funsec mailing list archives
Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)]
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Sat, 30 Jun 2007 03:02:45 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Brian Loe" <knobdy () gmail com> wrote:
No, Fight Club was simply blowing up "all" of the credit companies. This is more along the lines of shutting down ALL water, natural gas, electric and financial systems. Funny that SCADA/DCS networks have been getting some airtime of late - the more they make connections to it the more likely something like this is possible and not just a Hollywood nightmare. There are utilities out there that if you got in you'd have water, power and a lot of street lights to play with...very bad.
True enough. I've a number of conversations with several people on this issue in the past few months that go something along the lines of: Me: "You'd be shocked if you knew the extent of the problem." Them: "Huh? Aren't critical systems like electrical power, etc. not connected to the Internet?" Me: "You'd think they wouldn't be, but you'd be wrong." Some astoundingly stupid business decisions may put critical infrastructure at risk? How you ask? Consider this simple scenario. A regional electric company wants to remotely read residential meters for electric consumption, but does not want to invest in installing their own infrastructure (read: laying new fiber or hybrid-fiber coax [HFC]) to do so, and makes a business decision (everything boils down to dollars and cents) to use existing infrastructure (read: Internet VPN-style connectivity) to accomplish this feat. Boggles the mind, eh? This exact scenario exists today. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGhce6q1pz9mNUZTMRAraOAJ92XQnd46go/1yCrWqecfsR3yp2twCfd2vk 3KWRtJAQkmMry0FZ+Ot92M4= =GT/R -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Paul Ferguson (Jun 29)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dave Paris (Jun 29)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Valdis . Kletnieks (Jun 29)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] B.K. DeLong (Jun 30)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Brian Loe (Jun 30)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dude VanWinkle (Jun 30)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dave Paris (Jun 29)