* Posts by ProfessorLarry

9 posts • joined 22 May 2011

Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machines


Re: Hardware failsafes?

Autoignition temp of ordinary paper is actually around 480F. But "Fahrenheit 451" is a cooler (ha ha) book title.

HBO slaps takedown demand on 13-year-old girl's painting because it used 'Winter is coming'


Trademarked speech

The idiocy of allowing the trademarking of common, widely used phrases was mapped out and lampooned in my 1995 column "Registered Peopleware," reprinted in _The Peopleware Papers_ (Prentice Hall, 2001). The bulk of the story is constructed almost entirely from trademarked words and phrases, such as "We've thought of everything", "The Best Solution", and "Bad Idea." Pity the poor meteorologist or climate scientist who now can no longer say "winter is coming." [Disclaimer: All trademarks and service marks are the property of their respective owners.]

Airplane HACK PANIC! Hold on, it's surely a STORM in a TEACUP


Real possibilities

"More difficult than you might think" is a far cry from "not possible." The press has been gleefully reporting "experts" and official spokespersons reassuring us that the IFE and critical flight control systems are "separate" systems that are not interconnected. However, in testimony before the US Senate, United president and CEO Jeff Smisek indirectly acknowledged that critical flight systems and passenger Wi-Fi are, in fact, interconnected. "There are clear firewalls between a Wi-Fi system and any kind of control." Firewalls, of course, can be breached, which is what hackers are good at.

Boeing actually deliberately designed passenger cabin and flight systems on the 787 DreamLiner to share network components because it enabled them to save some 900+ kg, meaning there are any number of possible crossover points.

Digital hijacking of a commercial airliner is an unlikely scenario but denial will not make very real and demonstrated vulnerabilities go away. Before Roberts flamboyantly grabbed the spotlight, other security researchers (Teso, Santamarta among them) had demoed techniques to accomplish what he has claimed.

--Prof. Larry Constantine (pen name, Lior Samson, author of Flight track)

Mars needs women, claims NASA pseudo 'naut: They eat less


Small is beautiful

It's all about mass and metabolism. Astronauts on extended missions and Mars colonists should be short people. Put an upper limit of 150-160cm and 50-55kg to qualify and the savings in supplies, fuel, equipment, and construction would be enormous. The savings cascade, because smaller people will need smaller bunks, smaller suits, etc., as well as consuming less calories and oxygen.

Han Solo headed for lengthy stay in bacta tank after Bay Door Control cockup


"Somewhat elderly Ford"? I am sorry, 71 is NOT elderly, not even somewhat. Ford and I are both just kids!

--Larry Constantine (pen name, Lior Samson)

How Britain could have invented the iPhone: And how the Quangocracy cocked it up


Not Invented Here?

History is riddled with tales of inventors who were screwed over or not credited or who just missed out. And very often, history eventually reveals that whatever we may have thought, some widget or technique was actually invented earlier or by someone else. Somebody or some company or some country gets (or takes) the credit, and that's what the history books and the patent offices record. Consider the big Darwin celebrations and the "rediscovery" of Alfred Wallace and how the Royal Society conspired...

Hell, I am co-inventor with a US patent on the technique that Apple used to let users know they were actually ejecting a disc not discarding it in the recycle bin yet never received a shilling or even a thank you. That's just how things work in the real world.

In the frenetic and fractured world of high tech, a majority of good things are no doubt independently "invented" by many people at more or less the same time. Most of them will never be recognized or benefit. And most will not even have a dysfunctional quango to pass the blame onto.

--Prof. Larry Constantine (pen name, Lior Samson)

Prof casts doubt on Stuxnet's accidental 'great escape' theory


I would love to join the conversation

I would enjoy getting into the dialogue, but the moderators seem not to have accepted my post in response to the various comments. I would humbly request the moderators restore/allow my responses.

I do not think being Jewish or not is germane to the discussion; Jews in and out of Israel have many different positions on Middle East politics and are as capable of impartiality (or not) as any other ethnic/religious group.

