Tag: History

Posted in Informational, Research, Topic, Vulnerabilities

Case Study: Stuxnet

Posted on by Steph

Enter the CyberWar

(A Day Late during to Travel)

If you’re paying attention to the War in Ukraine you’ve probably heard people talk about the ensuing cyber dimension of the conflict. This is just the latest skirmish–though some say it’ s the beginning of the new Era of Cyberwarfare–of cyberwarfare.

Stuxnet, wasn’t the first cyber operation nor was it the first virus, but it’s notable because it was one of the first that destroy hardware and an operation linked specifically to the U.S.

Stuxnet was a virus developed to target Iran’s nuclear capabilities. Basically, it targeted automated controls in industrial control systems causing the hardware to break. It did this by exploiting zero-days in Microsoft and Siemens software. The bad part is that Stuxnet worked to well and ended up spreading globally.

Read more:

Posted in Current Events, Informational, Research, Topic

Privacy in the Digital Age:

Posted on by Steph

Roe v. Wade

Again, had a post planned and instead news caused a different post.

Even before the Supreme Court officially struck down the Roe v. Wade decision and sent reproductive health issues back to the states there were stirrings questioning how incoming changes might effect health apps and data collection.

Living in today’s world people might not worry about how much of their information is readily collected or available. Perhaps, they’ve resigned themselves to the fact that they can’t stop their data being collected. There has been very little headway made in crafting some type of national privacy law, so it makes one feel like this is just inevitable, online privacy is your own concern.

For months before today reading through Twitter brought calls for women to remove period tracking apps and be more cognizant of how their data might be collected and in the future possibly subpoenaed as proof of some ‘reproductive crime’..

“Democrat lawmakers along with privacy advocates are now growing worried prosecutors in these anti-abortion states will use subpoenas to demand tech companies help them identify which users have visited an abortion provider.” -Michael Kan, PCMag.

I would definitely consider myself a privacy advocate. I think the majority of infosec people are concerned about privacy to some degree. It’s concerning that it really took something so dramatic to bring this conversation about data collection back to the foreground.

It can be proposed that perhaps we all just became too complacent in many ways…

How all this unfolds and develops is something to keep a definite eye on.

Posted in Informational, InfoSec History, Research, Vulnerabilities

There is no Safe Haven: Mac Attacks

Posted on by Steph

I was all set to write about an interesting job in infosec today and then I woke up and saw reports of a new attack: ‘Pacman’, being leveraged against Apple computers. This report got me thinking about a conversation I saw on Social media where a connection was asking about what laptop to buy. One of this person’s friends mentioned getting an Apple because they are ‘safer’ than Windows machines and ‘antivurs wasn’t needed’ (no one but us tech geeks recommend Linux it wasnt even in the running). I recall thinking that laypeople are just really unaware that Apple systems are getting targeted at higher rates in recent years . So here we are talking about Mac Attacks.

As a disclaimer I’ve got no real dog in whatever battle exists between OSes. As a tech-head I have systems that run Windows, MacOS, and several flavors of Linux. The job isn’t to safeguard a specific type of system it’s to safeguard them all.

We can say, oh MacOS and Linux OS distros have less know vulnerabilities or are attacked less often, but to say that one or the other doesn’t have any or doesn’t get attacked is untrue. All systems are opened to be attacked.

Some Recent Apple Malware:

  • Pacman
  • Silver Sparrow
  • XLoader
  • GoSearch22
  • Thiefquest

A more in depth look at some Apple vulnerabilities and malware can be found here or here.

I will always advocate for user to protect themselves. Defense in depth isn’t just for enterprises it also means that users shouldn’t assume that the systems are just inherently ‘safe’. When people say security is everyone’s business I can support that because your end security should be your business which includes setting precautions to overlap where initial software and hardware might fall short.

Posted in Flashback Friday, Informational, InfoSec History

Case Study: Maroochy Shire

Posted on by Steph

Problem

In 2001, a former contractor who still had access to the system, compromised the industrial control system (ICS). This compromised causes the sewage to flood the town and watershed.

This would become the first widely recognized attack on and industrial system.

“Marine life died, the creek water turned black and the stench was unbearable for residents,” said Janelle Bryant of the Australian Environmental Protection Agency in The Register

Cohen, Gary, 2021

Solution

  • Focus on possible Insider Threats
  • Offboarding procedures
  • Emphasize separation of duties
  • Airgap operational technology from information technology.
Posted in Profiles

Profile in Cyber

Posted on by Steph

“I think it’s very important to get more women into computing. My slogan is: Computing is too important to be left to men.” –

Karen Spärck Jones

Melba Roy Mouton

Was one of NASA’s “human computers” in the early space program. A graduate of Howard University from Virginia, Mouton headed a group of these “human computers” that tracked satellites. Furthermore, Mouton, was also a computer programmer at NASA. Her programs “predicted aircraft locations and trajectories.” (Women & Tech Project, 2014).

More on NaSA’s “Human Computers”:

1929 – June 25, 1990

References: