(This article was originally written by Hal Hodsen on November 29, 2011 via Information Age and has been copied here for reference purposes only.)
The deputy assistant director of the FBI's Cyber Division says hackers recently accessed the infrastructure of three cities through SCADA systems
Hackers recently accessed the critical infrastructure of three unnamed cities by compromising their SCADA (supervisory control and data acquisition) systems, the deputy assistant director of the FBI's Cyber Division said today.
Wednesday, November 30, 2011
Sunday, November 27, 2011
Gleg releases Ver 1.8 of the SCADA+ Exploit Pack for Immunity Canvas
On November 24, Gleg released version 1.8 of the SCADA+ Exploit Pack for the Immunity Canvas framework, along with a corresponding version 2.7 of the Agora Exploit Pack.
In SCADA+ 1.8 there are modules for several fresh public SCADA/ICS vulnerabilities, most of which were recently disclosed by Luigi Auriemma. Many of these exploits appear to be denial-of-service (DoS) exploits, so this really is not something that I think is worth the money at this time.
In SCADA+ 1.8 there are modules for several fresh public SCADA/ICS vulnerabilities, most of which were recently disclosed by Luigi Auriemma. Many of these exploits appear to be denial-of-service (DoS) exploits, so this really is not something that I think is worth the money at this time.
Monday, November 21, 2011
UPDATED: Hackers Independently Attack Two Different Water Utility Districts
Updated: November 23, 2011
News reports broke on November 18, 2011 (Attack on City Water Station Destroys Pump - Wired) when fellow security specialist Joe Weiss blogged about a report released on November 8, 2011 that a water utility district in Springfield, IL (later identified as Curran-Gardner Public Water District) suffered what looked like a "blended attack". The first phase focused on compromising a supplier's internal system which contained remote access credentials not only the target, but several other yet "unnamed" sites. The second phase allowed the attackers to simply "turn the key and walk in the front door" gaining complete access to the industrial control system. The end result was a failure of one of the process pumps.
News reports broke on November 18, 2011 (Attack on City Water Station Destroys Pump - Wired) when fellow security specialist Joe Weiss blogged about a report released on November 8, 2011 that a water utility district in Springfield, IL (later identified as Curran-Gardner Public Water District) suffered what looked like a "blended attack". The first phase focused on compromising a supplier's internal system which contained remote access credentials not only the target, but several other yet "unnamed" sites. The second phase allowed the attackers to simply "turn the key and walk in the front door" gaining complete access to the industrial control system. The end result was a failure of one of the process pumps.
Wednesday, November 9, 2011
Are Web Services a Dumb Idea???
I recently read a blog post by Reid Wightman on the @DigitalBond site entitled "When Web Services are a Dumb Idea". It seems that the folks at Digital Bond are on some kind of mission to create a list of "insecure ICS products" which might not necessary be a bad idea, but at least we need to be sure that everyone is being evaluated against the same criteria.
First off, I have to apologize to Dale in my comment to this post, as I did not see that it was written by Reid, and incorrectly referenced Dale in my response. I have copied my "edited" response from the @DigitalBond site below:
First off, I have to apologize to Dale in my comment to this post, as I did not see that it was written by Reid, and incorrectly referenced Dale in my response. I have copied my "edited" response from the @DigitalBond site below:
Subscribe to:
Posts (Atom)