keys, and use
those keys to generate a cookie to login as a super user. The same technique can be
used to attack _every_ ASP.NET application.

2. In the second phase, we use Cesar Cerrudo's Token Kidnapping attack to gain
SYSTEM privilege on the Windows server hosting DotNetNuke.


EDIT:
Download the Ekoparty 2K10 slides for Padding Oracles Everywhere

http://netifera.com/research/#ekoparty


.

Benelli Shotgun Amazing Shots

.

This guy is amazing, enjoy!