
How Symantec Cracked Stuxnet - skygear
http://www.readwriteweb.com/hack/2011/06/how-symantec-cracked-stuxnet.php#.ThBBmHM9aHo.hackernews
======
vog
The whole article is flawed. It sounds more like an advertisement for Symantec
anything else.

The title alone is a slap in the face of the many volunteers and various
companies that analyzed Stuxnet. Also, in the very first paragraph the author
admits that he looked onesidedly at Symantic and nowhere else. And he even
makes this sound like something great ("chance to attend a special briefing at
Symantec's headquarters"). Ouch. At least he admits this biased view at the
very end of the article:

 _> NB: I have done some consulting work for Symantec over the past few years
on a variety of security-related projects._

If you want to get some real insights into what techniques were used by
Stuxnet, I recommend to watch the 27c3 presentation "Building Custom
Disassemblers" by FX:

<http://www.youtube.com/watch?v=Q9ezff6LIoI>

Starting at minute 2:00 he talks about what role he played in the analysis,
what obfuscation techniques were used by Stuxnet, and how much some important
flaws in the official PLC development tools of Siemens (especially their
disassembler) contributed to the problems with analyzing Stuxnet.

