A week after Crysys, Kaspersky, and the Iranian MAHER CERT published their initial Flame analyses. The MD5-collision-based code-signing pivot, the Microsoft Update path, and what this tells us about the operational tempo of the people who built Stuxnet.
Six weeks since Crysys Lab in Hungary published their Duqu paper, and the question I keep coming back to is what the people who built Stuxnet are doing now. The answer the public technical analysis is converging on.
Year-opening notebook entry. 2010 produced Stuxnet, the WikiLeaks cable response, and the start of the Tunisian protests. The year ahead is going to be about privacy and encryption, penetration testing, and Hedgehog's third year.
December retrospective. 2010 has been substantively significant — Aurora, Stuxnet, WikiLeaks, Anonymous. The cumulative trajectory toward state-grade cyber operations is now operationally visible.
More technical analysis of Stuxnet. The targeting of Iranian uranium-enrichment infrastructure becomes increasingly clear; the structural shift continues.
A new piece of malware, now being called Stuxnet, has emerged. Specific properties suggest substantive nation-state engineering targeting industrial control systems.