On the subject of viruses
On the technological and political front, the Stuxnet virus is creating lots of comment and speculation. (via Blackfive) It looks to me like an elegantly crafted exploit and the writers' hats more light than dark, since most reported problems are coming from Iran (bad guys) and Indonesia (elastic views of property rights). Some reports claim Stuxnet uses bugs in unpatched Windows 7 installs,such as those that have been pirated. But that's not all--the Windows computers need to be connected to Siemens control software and devices before the virus really goes to town and does anything that creates a problem. Which, of course, is the situation every script kiddy wants to exploit and brag about at Hackercon. Not. It's looking pretty clear there aren't many situations where you have pirated or un-updated-since-2009 Windows computers AND expensive industrial Siemens-only control systems, and one would be the Bushehr nuclear complex in Iran. That exists primarily to create a nuclear bomb to destroy Israel. Israel, by the way, containing an awful lot of very clever computer geeks that don't feel like becoming radioactive gas, thanks all the same.
There has been some vaporing in the press about how this presents an opportunity for terrorism, extortion, yadda yadda. My cynical nature wonders if these critics also think Israel should just lie back and take it. My practical nature notes that given the clever stuff Stuxnet uses and the wide-ranging technical expertise needed -- not to mention a significant intelligence operation to find all the necessary information like chipset security certificates and model numbers of the centrifuges--that your average jihadi is going to stick to goat manure IEDs. Really, it is looking like this is only major government-league stuff.
And it's not like this hasn't been done before. In a very clever trick, in 1982 the CIA got the Soviet Union to blow up its own gas pipeline using pre-hacked control chips the Soviets stole from us themselves. Even better, they had to check every single element for the hack (a non-obvious one) after the explosion to make sure it didn't happen again. This will happen with Stuxnet too. Sure, everyone knows about it now but the Iranians can't be sure what else got infected. They will have to check *everything*, possibly with computers already infected with a "don't notice that" virus, and it will take lots and lots of time and effort -- that won't be available for purifying uranium and making nukes. Sounds like a win to me ...