Frank Heidt - Leviathan Security Group http://www.leviathansecurity.com/blog/ en Serendipity 1.6 - http://www.s9y.org/ Thu, 26 Jan 2012 07:09:44 GMT http://www.leviathansecurity.com/blog/templates/default/img/s9y_banner_small.png RSS: Frank Heidt - Leviathan Security Group - http://www.leviathansecurity.com/blog/ 100 21 An Illustration of the Dichotomies in Security Industry Reportage http://www.leviathansecurity.com/blog/archives/13-An-Illustration-of-the-Dichotomies-in-Security-Industry-Reportage.html http://www.leviathansecurity.com/blog/archives/13-An-Illustration-of-the-Dichotomies-in-Security-Industry-Reportage.html#comments http://www.leviathansecurity.com/blog/wfwcomment.php?cid=13 0 http://www.leviathansecurity.com/blog/rss.php?version=2.0&type=comments&cid=13 nospam@example.com (Frank Heidt) On the front page of Google news just now. The difference in the reporting style between the business and technology press has rarely been more stark.<br /> <br /> <img src="http://leviathansecurity.com/blog/uploads/contradiction.jpg" alt="Leviathan Security Group" /> Wed, 25 Jan 2012 17:00:00 -0700 http://www.leviathansecurity.com/blog/archives/13-guid.html Stuxnet Speculation Jumps The Shark http://www.leviathansecurity.com/blog/archives/10-Stuxnet-Speculation-Jumps-The-Shark.html http://www.leviathansecurity.com/blog/archives/10-Stuxnet-Speculation-Jumps-The-Shark.html#comments http://www.leviathansecurity.com/blog/wfwcomment.php?cid=10 0 http://www.leviathansecurity.com/blog/rss.php?version=2.0&type=comments&cid=10 nospam@example.com (Frank Heidt) One of the lessons I remember best from my early security career with Uncle Sam was the maxim: “crawl, don’t jump to conclusions.” Having heard of various <a onclick="_gaq.push(['_trackPageview', '/extlink/www.securelist.com/en/blog/272/Myrtus_and_Guava_Episode_3']);" href="http://www.securelist.com/en/blog/272/Myrtus_and_Guava_Episode_3" title="http://www.securelist.com/en/blog/272/Myrtus_and_Guava_Episode_3">botanic</a>, <a onclick="_gaq.push(['_trackPageview', '/extlink/my.opera.com/JesusIsLife/blog/stuxnet-myrtus-queen-esther-vs-haman-iran']);" href="http://my.opera.com/JesusIsLife/blog/stuxnet-myrtus-queen-esther-vs-haman-iran" title="http://my.opera.com/JesusIsLife/blog/stuxnet-myrtus-queen-esther-vs-haman-iran">historic</a> and <a onclick="_gaq.push(['_trackPageview', '/extlink/blogs.forward.com/the-shmooze/tags/myrtus/']);" href="http://blogs.forward.com/the-shmooze/tags/myrtus/" title="http://blogs.forward.com/the-shmooze/tags/myrtus/">religious</a> analysis on how the word “myrtus” - in a build path to a PDB file - clearly indicates that the Israelis are responsible for the Stuxnet worm, I have to conclude that this story has officially jumped the shark. <br /> <br /> Here’s what the string in question looks like in ASCII:<br /> <br /> b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb<br /> <br /> I’ve had a bunch of SCADA security experience back in the day, and specifically with WinCC, so this path looked strangely familiar. What if we take the mystical word “myrtus” and write it like it would appear in the GUI like so: “My RTUs”.<br /> <br /> Okay, can we stop speculating now until we have enough collective information? <br /> <br /> Kthxbye.<br /> <br /> P.S. Also, this really does highlight how ‘strings’ is not the best tool for reversing.<br /> Mon, 04 Oct 2010 20:55:49 -0700 http://www.leviathansecurity.com/blog/archives/10-guid.html