|19.8.2017||Posted by Zdziarski under Blogy a osobní weby|
“Our worm is the first that can propagate through Siemens PLCs without support from PCs or any other system,” Spenneberg told The Register“Imagine a PLC is intercepted on the way to your plant, or by the vendor; there is little you could do to detect this and it would quickly spread throughout your plant.“We can create a denial of service, killing infected PLCs … imagine this happening to a major plant.”These so-called interdiction attacks are known compromise methods of nation-states.The pair set up a test power plant to demonstrate how the worm could successfully rip through a utility without need of an infected PC.The LED lights blinked and died as the worm hopped between PLCs, staying within the so-called maximum cycle time of 150 milliseconds.Defenders must hope to identify the attack at the initial stages, but separate research also demonstrated at the BlackHat Asia conference promises to cloak Spenneberg and Brüggeman’s malware.IOActive researcher Alexander Bolshev told The Register his work allows frequency and amplitude modifications in waves generated by control PLCs to allow an attack to be masked.The research, which he conducted alongside Honeywell security boffin Marina Krotofil, means an attacker could, for example, break into a remote station along a major gas line, determine normal frequency patterns, and repeat those waves with high-frequency components added to cloak a destructive intrusion.
Bolshev demonstrated the attacks using a Siemens S7 controller and a motor, but stresses the flaw is not part of the S7 and is instead thanks to poor architecture design.“We introduce a signal that disrupts the motor while keeping the controller completely blind,” Bolshev told The Register at the Singapore conference.Utilities could detect his attack by replacing the hardware – in his example the S7 – with gear that can detect much higher frequencies, and install low pass filters around actuators and PLCs.Recent network-borne attacks against utilities including that of Ukraine’s Prykarpattya Oblenergo and Kyivoblenergo utilities revealed this year have proven such attacks are within the practical imagination of determined attackers who are willing to conduct attacks in person.Protecting against such attacks, however, is costly, and requires hardware to be upgraded ahead of refresh cycles, with all the ensuing massive cost of legacy system integration that implies.
- Battery for Lenovo ThinkPad SL400
- Battery for Lenovo ThinkPad L412
- Battery for LENOVO ThinkPad Edge E530
- Battery for LENOVO ThinkPad Edge E430
- Battery for LENOVO ThinkPad Edge E425
- Battery for LENOVO ThinkPad Edge E130
- Battery for Lenovo ThinkPad Edge E125
- Battery for Lenovo IdeaPad Y460G
- Battery for Lenovo IdeaPad G575
Emails are still trickling in with readers trying to trump the almost nineteen-year-old server we found was just being decommissioned back in January.A recent missive from reader Ian piqued our interest because it said he’s still running a Timex Sinclair 2040 printer bought in 1982!The 2040′s a thermal printer based on the ZX Printer, the £49.95 printer created by Sinclair to accompany its cheap-as-chips ZX81 computer. The ZX printer used 10cm-wide black paper with a silvery top layer. The printer evaporated that top layer, printing characters by exposing the black beneath. Characters occupied an 8×8 matrix at 32 characters per line and eight lines per inch. The machine’s output was very hard to read: your correspondent had at least one teacher who refused to accept essays burned into the slightly grubby paper.Timex did much of Sinclair’s contract manufacturing and decided it might have a go at selling the ZX range into the USA, where the ZX Printer became the Timex Sinclair 2040. Improvements included a dedicated power pack.Ian says his machine was acquired in 1982 and is still going strong. He uses it to print notes and labels.He finds the appropriate paper on eBay or, when needs must, “a roll of fax paper cut down to the right size, then wrapped around a Pritt Stick* tube fits nicely in the paper roll area on the printer!”
A Reg reader has passed on the most beautiful email exchange we’ve seen this year, between himself and UK backup business Monster Cloud, after the company suddenly bumped up its prices mid-contract.The London-based reseller came under fire from customers earlier this month when customers who had paid £50 for a year’s worth of unlimited cloud-based storage were told that they actually had to pay an extra £30 a month for 1TB, while the former offer of £2.99 a month for 1TB of storage was bumped up to £36 a month.The hike was driven by sweeping price increases at LiveDrive, of whom Monster Cloud is a reseller.As reported on our sister publication The Channel, many of LiveDrive’s customers have complained that the increased costs will “kill” them, though we’re only aware of one reseller attempting to pass on this burden – as well as costs – to its customers.Monster Cloud’s new prices are to kick in on May 14, a month from when the announcement was made. Despite having sold its year-long £50 special offer to customers, Monster said, as its service runs month-to-month, its terms and conditions allow them to raise prices at any time.
- Battery for Lenovo B570
- Battery for lenovo B470
- Battery for Lenovo B460
- Battery for IBM ThinkPad T60p
- Battery for IBM ThinkPad T60
- Battery for IBM ThinkPad T40
- Battery for IBM ThinkPad R60
- Battery for Lenovo ThinkPad T520i
- Battery for Lenovo ThinkPad T510i
- Battery for LENOVO ThinkPad T430si
Without further ado or editorial emphasis, we now proudly reproduce this wonderful exchange between a Reg reader keen to cancel his subscription, and Monster Cloud:In a troubling development today, IBM demonstrates it still hasn’t quite grasped this cloud computing thing at all.Big Blue’s boffins have built a quantum-computing processor featuring five superconducting qubits, and installed it in the IBM T.J. Watson Research Center in New York. IBM is now inviting people to request access to it.Once you’re granted an account and logged in over the internet, you can, we’re told, work with the individual quantum bits (qubits), and explore tutorials and simulations around what might be possible with quantum computing, all from the comfort of your PC or tablet. That’s handy for fellow boffins, we assume.For really rather depressing reasons, though, this announcement is presented to the world and pageview-ravenous tech journos under the banner IBM Makes Quantum Computing Available on IBM Cloud. The service is described thus:On Wednesday, May 4, for the first time ever, IBM is making quantum computing available via the cloud to anyone interested in hands-on access to an IBM quantum processor, making it easier for researchers and the scientific community to accelerate innovations, and help discover new applications for this technology.
Really? Via the cloud? To anyone interested? Within the same breath, IBM, we’ve gone from anyone interested to researchers and the scientific community. It’s a shame IBM stopped there. One more paragraph, and we’ll have whittled down the user base to just PhDs. Hop over the full-stop, and this quantum computing experience will be exclusively for Nobel Prize winners only.