Friday, July 13, 2012

CRAP Internet Computer Security
For The Last 14 Years

Today I ran across a fascinating article at the great Ars Technica entitled:

iTunes has "more robust" security than some of our critical infrastructure.
Security researchers have blown the whistle on serious vulnerabilities in an Internet-connected system used by the US military, hospitals, and private industry to control boilers, air-conditioners, security alarms, and other critical industrial equipment.
The defects in the Niagara Framework, which links more than 11 million devices in 52 countries, could allow malicious hackers to seize control of critical infrastructure, an article published by The Washington Post warned. . . . 
"Sadly, we can honestly say that the security of iTunes is more robust than most ICS software."

The full article is well worth a read by anyone interested in the state-of-the-mess we call computer security. We also get to smile that Apple is getting seriously serious about security these days. And you thought iTunes sucked. ;-D

I posted a couple comment responses to the article under my old nick of 'zunipus' (the same name I use for my personal abstraction rants blog). My comments will sound familiar. But I added a paragraph about the recently discovered 'Flame' titan malware for Windows. Enjoy, get all paranoid, or laugh:

"...the most disappointing thing he encountered in his interactions with Tridium was its "eagerness to blame the customer." "
And why not! It's the Spirit Of The Age in biznizz:
Abuse Thy Customer!
This is how business FAILs. This is why we continue to be stuck in our ongoing worldwide economic depression, the second worst in a century.
Until we rid the world of what I call 'Marketing-Morons', those people who insist upon selling products with total disregard for respecting the customer, our system of world business it totally fracked. 
~ ~ ~ 
One historical perspective:
In 1998 the country of China was provided 'Most Favored Nation' status by the Clinton Administration.
At that point, the government of China became involved with Chinese computer hackers and assisted them in forming what became the 'Red Hacker Alliance'. (Please Search for this term for references). [I have a number of articles here at Mac-Security covering my anti-pals from the Red Hacker Alliance].
For the next eight (8) years, the China government-assisted Red Hacker Alliance succeeded in 'PWNing' (OWNing) or botting every single US government Windows-based computer exposed to the Internet. All of them. The infection bots were able to send all data on those computers directly to China. It was not until 2007 that the US government publicly acknowledged the problem.
Last month the 'Flame' malware and its bot network were discovered, exposed and shut down. It has been estimated that Flame had been running on the Internet for at least five (5) years before its discovery. This malware was found to be the most ambitious, best designed and capable malware ever created, to our knowledge (!). Experts have stated that Flame could only be the work of a consortium of malware developers or a major government. Flame took advantage of what was, until its discovery, an extremely old zero-day exploit in Windows. Flame was capable of performing literally any computer task assigned to it by the bot wranglers, whoever they were. It was the perfect multi-functional malware, the ultimate spyware. It could infect and PWN any Windows-based computer by a mere drive-by Internet infection. That means no Windows machine connected to the Internet was immune unless the bot wranglers designed them so. The only data we have regarding its activity and purpose was its proliferation across the Middle East.
That's how CRAP Internet computer security has been, across the world, for the last 14 years.

Of course, it's tempting to add: "Thank Goodness We Use Macs!" But don't be too naive. The fact that the Java drive-by infection version of the FlashBack malware managed to PWN over 600,000 Macs this past spring should keep us all humble and wary.

No comments:

Post a Comment