Saturday, November 05, 2011
Duqu - Son of Stuxnet
Duqu, a new malware using the same techniques as Stuxnet has been found infecting systems in Europe.
Though similar to Stuxnet, there are some differences:
1) It does not self-replicate in order to spread itself. Therefore, it is not a worm.
2) It does not contain a destructive payload that damages the hardware. Instead, it is designed to conduct reconnaissance to gather intelligence that can later be used to conduct a targeted attack on the control system.
3) It removes itself after 36 days.
there is some speculation that his malware (or something similar) was used as a precursor to gather intelligence for the Stuxnet attacks in Iran.
Tuesday, May 03, 2011
Stuxnet PLC Virus Update
4/11/2011, Siemens info regarding Stuxnet:
http://support.automation.siemens.com/WW/view/en/43876783
If the link doesn't work, cut and paste it into your browser.
3/2011, Ralph Langner's TED Talk:
http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html
2/15/2011, Colbert on Stuxnet:
http://www.colbertnation.com/the-colbert-report-videos/374401/february-15-2011/david-albright
Symantec Dossier on Stuxnet:
Symantec Video (a little lame):
http://www.youtube.com/watch?v=cf0jlzVCyOI&feature=player_embedded
1/16/2011, NY York times article states that Stuxnet was developed by Israel and targeted PLC's involved in Iran's nuclear weapons program:
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html
10/6/2010, Early Forbes article:
http://www.forbes.com/2010/10/06/iran-nuclear-computer-technology-security-stuxnet-worm.html
9/24/2011, Early Bloomberg video (with inaccurrate descriptions, but interesting anyway):
http://www.bloomberg.com/video/63225920/
Edited on: Tuesday, May 03, 2011 7:57 PM
Categories: Software, Tips
Monday, December 20, 2010
Problem Opening Links in Microsoft Outlook when Firefox is the Default Browser
When opening links in Microsoft Office with Firefox as the default browser, you may get a error message similar to "general failure the url was application not found". The link may or may not open.
To fix, in Windows XP:
1. Open Windows Explorer (or My Computer).
2. Go to Tools -> Folder Options -> File Types
3. Select Extension: "(NONE)" File Type: "URL:HyperText Transfer Protocol"
4. Click "Advanced". In the "Edit File Type" window, select "open" and click "Edit"
5. Uncheck "Use DDE" (the dialog should then hide the lower part).
6. Click OK for that dialog and the next one (afterwards, the "Use DDE" box is still checked but the "DDE Message" box will be cleared, as shown here)
7. Repeat for Extension: "(NONE)" File Type: "URL:HyperText Transfer Protocol with Privacy" (and any other protocols you want to fix)
8. Repeat for Extension: "(NONE)" File Type: "Firefox URL"
9. Repeat for Extension: "HTM" (or "HTML") File Type: "Firefox Document"
Friday, September 10, 2010
Network Tools
This network discovery tool quickly scans your network and displays a list of devices it finds.
Manages network settings for various networks. It's much easier to setup than IPConfig and can save multiple configurations.
Wireless scanning tool similar to NetStubler, but easier to use.
Edited on: Friday, September 10, 2010 5:03 PM
Categories: Software, Tips
Monday, June 21, 2010
Sullair eConnect/PanelView Notes
Application note for A-B PanelView 600 Plus to communicate with Sullair eConnect using Modbus protocol.
PanelView Info
1. Install FT View ME Studio on PC.
2. Install KEP Server Enterprise on PC (all drivers).
3. PanelView Settings:
a. 192.168.2.10
b. 320 x 240 screen size
4. Need to flash PV firmware: c:\Program Files\Rockwell Software\RSView Enterprise\FUPs. Make sure “Ethernet” is selected on Kepware drivers.
5. When upgrading firmware, got “not enough memory” message. Had to change PV startup configuration to “go to configuration screen” instead of “loading and running application”.
6. Apparently, the Kepware configuration is the only thing that affects the PanelView communications setup – not the RSLinx Enterprise settings as normally. After any changes to Kepware, the application must be recompiled.
Sullair Info
1. Econnect design company: ICC Designs, 608-831-1255
2. Econnect card had different IP settings than shown in the book. Used hyperterminal to change them to match the book.
3. Hyperterminal settings for connection: 38400 / 8 / none / 1 / hardware
4. IP address settings for Econnect: 192.168.1.2 / 255.255.255.0
5. Before Sullair system was configured using the HMI, Panel View diagnostics returned an exception 7 (neagative acknowledgement) indicating that the Etherent communications were OK, but that the eConnect was not communicating to the Sullair control system through the RS485 link. The PanelView displayed all “***” in the data fields.
6. Sullair HMI configuration:
a. Factory Setup -> Comm Module -> Yes <Enter>
b. Sequencing -> Sequence By Remote
7. Only one compressor is connected on this application, but multiple compressors could be connected. On multiple setups, Com1 uses addresses 1 through 200, Com2 uses addresses 201 thru 400, etc.
8. Addresses for analog holding registers are offsets. For example parameter 105 is Modbus address 40105 (this shows us as 400105 in the Kepware server).
9. Wired start relay to output 4 (Modbus address 43125 (403215 in the Kepware server). This is dout4, terminal J9/5. Output On =Run (External relay is de-energized). Output Off =Stop (External relay is energized).
10. Remote on Sullair Supervisor must be illuminated (Red) for PanelView remote start/stop button to work.