Hello Fabio, is Wired part of the "media hype"?
http://www.wired.com/threatlevel/2012/05/flame/ They also compare it with Stuxnet. All bullocks? Best, Susanne On 29 May 2012 16:49, Fabio Pietrosanti (naif) <li...@infosecurity.ch>wrote: > Imho it does not have anything in common with stuxnet. > > That's a "poor's man malware". > > There just a lot of hype by the AV Vendors and CERTs to claim big > discovery and get new budget to "fight cyberwar"! > > All news and reports try to make "comparison" with Stuxnet. > > There is "NO RELATIONSHIP AT ALL" with stuxnet other than the marketing > intent of the media / malware analysis producer to increase the > media-coverage of their work. > > Some consideration about previous statement and about the FUD intent of > most researchers/journalists: > > - It does not attack PLC and/or any kind of industrial system (Stuxnet > does) > > - It's a fat binary (20MB of trojan it's not stealth) > > - It's probably quickly coded (the fact of bundling LUA interpreter tell > us that the coder it's lazy and wanted to produce quickly usable code) > > - It store all it's data in plan-text, standard SQLite3 database with no > protection / stealthness > > - It does not do encryption (only "xor" even if people like to describe > like if it use "encryption"). > > - It does not have hidden/stealth startup method (known and already > used/detected startup methods) > > So, imho it's just a big media hype over a not particularly advanced and > badly designed malware. > > -naif > > On 5/29/12 3:29 PM, Niels ten Oever wrote: > > Dear all, > > > > I would be very interested in your further analysis on the new cyber > > espionage software which has been identified as the next generation of > > Stuxnet which has been named Flame and/or sKyWIper - the son of stuxnet. > > Further reading here: http://www.crysys.hu/skywiper/skywiper.pdf and > > here: > > > http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers > > > > Looking forward for further discussion at the Human Rights Con and on > > the mailinglist. > > > > Cheers, > > > > Niels > > @conflictmedia > > > > Niels ten Oever > > Programme Coordinator > > S: nielstenoever > > E: tenoe...@freepressunlimited.org > > T: +31 356254309 > > M: +31 613846622 > > > > A digital signature can be attached to this e-mail, > > you need openPGP software to verify it. See: http://is.gd/Y06WEs > > Key fingerprint = 8D9F C567 BEE4 A431 56C4 678B 08B5 A0F2 636D 68E9 > _______________________________________________ > liberationtech mailing list > liberationtech@lists.stanford.edu > > Should you need to change your subscription options, please go to: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > If you would like to receive a daily digest, click "yes" (once you click > above) next to "would you like to receive list mail batched in a daily > digest?" > > You will need the user name and password you receive from the list > moderator in monthly reminders. You may ask for a reminder here: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > Should you need immediate assistance, please contact the list moderator. > > Please don't forget to follow us on http://twitter.com/#!/Liberationtech > -- Best regards, Susanne Fischer Susanne Fischer Middle East Programme Manager susan...@iwpr.net mobile +961 70 211 219 -- ------------------------------ This electronic mail message and any attached files are intended solely for the named recipients and may contain confidential and proprietary business information of the Institute for War & Peace Reporting (IWPR) and its affiliates. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Institute for War & Peace Reporting. 48 Gray's Inn Road, London WC1X 8LT, UK. Registered with charitable status in the United Kingdom (charity reg. no: 1027201, company reg. no: 2744185); the United States under IRS Section 501(c)(3); and The Netherlands as a charitable foundation.
_______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech