funsec mailing list archives
Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)]
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Sat, 30 Jun 2007 04:20:28 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Dave Paris <dparis () w3works com> wrote:
It's not the meter reading portion of the links that scare me as much as
remote access to substations, grid interconnect points, etc. I've seen systems as Ferg describes below and utterly simplistic dial-in, unauthenticated systems... no dialback, zippo. Utterly insane.
One more thing. Here's something from last year that might open some eyes: [snip] A foreign hacker who penetrated security at a Harrisburg, Pa., water filtering plant is under investigation by the FBI for planting malicious software capable of affecting the plant's water treatment operations, ABC News has learned. The hacker tried to covertly use the computer system as its own distribution system for e-mails or pirated software, officials told ABC. "The concern was high because it is a computer that controls an important infrastructure system, and if, for some reason, it caused it to fail, it would have disrupted service," said Special Agent Jerri Williams of the FBI's Philadelphia field office. The Columbus Day weekend intrusion is the fourth recorded cyber-attack on a U.S. water supply in the past four years, according to the records of WaterISAC, an industry information sharing and analysis center with members from among more than 1,000 drinking water and wastewater systems in the United States. [snip] More: <http://blogs.abcnews.com/theblotter/2006/10/hackers_penetra.html> - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGhdoJq1pz9mNUZTMRAgezAKCTgQ2+yVpu33q2jTedFqCyAh7VIwCgkBeY HiaFmV533u+YOkoigbMsLQs= =rOY7 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Paul Ferguson (Jun 29)
- <Possible follow-ups>
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Paul Ferguson (Jun 29)