the world as we write it

smiley status'

    eat my Twitter?

    The Black Rider

    authentic since 1981 'welcome to my bomboclot mind'

    Sunday, August 7, 2011

    Reuter site - Hackers don't need movie magic to wreak havoc

    This article was sent to you from, who uses Reuters Mobile Site to get news and information on the go. To access Reuters on your mobile phone, go to:

    Hackers don't need movie magic to wreak havoc

    Sat, Aug 06 20:10 PM EDT

    By Jim Finkle

    LAS VEGAS (Reuters) - Evil hackers with state-of-the-art computers gain remote control of a power plant and blow it up, killing many people and threatening more mayhem if a huge ransom is not paid.

    It's a storyline straight out of a Hollywood action movie but those attending two of the world's biggest hacking conferences this week learned that such a scenario is not as outlandish as one might think.

    Some of the most alarming research released at the Black Hat and Defcon conferences in Las Vegas reveal vulnerabilities in aging computer systems that run power plants, chemical factories, water distribution systems and other industrial facilities around the globe.

    Boutique research firm NSS Labs uncovered a "back door" in industrial control systems from Germany's Siemens AG that could allow hackers to wreak havoc on nuclear power plants, oil and gas pipelines, water treatment systems, pharmaceuticals factories and other critical infrastructure.

    The "back door" is an undocumented access point that lets someone remotely break into the system using widely available "telnet" communications software and a six-character password that is the same on all Siemens systems and cannot be changed.

    "You get full control," said NSS Labs Chief Executive Rick Moy. "Things could go boom. Pipelines could explode if the pressure isn't monitored properly. Hazardous chemicals and fluids could leak out."

    Siemens spokesman Alexander Machowetz said the company was looking into the matter. "We are not aware of any real case of a hacker taking influence on a controller in one of our customer's facilities," he said.

    The new research from NSS comes after the firm disclosed another security flaw to Siemens in May, which the German company said it addressed with a software update.

    Last summer, researchers discovered the Stuxnet virus, a computer worm designed to attack the Siemens' industrial control systems that operate complicated factory machinery, known as Supervisory Control and Data Acquisition.

    Stuxnet was used to attack a nuclear enrichment facility in Iran in a blow to the country's nuclear program. Some experts have described Stuxnet as a "guided cyber missile" aimed at Iran's atomic program.


    Many industrial plants were built decades ago and then later hooked up to the Internet to make them more efficient. In the rush to embrace the Web, engineers left holes in their systems that hackers have started to exploit.

    "They stayed away from the security community. They wanted to do it themselves. Now they are wide open," said Rick Howard, general manager of VeriSign Inc's iDefense division and one of the researchers speaking at Defcon on securing critical infrastructure.

    Security experts from government agencies and big corporations attend the Black Hat and Defcon conferences every year, crowding into sessions alongside hackers, many of whom use their skills to promote security and fight cyber crime.

    At meetings that run through Sunday, they talked about headline-grabbing attacks, such as the massive cyber espionage campaign disclosed by Intel's McAfee security software unit, in which 72 organizations around the world were infiltrated.

    Howard gave a presentation on Saturday on Stuxnet, the first piece of malicious software to surface that was designed to attack an industrial control system.

    The U.S. Department of Homeland Security warned Congress last month that hackers likely are adapting the code in Stuxnet to build new weapons that could launch attacks on industrial control systems anywhere in the world.

    Jerome Radcliffe, an expert on Stuxnet, said many of the passwords in such systems are hard-coded into the devices, meaning they cannot be changed. That makes makes them easy prey.

    A diabetic, Radcliffe relies on a computer to measure his blood-sugar levels and dose him with insulin as needed. He hacked into that system and figured out a way to send it erroneous dosing instructions or order it to shut down.

    He said hackers could use a similar approach to attack machines used to distribute water to millions of home.

    "My insulin pump is a good human story," Radcliffe said. "It's a one-person deal. But if I could shut off the water for an entire city, that's a disaster."


    Three other hackers say they worked out how to remotely open and close prison-cell doors. These systems are controlled by the same type of computers as many industrial control systems, known as PLCs, or programmable logic controllers.

    The independent hackers conducted their research after spending just $500 to buy a used PLC on eBay and $2,000 for software from its manufacturer, Siemens. They identified security holes and discovered how to take advantage of them to launch an attack.

    So far the hackers -- a father-daughter pair and their friend -- have not tested their theories on a real prison but toured one facility, which they declined to identify.

    They said they saw a prison guard using the computer that controls the PLC to check his Google email, which could potentially give hackers a path to launch an attack.

