adamat February 03,2016 I think Stuxnet is one of the coolest things in computer security. I have been glued to every article I could find about this when it happened and it continues to teach us lessons. It is a feat of espionage, engineering, and moral responsibility. Three things that rarely come together. Stuxnet has always raised so many questions for me and I hope that someday the entire story can be told. Stuxnet is also a bit of a Pandora's box. It is a game changer that has changed how attackers write malware and it shows the lengths at which attackers will go to compromise very specific targets. I seriously doubt Stuxnet was the first attack of such sophistication and I can only imagine what it's programmers have worked on since.
BrianDaugetteat February 04,2016 Stuxnet is fascinating from a technical perspective and as a feat of espionage. It's interesting to think that this was basically an instance of covert cyberwarfare. But if you watch one of the other videos posted here, there is a critical shortage of defined laws and norms of behavior when it comes to cyberwar. So in essence, We are lacking laws and norms of behavior for something that is already being conducted. Scary indeed. Just glad Stuxnet was used for a good cause.
rburkettat February 05,2016 Stuxnet is a classic example of an advanced persistent threat. It is software that appears to do as little as it needs to do to be effective against it's particular target and also to maintain persistence. It took advantage of multiple zero-days which shows the advanced nature of the attackers. Unlike script kiddies or opportunistic hackers, Stuxnet was very focused and well-thought out and it makes me wonder what else is out there that we don't yet know about.
mcoates1at February 07,2016 What I found to be amazing about the Stuxnet virus is how intricate it was in transmitting itself from machine to machine in such a secure network. As the presenter mentioned at the end regarding his biggest fear, it is very uneasy thinking about what people are currently developing in terms of viruses and malware that can potentially cause tremendous amounts of unrepairable damage to many infrastructures in nations around the world.
nickat February 10,2016 God bless Nachenberg on his presentation. Nachenberg was able to describe the very complex Stuxnet campaign in close to layman's terms in a concise and enthusiastic presentation. Unfortunately, when ever the camera panned to the audience, you'd have thought he was discussing the U.S. tax code. As soon as Nachenberg mentioned Step7 and PLCs you can almost hear eyes glazing over. This video, I believe, illustrates very clearly the problem of trying to educate and inform political, corporate, law enforcement, educators and the general public about network security and the threats to those systems. The audience, one would suspect, are members of the scientific community based on the fact that the presentation is part of Stanford's Center for International Security and Cooperation Conference. If that audience couldn't follow, or be bothered to follow, the discussion, it demonstrates the uphill battle information security professionals have at informing those outside our industry about information security. The second thing I found interesting was when, during the epilogue (not "epilog", lulz), Nachenberg stated he most feared a mechanism to globally disseminate a payload such as Stuxnet. There are many in the industry that think that Conficker was just such a mechanism and may have been part of a test run for Stuxnet, as noted in Kim Zetter's "Countdown to Zero Day." Thought for sure he would have mentioned that fact.