Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Flame | sKyWIper - 'the son of stuxnet' -

Susanne Fischer susannef at iwpr.net
Tue May 29 15:12:09 PDT 2012


Hello Fabio,

is Wired part of the "media hype"?

http://www.wired.com/threatlevel/2012/05/flame/

They also compare it with Stuxnet. All bullocks?

Best,
Susanne

On 29 May 2012 16:49, Fabio Pietrosanti (naif) <lists at infosecurity.ch>wrote:

> Imho it does not have anything in common with stuxnet.
>
> That's a "poor's man malware".
>
> There just a lot of hype by the AV Vendors and CERTs to claim big
> discovery and get new budget to "fight cyberwar"!
>
> All news and reports try to make "comparison" with Stuxnet.
>
> There is "NO RELATIONSHIP AT ALL" with stuxnet other than the marketing
> intent of the media / malware analysis producer to increase the
> media-coverage of their work.
>
> Some consideration about previous statement and about the FUD intent of
> most researchers/journalists:
>
> - It does not attack PLC and/or any kind of industrial system (Stuxnet
> does)
>
> - It's a fat binary (20MB of trojan it's not stealth)
>
> - It's probably quickly coded (the fact of bundling LUA interpreter tell
> us that the coder it's lazy and wanted to produce quickly usable code)
>
> - It store all it's data in plan-text, standard SQLite3 database with no
> protection / stealthness
>
> - It does not do encryption (only "xor" even if people like to describe
> like if it use "encryption").
>
> - It does not have hidden/stealth startup method (known and already
> used/detected startup methods)
>
> So, imho it's just a big media hype over a not particularly advanced and
> badly designed malware.
>
> -naif
>
> On 5/29/12 3:29 PM, Niels ten Oever wrote:
> > Dear all,
> >
> > I would be very interested in your further analysis on the new cyber
> > espionage software which has been identified as the next generation of
> > Stuxnet which has been named Flame and/or sKyWIper - the son of stuxnet.
> > Further reading here: http://www.crysys.hu/skywiper/skywiper.pdf and
> > here:
> >
> http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers
> >
> > Looking forward for further discussion at the Human Rights Con and on
> > the mailinglist.
> >
> > Cheers,
> >
> > Niels
> > @conflictmedia
> >
> > Niels ten Oever
> > Programme Coordinator
> > S: nielstenoever
> > E: tenoever at freepressunlimited.org
> > T: +31 356254309
> > M: +31 613846622
> >
> > A digital signature can be attached to this e-mail,
> > you need openPGP software to verify it. See: http://is.gd/Y06WEs
> > Key fingerprint = 8D9F C567 BEE4 A431 56C4 678B 08B5 A0F2 636D 68E9
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders. You may ask for a reminder here:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>



-- 
Best regards,
Susanne Fischer

Susanne Fischer
Middle East Programme Manager
susannef at iwpr.net
mobile +961 70 211 219

-- 


------------------------------

This electronic mail message and any attached files are intended solely for the named recipients and may contain confidential and proprietary business information of the Institute for War & Peace Reporting (IWPR) and its affiliates. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail.

Institute for War & Peace Reporting. 48 Gray's Inn Road, London WC1X 8LT, UK. Registered with charitable status in the United Kingdom (charity reg. no: 1027201, company reg. no: 2744185); the United States under IRS Section 501(c)(3); and The Netherlands as a charitable foundation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120530/75aee397/attachment.html>


More information about the liberationtech mailing list