    "This is a real threat. It's not something theoretical," said one of the hackers, Tiffany Rad.

    (Reporting by Jim Finkle; Editing by Tiffany Wu and Bill Trott)

    Reuter site - Verizon unions strike after contract talks fail

    This article was sent to you from, who uses Reuters Mobile Site to get news and information on the go. To access Reuters on your mobile phone, go to:

    Verizon unions strike after contract talks fail

    Sun, Aug 07 16:33 PM EDT

    By Roy Strom, Sinead Carew and Dhanya Skariachan

    NEW YORK (Reuters) - Almost half the workers in Verizon Communications wireline telecommunications business went on strike on Sunday as negotiations for a new labor contract failed.

    The strike, involving 45,000 workers, is the first walk-out that Verizon, one of the two big U.S. telephone network operators, has faced since 2000, when about 80,000 workers went on strike for about three weeks.

    Verizon and two unions -- The Communications Workers of America and the International Brotherhood of Electrical Workers -- had been in talks since late June but were still far apart when their contract expired Saturday night.

    The workers who went on strike are technicians and customer support employees in the wireline unit, which provides traditional phone services to homes and businesses in the Northeast as well as high-speed Internet and FiOS television service.

    The two sides were unable to agree on issues related to healthcare contributions, pension plans and work rules, according to Verizon and the CWA.

    Verizon is looking to keep costs in check at its wireline business, which has been declining for a decade as customers have disconnected their home phones in favor of cellphone and Internet services.

    A representative for the CWA, which represents about 35,000 of the workers, said that bargaining talks were expected to resume on Sunday while employees were told to start picketing as early as 6 a.m. EDT outside their work locations.

    "A strike is a hardship for all and not to be undertaken lightly," Jim Spellane, an IBEW spokesman said in an e-mail.

    "I think that the fact that we are on strike instead of finalizing an agreement is a testimony to Verizon's intransigence throughout the process," Spellane said.

    Michael Paleski, 45, who has worked for Verizon for 23 years, was one among the roughly 250 people gathered in front of Verizon's Manhattan corporate headquarters, where workers walked in and out of the building to chants of, "Scab! scab! scab!" on megaphones.

    The strikers were all dressed in red and had signs that read, "CWA workers on strike for middle-class jobs."

    "Nobody here wants a strike. I'm sure nobody on the other side wants a strike either. But we're also very disappointed that the company put forward so many demands for givebacks. We feel that's really the sticking point for us," Paleski said.

    "I have two children. I have a wife, a house and two cars. And things are not cheap these days, they're getting more expensive for us. And that's why we need to have the right contract structure."

    On Monday morning, thousands of striking workers will join mass picket lines and rallies at over 100 Verizon work locations across New York and New Jersey to pressure the company to back off its demands, said the CWA.


    "As of now, talks are not taking place today. We're always willing to talk. We're willing to return to the bargaining table at any time," Verizon spokesman Richard Young said in an email on Sunday afternoon.

    "We're in the process of implementing our emergency action plans," Young added.

    Verizon said late Saturday night that it had trained tens of thousands of employees, from retirees to management, to fill the role of the workers who are now on strike.

    "We are confident that we have the talent and resources in place to meet the needs and demands of our customers," Marc C. Reed, Verizon's executive vice-president of human resources, said in a statement.

    Chris King, an analyst at Stifel Nicolaus, played down the impact of the strike on the company.

    "The wireline business is something that Verizon is less exposed to than they have ever been in the past," King said. "They are certainly more comfortable dealing with the strike today than they were 10 years or so ago."

    King, who has a "buy" rating on Verizon, said he sees the impact limited to slower-than-usual installations.


    Among the changes it is seeking, Verizon said it wants to freeze employee pension plans and replace them with an enhanced 401(k) plan." It also wants workers to contribute to healthcare insurance premiums.

    The CWA says the contributions to healthcare that Verizon wants the union members to make were unacceptable, and that increases in deductibles would make the proposed healthcare plan unaffordable.

    It said the profitable company is asking for far too many concessions from affected workers, who include technical and customer service employees in Verizon's wireline business.

    Verizon has 93,000 workers in its wireline business, of whom 58,000 are unionized. Including its Verizon Wireless venture with Vodafone Group Plc, the company's total workforce is 196,000 employees.

    (Reporting by Sinead Carew, Roy Strom and Dhanya Skariachan; Editing by Vicki Allen and Marguerita Choy)

    About Me

    My photo
    If you know me then you know my name. I am The Black Rider and the world is my Flame. The rider writes, observes, creates, produces, and learns the world around him. Ride on. Ride on!

    The Remnants