How digital detectives deciphered Stuxnet, the most menacing malware in history
A very very interesting and bone chilling read.
So I did knew about stuxnet for sometime and I had a vague idea that it was a nasty piece of malware but reading in detail of what it is, makes the hair stand on the back of my head. It’s interesting beyond any measure, especially for a geek.
Casually browsing Reddit and Hacker News today, I saw the same piece of news on both sites almost simultaneously. I clicked through expecting some political stuff. But it was not so much. It also linked to the page linked above. The article was very long, 5 pages long. But just a few paragraphs in, I was pretty darn sure I would end up reading all of it. And so it was. I read it and I don’t regret it a tiny bit.
The article describes how stuxnet’s compiled binaries were decoded and how the people who did it experienced everything around them at that time. And the creepy aspect escalated quickly once they figured out the malware somehow was related to Iranian nuclear plant and their two lead scientists being assassinated. Feels like a typical action movie plot, but it is all real!
The technology was mind blowingly sophisticated, or so the author states and I don’t feel like disagreeing with him. Not one but FOUR zero day exploits were somehow used in a single malware. That’s bad ass. US really wanted to slow Iran down. But how much genius went into creating such beast is beyond me. The kind of techniques used by stuxnet seems like taken from a very high budget, action-drama movie written/directed by a programmer. It’s so good, it feels wrong when you read it.
The environment in which such code would have been written also amazes me. What would it be like to be in a room full of smart people churning out revolutionary code. I used to think it would be very exciting to work at Facebook or Google and write code that people use, but then I read about this. This totally destroys the fun. It’s so interesting that it terrifies me. How would it be to wake up one morning and realizing that you were the one who wrote such code. Or you were the one who designed the architecture that can break into a number of computers without anyone noticing it.
There were alot of clever things about stuxnet. One of them being how damn stealth it’s functionality was. The fact that it changed the readings sent back to the control room is very interesting in itself. A good amount of work must also have gone into just making sure the code’s origin was untraceable.
I really wish stuxnet’s authors would come out and share their experience of creating it but I guess we all know that won’t happen.
Looks like I will finally have Google’s C# compiled binary on my mobile. It still surprises me that I didn’t already have it. But the device itself is pretty ok for the range. 800 GHz, 5MP (flash)/0.3MP, gingerbread, 512 gig RAM, 3.5 inch 320x480 TFT. Should be with me in about 2-3 days. I plan to have a better XOOM or Sony Tablet S down the road. Those specs are alot more appreciable but this Moto Fire is not bad for a mobile either. But I can’t hope to do heavy duty stuff on this. And this won’t get ICS either. Bummer since I don’t want to load a custom ROM. There are a gazillion things that i want to do but the current internet connection will take it’s toll at 256 kbps. Let’s hope I am able to upgrade before package delivers. I plan to get atleast 512kbps. Good thing is I already have a ADSL 2+ WiFi router so that is that.
Also I should probably start writing this stuff in a journal, blog does not seem to be right place for such stuff that has no particular audience.
I am a space enthusiast and I like looking at flashy images of stars. While looking at one such image, I got an idea to make an app that would count the number of stars in such image. Or to simplify, count the number of patches in an image. The app is a HTML5 web app, uses javascript and canvas with no external libraries.
Please have a look at the app wiki for details on how to use the app and how it works.
Live Demo:
http://achshar.com/patch-count
I suggest using “boxes” image first.
App Wiki:
http://code.achshar.com/patch-count/wiki
Source Code:
http://code.achshar.com/patch-count
There are still some issues with the algorithm. The call stack size exceeds if a patch is very big since algo uses recursion to count pixels. Please feel free to contribute :)
So I got Google Drive finally. It looks good and I have decided to keep it despite the fact that I am always looking to reduce the number of programs I have installed on my machine. I believe it’s worth it, at least until the novelty wears out.
There are a few glitches here and there, like all links/files open in IE and there is no way to change that. And one of my mercurial repository’s files are not being synced, rendering the whole thing useless as it won’t work on other machine.
I am looking forward to how it works out. And good luck DropBox. I heard good things about you.
I was reading an article on HN today that was titled Technical = Coder. Non-Technical = Non-Coder. You should have a read if you haven’t already. In the article the author says that people who cannot code should not call themselves ”Technical” when talking to investors or otherwise.
I agree with the gist of the article but I believe there are better ways to put the argument such that it does not disrespect people of other professions that can also come under the ”Technical” heading since the word itself changes meaning with the context.
