quote:

If stuxnet was encrypted using over the counter tools then it would already be fully decrypted and reverse engineered. Since it is being decrypted by hand by the top people in the field that tells me, a professional software developer with 20+ years experience, that this isn't an over the counter encryption technique.

This program is designed to violate both the security of USB and of the siemens indsutrial controllers in ways not previously known. one hacker might find an unknown vulnerability but 2?

The people disassembling this thing are quite sure it is lokking for a single specific industrial process. The "payload" is keyed to only be activated on that specific system and to do very specific things to that system. That requires in depth knowledge of that industrial process.

As I said above this is extremely unlikely to be a single p[erson. The skillset is too broad and the program is too big and too sophisticated to be a single coders effort.

quote:

They have the keys. They have to be built into the code in order for the software to decrypt itself. That's why systems that encrypt/decrypt themselves can be reverse engineered at all.

quote:

ORIGINAL: hertz

quote:

They have the keys. They have to be built into the code in order for the software to decrypt itself. That's why systems that encrypt/decrypt themselves can be reverse engineered at all.

It's not an area I have any expertise in, but I am left wondering what the point of encrypting software might be, if you then have to leave the key hanging around in order for it to be decrypted? That's a bit like putting a huge fuck-off lock on a safe vault and then leaving the key under the doormat...

To be honest, I am not even convinced by the whole encryption part of this story. Yes, there are lots of reports that Stuxnet uses encrypted dlls, but there is very little information about what that might mean and how heavy the encryption might be. I note too that the issue of encryption is raised in the way that Stuxnet is apparently using stolen encryption  keys to fake digital signing as an anti anti-virus measure.

quote:

ORIGINAL: mnottertail

Only the public key has to be there, not the private key, it is a key in two parts......

Decrypting is finish this sentence:

I was born in Tupelo, Mississippi, got up here.....................(finish the sentence correctly) 


http://en.wikipedia.org/wiki/Public-key_cryptography

quote:

However the program itself has to have the key(s) needed to decrypt the DLL so the researchers had to monitor the program while it runs to discover the encryption technique and the key(s) involved. This isn't impossible but it is tedious and time consuming. This is why its taking so long to reverse engineer the virus to figure out what it is supposed to do.

quote:

It would be pretty incredible if it turned out that it was a single extremely determined individual who did this.

quote:

ORIGINAL: mnottertail

well, seems to me that the encrypted public-private keys could be publicly privately encrypted and spread across the service programs pasa or pssa(what you would call your dlls (service programs) in your world in the program static storage area (pssa or your code segment) and the program active storage area (your data seg) and we all know about self modifying code to do the duty anyhow right, so that you gotta see it run and catch it modifying itself to grab the keys.

quote:

I do find it interesting that you post info from symantec that confirms what I've said and directly states it is extremely unlikely that a single hacker did this. Did you not read the article?