2010年9月27日 星期一

網絡戰

finance.yahoo.com

WASHINGTON (AP) -- A powerful computer code attacking industrial facilities around the world, but mainly in Iran, probably was created by experts working for a country or a well-funded private group, according to an analysis by a leading computer security company.

The malicious code, called Stuxnet, was designed to go after several "high-value targets," said Liam O Murchu, manager of security response operations at Symantec Corp. But both O Murchu and U.S. government experts say there's no proof it was developed to target nuclear plants in Iran, despite recent speculation from some researchers.

Creating the malicious code required a team of as many as five to 10 highly educated and well-funded hackers. Government experts and outside analysts say they haven't been able to determine who developed it or why.

The malware has infected as many as 45,000 computer systems around the world. Siemens AG, the company that designed the system targeted by the worm, said it has infected 15 of the industrial control plants it was apparently intended to infiltrate. It's not clear what sites were infected, but they could include water filtration, oil delivery, electrical and nuclear plants.

None of those infections has adversely affected the industrial systems, according to Siemens.

U.S. officials said last month that the Stuxnet was the first malicious computer code specifically created to take over systems that control the inner workings of industrial plants.

The Energy Department has warned that a successful attack against critical control systems "may result in catastrophic physical or property damage and loss."

Symantec's analysis of the code, O Murchu said, shows that nearly 60 percent of the computers infected with Stuxnet are in Iran. An additional 18 percent are in Indonesia. Less than 2 percent are in the U.S.

"This would not be easy for a normal group to put together," said O Murchu. He said "it was either a well-funded private entity" or it "was a government agency or state sponsored project" created by people familiar with industrial control systems.

A number of governments with sophisticated computer skills would have the ability to create such a code. They include China, Russia, Israel, Britain, Germany and the United States. But O Murchu said no clues have been found within the code to point to a country of origin.

Iran's nuclear agency has taken steps to combat the computer worm that has affected industrial sites in the country,ghout the country, including its first nuclear power station just weeks before it was set to go online. Experts from the Atomic Energy Organization of Iran met this past week to discuss how to remove the malware, according to the semiofficial ISNA news agency.

The computer worm, which can be carried or transmitted through portable thumb drives, also has affected the personal computers of staff working at the plant, according to IRNA, Iran's official news agency. The news agency said it has not caused any damage to the plants major systems.

German security researcher Ralph Langner, who has also analyzed the code, told a computer conference in Maryland this month that his theory is that Stuxnet was created to go after the nuclear program in Iran. He acknowledged, though, that the idea is "completely speculative."

O Murchu said there are a number of other possibilities for targets, including oil pipelines. He said Symantec soon will release details of its study in the hope that industrial companies or experts will recognize the specific system configuration being targeted by the code and know what type of plant uses it.

At the Homeland Security Department's National Cybersecurity & Communications Integration Center, a top U.S. cyberofficial on Friday displayed a portable flash drive containing the Stuxnet code and said officials have been studying it in the lab.

"I've let this run wild to see what it would do," said Sean McGurk, director of the cyberoperations center. "So far we haven't seen a lot of smoke coming out, so we know it's not doing anything specifically malicious right now."

Experts at the Energy Department's Idaho National Laboratory have been analyzing it.

McGurk said that "it's very difficult to know what the code was developed for. When you talk about specifically attributing it to a facility with a set purpose from a nation-state actor or criminal actor or 'hacktivist,' it's very difficult for us to say specifically, 'This is what it was targeted to do.'"

Experts in Germany discovered the worm, and German officials transmitted the malware to the U.S. through a secure network. The two computer servers controlling the malware were in Malaysia and Denmark, O Murchu said, but both were shut down after they were discovered by computer security experts earlier this summer.

In plain terms, the worm was able to burrow into some operating systems that included software designed by Siemens AG, by exploiting a vulnerability in several versions of Microsoft Windows.

Unlike a virus, which is created to attack computer code, a worm is designed to take over systems, such as those that open doors or turn physical processes on or off.

AP Broadcast Correspondent Sagar Meghani and AP writer Nasser Karimi in Tehran, Iran, contributed to this report.

2010年9月5日 星期日

Barcamp Hong Kong 2010

Time : 2010-09-18 9:30 - 18:00
Location : Hung Hom, Poly U, 1/F, N+M core, MIC studio G/F P core

Registration : http://www.barcamp.hk/

Facebook : http://www.facebook.com/group.php?gid=6146785447

「BarCamp 香港 2010」已經訂了新日子和地點!

日期:2010 年 9 月 18 日星期六

地點:香港理工大學

* 上午 9:30 在 Core P 的 Multimedia Innovation Centre (MIC) Studio 開始
* Sessions 會在 Core M 和 Core N 一樓的八間房進行

如果你想協助籌辦今次活動,請聯絡左方的任何一位管理員 (Admins)。

你亦可以在這 Wiki 上寫下你的想法和提議 :
http://barcamp.org/BarCampHongKong

世界各地的 BarCamp 主頁:
http://barcamp.pbwiki.com/

2010年9月4日 星期六

三星東芝 齊推iPad殺手

文匯報

蘋果4月推出iPad後賣個滿堂紅,短短80日便賣出超過300萬部,其他廠商亦想分一杯羹,韓國三星和日本東芝都在德國柏林一個展覽上,公布運行Google Android作業系統的全新平板電腦,與iPad對撼。

7吋屏幕重量減半

 三星推出的平板電腦Galaxy Tab有7吋觸控屏幕,較iPad的9.7吋小,但採用Android 2.2作業系統,可顯示Adobe的Flash格式。Galaxy Tab重0.8磅,只有iPad的一半,將於月中在歐洲率先推出。

 iPad在歐美售價分別是499歐元和499美元(約4,995和3,878港元),但據稱三星Galaxy Tab在德國會貴達799歐元(約7,998港元)。

 東芝推出的平板電腦則名為Folio 100,擁有10.1吋屏幕,售價只需399歐元(約3,994港元)。

 除了三星和東芝,韓國LG和美國的HP都將很快推出平板電腦,戴爾(Dell)亦推出5吋屏幕、儼如智能手機的平板電腦。聯想、摩托羅拉、華碩等等都已對這個市場虎視眈眈。

 雖然其他廠商都磨拳擦掌,但有市場調查公司表示,蘋果的iPad 2012年前都會繼續壟斷全球平板電腦市場,今年出貨量佔全球的74.1%。

 ■綜合外電消息/《華爾街日報》