Announcement

Collapse
No announcement yet.

Geneva deal reached

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • According to Ash Carter they are still working on the definition of "military sites". A crucial detail amongst several:

    Defense secretary: Bunker-busting bomb against Iran 'ready to go' | TheHill

    Carter also said inspections of military sites must be included in the final deal negotiated with Iran, despite recent remarks by Iran’s Supreme Leader Ayatollah Ali Khomenei indicating they would not be included.

    “It depends on what you mean by military sites, but yes. Absolutely," he said.

    Comment


    • Although no deal is yet fully in place Russia is lifting it's ban on military exports to Iran already - s-3000s are to be delivered which apparently would pose no threat to Israel. Russia opens way to missile deliveries to Iran, starts oil-for-goods swap | Reuters

      Comment


      • Originally posted by citanon View Post
        [LIST][*]We know nothing about Iran's nuclear research facilities, except we knew enough to configure a computer virus specifically for Natanz.
        .
        AFAIK, this isn't as tough to do as you might think. You just need to know what computer software they are running. The mechanism of action is speeding up and slowing down centerfuges, which eventually causes them to break.

        Could be wrong, but you don't need to know the mechanics of the facility or have close monitoring of the facility. And Stuxnet only slowed down Iran for a few months. They've repaired the damage, patched the system, and moved on.
        "The great questions of the day will not be settled by means of speeches and majority decisions but by iron and blood"-Otto Von Bismarck

        Comment


        • Originally posted by GVChamp View Post
          AFAIK, this isn't as tough to do as you might think. You just need to know what computer software they are running. The mechanism of action is speeding up and slowing down centerfuges, which eventually causes them to break.

          Could be wrong, but you don't need to know the mechanics of the facility or have close monitoring of the facility. And Stuxnet only slowed down Iran for a few months. They've repaired the damage, patched the system, and moved on.
          Stuxnet actually looked for the exact configuration of centrifuge banks at natanz. That's how it was able to specifically target that facility.

          Comment


          • http://breakingdefense.com/2015/04/c...-a-first-step/

            Comment


            • Politicking. Nobody knows what the terms are. They have a broad agreement, the hard business of hammering out details has just begun. This is no treaty.

              Comment


              • So, it's looking like the deal is actually helping Iran develop nukes by agreeing to conceal Iranian centrifuge activity.

                http://www.bigstory.ap.org/article/1...ke-constraints

                VIENNA (AP) Key restrictions on Iran's nuclear program imposed under an internationally negotiated deal will start to ease years before the 15-year accord expires, advancing Tehran's ability to build a bomb even before the end of the pact, according to a document obtained Monday by The Associated Press.

                The confidential document is the only text linked to last year's deal between Iran and six foreign powers that hasn't been made public, although U.S. officials say members of Congress who expressed interest were briefed on its substance. It was given to the AP by a diplomat whose work has focused on Iran's nuclear program for more than a decade, and its authenticity was confirmed by another diplomat who possesses the same document.

                Both demanded anonymity because they were not authorized to share or discuss the document.



                The diplomat who shared the text with the AP described it as an add-on agreement to the nuclear deal in the form of a document submitted by Iran to the International Atomic Energy Agency outlining its plans to expand its uranium enrichment program after the first 10 years of the nuclear deal.
                In the realm of spirit, seek clarity; in the material world, seek utility.

                Leibniz

                Comment


                • Originally posted by citanon View Post
                  Stuxnet actually looked for the exact configuration of centrifuge banks at natanz. That's how it was able to specifically target that facility.
                  Yes and No. To run a hardware, software is needed. Those are embedded software. Humans build software, which is prone to defects. No software is 100% foolproof or safe. It's just a matter of time before someone with the right or wrong intention finds out the vulnerability and exploits it. A cloud based system, say for example Facebook or Twitter is connected by internet. So, a guy sitting in Nigeria, proficient in his work as Grey/Black hat, would need just an internet connection to try and find out vulnerabilities. But how does someone exploit the centrifuges of an Iranian nuke plant which is not connected to the internet?

                  Most of the hacking that takes place, and that we hear about in news consists of a couple of exhaustive steps:
                  #1. Reconnaissance
                  #2. Scanning
                  #3. Gaining entry/access
                  #4. Maintain that entry/access
                  #5. Clean-up, i.e. covering tracks

                  Depending on the target and the attack mode, the list can add/drop/tailor a step(s).

                  Reconnaissance is the basic and the first step. Throughout. Spying/hacking. The guys who developed Stuxnet found out that the Iranians were using Siemens S7 PLCs. It's an embedded control systems software for running automated processes in chemical plants, refineries and nuke plants too. These PLCs are mostly controlled by computers, and Stuxnet was coded to look for a particular model of Siemens Simatic WinCC/S7 controller software (I don't remember the model name, as it was years ago). If it does not find a system running Step7, it does not do anything, it's then harmless. But, as soon as it finds one, it infects the PLCs and changes bits of data of the PLCs. Obviously Siemens did not know about this vulnerability and so the thought of patching it did not occur. To code Stuxnet, those guys would set-up a shell company and use untraceable money to buy the software and then go through months of reading the TAD, features and functions, source code and find a vulnerability.

