Re: SCADA refresher

["Joey Mengele" <joey.mengele () hushmail com>]

Dear I period D period and mailing list,

I also am not qualified to comment on this, so here it goes. I 
don't know shit either, blabla hello electronic mail internets 
2007! I AM FAMOUS ON THE FULL DISCLOSURE LOLOLOL!

J

On Mon, 03 Dec 2007 19:01:40 -0500 "I. D." <soufre () gmail com> wrote:
> Datapac? In my experience, there aren't many things left there... 
> of course,
> I don't work in that industry. I thought most transactions/work 
> took places
> on other Canadian packet-switched networks. As for south of the 
> border, I
> know even less.
>
> On Dec 3, 2007 2:51 PM, Dude VanWinkle <dudevanwinkle () gmail com> 
> wrote:
>
> > Also Johnson Controls
> >
> > in 2005 they were busy converting the proprietary BACnet 
> speaking
> > SCADA devices to embedded windows XP, considering NASA and 
> friends run
> > JCI, and there is no good way to update embedded XP (AFAIK) 
> remotely,
> > these systems should be prime targets...
> >
> > Whats an MLP?
> >
> > -JP
> >
> > On Dec 2, 2007 7:52 PM, gmaggro <gmaggro () rogers com> wrote:
> > > Been giving myself a little refresher on SCADA, hope no-one 
> minds the
> > MLP.
> > > Stock presentation on SCADA security issues:
> > http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-
> Maynor-Graham-up.pdf
> > > Ganesh Devarajan's Defcon presentation was interesting:
> > >   
> http://video.google.com/videoplay?docid=2434649448102709100&hl=en
> > > Makes of SCADA and related products I have seen in actual use:
> > >   Allen Bradley (hardware)
> > >   Siemens       (hardware)
> > >   RAND          (hardware)
> > >   ABB           (hardware)
> > >   Wonderware    (software, assuming this was what Ganesh was 
> assaulting)
> > > Well, assuming it was Wonderware (http://us.wonderware.com) 
> since in
> > > multiple networks of hundreds of thousands of nodes, and the 
> companies
> > > that own them... Wonderware was the only SCADA related package 
> that
> > > creeped up.
> > >
> > > On a different and amusing note, X.25 was still in use in a 
> number of
> > > these locations. Take that for what you will, but I don't 
> think that's a
> > > good sign. Hello, Datapac! However I have little idea what the 
> X.25
> > > landscape is like anymore.  Would be interesting if both
> > > credit/financial and infrastructure data regularly travelled 
> over the
> > > same paths. Get access to a lottery/debit terminal, or just 
> its
> > > connectivity, and leverage that.
> > >
> > > 24th Chaos Communication Congress "Hacking SCADA", it sure 
> would be nice
> > > to make it over:
> > >   
> http://events.ccc.de/congress/2007/Fahrplan/events/2227.en.html
> > > More amusement, though it's a subscription site:
> > >   
> http://www.digitalbond.com/wiki/index.php/SCADA_IDS_Signatures
> > > Anyone have any resources they'd care to share?
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

--
Want fast fitness results? Click for free info, revolutionary products.
http://tagline.hushmail.com/fc/Ioyw6h4eJVhyeSyiXbrS2j5aRw5p6bXp3dQSoK8qxVxZr7t5JIYx8s/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/