To Ross K, whether art imitated life or life art is a bit messy in this case. In 2003, I designed a Stuxnet-style attack on U.S. infrastucture as part of my notes for Web Games. It took me 7 years to write the novel, but I finished the manuscript just before Stuxnet was reported in summer of 2010. It took another 5 months for the book to go through editing and revision to make it into print. Bad timing on my part, but again, it hardly relates to expertise or its absence. In any case, I am not trying to tout my expertise, but attempting to argue that there is a reasonable technical basis for questioning Sanger or his sources or both.

I am sorry if some of the technical details are muddled by the format of a live podcast interview. I intend to get a more properly argued and annotated piece published. I did try to clarify some of my intent in the deleted earlier comment. If the moderators do not release it, I will attempt to reconstruct and re-post later.

In any case, my real agenda is to stir up enough discussion that mainstream media begin a closer examination of all of Sanger's claims. I can only comment with any confidence on this one small matter.

--Larry Constantine (pan name, Lior Samson)


Another shilling's worth

I am delighted by the discussion here, since bringing these issues into the open was my immediate agenda. Understand, a podcast interview is not conducive to the most precise semantics or the finest technical details. I want to apologize if I left some unnecessary ambiguities in my ad hoc answers. I turned to that forum (thank you, Steven Cherry) because none of the mainstream media--print or electronic--would touch the story, a curious matter in itself.

As to how wild or widespread the infection was, what I was trying to highlight was that there was never any worldwide indiscriminate spread of Stuxnet by email or Web, as with much malware, but something much more limited based on direct system-to-system connection or sneakernet communication through removable media. As some of the experts here have pointed out, there are some holes (e.g., VPN) that might have allowed Stuxnet to reach beyond the LAN to infect other LANs. In any case, whether 100,000 is a lot of infections or small compared to many other worms, the analysis shows a small number of very tight clusters tied closely to initial points of infection.

I concur that Ralph Langner, a colleague of mine, is probably one of the go-to guys on the PLC side of Stuxnet. And I will underscore, that all my sources are secondary, as I was not directly involved in the forensic analysis.

My main point is that Sanger's narrative is flawed. Whether it is a journalistic failure, sloppy semantics, or disinformation is not for me to say, as I have no access to Sanger or his sources. But the fact that his reporting is being accepted so credulously and that the press is not taking on the story of flaws in his articles and book is troubling.

As to the actual initial infection and route into the facilities at Natanz, my understanding had been that the point of entry was not by directly carrying a doctored USB drive into this highly secure plant, but by infection of adjacent or closely related facilities, with the software then spreading itself as it could until it found the right installation of STEP 7 with precisely the right project files representing the particular frequency-controlled motor configuration. On the other hand, Raviv and Melman, who have sources inside Mossad and the IDF, suggest that the patient-zero USB was carried into the plant by Siemens maintenance engineers under direction of German intelligence (BND) collaborating with HaMossad. I cannot say. What we do know is that in one version of Stuxnet, the first infection (not at Natanz) was within 12 hours of the last compilation timestamp. If accurate, it does suggest that versions might have been hand delivered to specific targets. And it has already been established that Mossad operatives were in Iran at the time.

Perhaps we will someday know the real story, but it is not the one Sanger told, at least on some pivotal details.

--Prof. Larry Constantine (pen name, Lior Samson)

Stuxnet-style SCADA attack kept quiet after US gov tests


What air gap?

Many in the field have known for years that firewalls are often effectively transparent and airgaps are routinely crossed via many routes. Modern PLCs cannot be fully isolated, because new code must be downloaded by way of PLC programming software the must itself be maintained up-to-date (as I argued over at InformIT and in a new article in Cutter IT Journal).

All the way back in 2003, I designed a Stuxnet-style attack on the U.S. power infrastructure that became the plot driver for the Lior Samson thriller, Web Games (Gesher Press, 2010). I have long argued that bright and determined hackers could pull of a real, devastating attack--no nation-state or clandestine services needed. It's nice to finally be validated, but also a bit unsettling. How long before the attack scenario leaves the field of fiction (as in Web Games) and becomes dangerous reality?


Biting the hand that feeds IT © 1998–2020