                  Now that Stuxnet was developed, how to deploy it in the nuke plant, which is not connected to the internet. They used flash drives. Have you guys heard of the NSA bugging CISCO routers in between shipment from the production plant to their destination? It's something like that. Find out what flash drives people/scientists at the plant use. Which company? Distributor? Find out the last point in transit, and infect all of it. Rumor has it that India's INSAT-4B satellite failed due to a power glitch in the solar panels because of Stuxnet.
                  Last edited by Oracle; 19 Jul 16,, 06:40.
                  Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!

                  Comment


                  • STUXNET was 40 megabytes.
                    Chimo

                    Comment


                    • Originally posted by Officer of Engineers View Post
                      STUXNET was 40 megabytes.
                      Sir, the size is not 40MB, it's ~ 1MB. Flame was 20 times larger @ ~ 20MB. What is the context here?
                      Last edited by Oracle; 20 Jul 16,, 03:34.
                      Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!

                      Comment


                      • That this could not be done without access to trusted domains to distribute the software.
                        Chimo

                        Comment


                        • Originally posted by Officer of Engineers View Post
                          That this could not be done without access to trusted domains to distribute the software.
                          It could, and it was successful. That was the whole point. Stuxnet was the John Travolta of worms. The Americans and the Israelis did not compromise the source code of S7, they merely infected it. Stuxnet's driver files used a valid signed certificate from RealTek Semiconductor and also JMicron Technology to fool the systems to believe the malware was a trusted program, both are hardware companies. But it was never revealed how it was done. Did they physically break into those companies and steal the certificates or remotely hacked them, no one knows. I personally think NSA maintains access to all fortune 500 companies and beyond that number, remotely.

                          Infected flash drives-->Computer with the control system in nuke facility--> Autorun and LNK--> passes on to other systems in the LAN.
                          Last edited by Oracle; 20 Jul 16,, 04:28.
                          Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!

                          Comment


                          • its about context here as well. eg the majority of logic controllers that were targeted were data gate controllers, ie if recognised then continue with action. once you open some controllers the rest of the system is dumbed down to "if exist" actions

                            PLC's and the like were previously never regarded as threat vehicles because they were so innocuous. That's the primary beauty of transports like stux

                            and those PLC's are everywhere, they are not security devices in their own right, they are binary or staged gates where if information is packaged as expected, then they will pass them through to perform the task - there was no security testing at PLC because they were never seen as "proper systems"
                            those PLC's control everything from a security gate, to a timer, to a valve release, to fridges (where they've also been used to ruin whats been protected by the refrigeration system such as bacteria samples etc...). dams, power stations, sluice gates, cold storage, armouries, you name it, a PLC will be in there somewhere.
                            its the same analogy as watching your george foreman roaster cooking a chicken, the logic board accepts any actions as it assumes a safe environment as its regarded as a captive system. if you were able to hook up the roaster to an outside logic board, you could take control of the roaster and get it to turn on and off whenever you wanted, at whatever temps you knew that the thermistor worked on and all without triggering the user as the only visible element to the outside world is the timer. as far as you're concerned the roaster is doing its magic and you trust it to cook the chicken without shrinking it to the size of a quail and as black as satans heart.

                            its an oversimplification to explain the reason as to why stuxnet was so successful, but the principles are the same.

                            PLC's were never seen as a threat as they were benign gates. breach the forecourt and eventually you own the gate, when you own the gates you control what comes in or out and at a time and place of your choosing.
                            Last edited by gf0012-aust; 20 Jul 16,, 05:30.
                            Linkeden:
                            http://au.linkedin.com/pub/gary-fairlie/1/28a/2a2
                            http://cofda.wordpress.com/

                            Comment


                            • /\/\/\ Nice explanation. Also consider this, Siemens developed the first version of Simatic in 1958. And security testing was not taken into account by many corporate until late 90s, or more appropriately, seen as a necessary objective for industrial control systems. Threat perception was nil. Who would want to mess with the microwave I use to heat my food?
                              Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!

                              Comment


                              • From yesterday's Wall Street Journal:

                                A United Nations report on the Iran nuclear deal hailed the country for keeping its nuclear commitments, while criticizing actions unrelated to its nuclear program that are seen as damaging to the momentum and spirit of the deal.

                                The 17-page report, timed around the first anniversary of the deal, was released Monday by U.N. Secretary-General Ban Ki-moon.

                                Mr. Ban pointed to Iran’s launches of long-range ballistic missiles and reports that it shipped weapons to Yemen and Iraq.


                                Read the rest at http://www.wsj.com/articles/u-n-iran...eal-1468933170

                                Comment

                                Working...
                                X