hi sc-l, The initial flurry of coverage about the Stuxnet worm (all about 0days, rootkit stealth, and botnet CC) was barking up the wrong tree. Turns out that Stuxnet was aimed at injecting code directly into a programmable logic controller and thus directly impacting a physical system. On Tuesday, I was in the room with a bunch of hard core process control engineers when the first analysis was published. Stunning. And awful.
Here are my thoughts about stuxnet in "How to p0wn a Process Control System" <http://www.informit.com/articles/article.aspx?p=1636983> It is critical that we all understand that software security goes well beyond web applications. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