So after reading comments at the article and HN, I have come up with two definitions of the word ”technical” that would seem to be more suitable in today’s start-up scene.
First: The person has a professional level knowledge and/or experience in the field that the start-up primarily deals with.
Second: If all of company’s assets* were to be taken away, the company can still produce the MVP with the said person and his personal resources** only.
* Like bank balance, employees, work-space, etc, excluding founders.
** Like knowledge, experience, home computer/laptop, etc.
If you fit the above definitions you are technical. I however think the second definition is more appropriate, although the first one cannot be discarded either.
Haven’t been writing for long time. Thanks, exams. I am still half way but this has been a roller coaster ride all the way. First, I had a chance to apply to start-up Chile but I stepped back on last minute because I didn’t know if I will be free in July or not, until the very last minute. I had the whole application filled with all the required documents. The only thing left was to press the “submit” button. But on the last minute I got to know that I did had a commitment that I could not ignore, (The school project) so i backed off.
Then the next day I get an email saying “your application is incomplete, reply to this email if you want to submit it, if you don’t your application will be deleted”. Yup this was after the deadline was over. I don’t know what went through my mind but I ended up emailing them to submit my application. That was not exactly the plan. But Then I though that if I burn alot of midnight oil, I might have a small chance of pulling both things off. (highly unlikely though)
Then I was studying maths a few days ago when I peeked into my Google Reader just for a second and I saw something I was not expecting. One word. Instagream. That was crazy. I skipped a beat. A billion dollars for a photo sharing app! “Not possible” I said to myself out loud. Then quickly turned on my pc only to confirm it. It was a crazy hour. 3 in the morning and a day after I submitted the application to start-up Chile. Not a good time to read something like that. But I had fun reading though.
The deal was good for founders. Hell it was great! They got cash + Facebook’s pre IPO stock. But the content, it irks me. A photo sharing app. Yes the community and user base has value too, and so does the team. But 60,00,00,00,000 rupees for a photo app with filter is just.. I don’t know, it does not feel right. But that’s the developer part of me saying, the entrepreneur in me thinks it was fair. The team did a lot of hard work, especially the back-end work to handle all those Justin Biebers and Taylor Swifts must be painstakingly difficult and not to mention, adventurous.
I would just say congratulation to Kevin and Team. I never got a chance to use the app but it must be good if it gets the kind of press it does. And let’s see what happens about Chile.
Ok i finally got 8 gig ram for my system. Exam prep is on full swing which means less computer time. But I have managed to do some work on the school project and add achshar player to chromeextensions.org. Also the player is back in the store. There was some misunderstanding regarding some policy violations. But everything is fine now.
Also I have been using windows 8 for some time, the consumer preview. And I have to say it looks very good and is snappy and gestures are natural and it all makes sense. And I introduced my mom to win 8 and she seems to get it. But these videos on the internet make it seem that some people may not get it, I understand that but I believe the corners make more sense than a start button. A tutorial/popup regarding the corner is what is needed. I will stick to 8 for the foreseeable future.
So apparently my media player Achshar Player was pulled from the CWS. I am not sure why. I have replied and awaiting a response. This is not good. Here is the crux of the email i got.
Your Google Chrome item, “[Achshar Player],” did not comply with our policies on [Spam] and was removed from the Google Chrome Web Store.
This gives me 0 info as to why was the app pulled. My app was perfectly legit and did not even connect to the internet. How can it possibly “spam”.
The only thing that i can think of is probably the fact that it was a background app. But i used a feature that was available. I did not miss use it, at all. It makes sense for a media player to run in the background. It definitely does not fit my definition of spam.
Now i have to deal with confused users for whom app suddenly disappeared. Maybe they could have set some kind of warning for x days and then pull the app.
So i have been away from my blog for quiet some time now. And in all honesty, i can’t even convince myself to write that i will try to improve. What has been keeping me busy is this school project that i am head deep into. This project is tricky and in all manner a very sophisticated piece of work (for me, at least). But i have a gut feeling i can pull this off and that too elegantly. If it does happen, i plan to open source it once it’s finished. Making it my first open source project.
But before that happens, i have a shit load of work to do. The basic underlying code and internal APIs for the thing is ready and now i am working on the database structure of the project. It’s a fairly cumbursome task but part A of it is almost over.
I can’t speak anything about it yet but hope will soon be able to :) Also Achshar Player sees to be getting some traction again from some Spanish blogs and is about to get to the 2,000 user mark! yay!
