Information Security News mailing list archives
Metasploit and SCADA exploits: dawn of a new era?
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 4 Nov 2010 23:26:44 -0600 (CST)
http://www.zdnet.com/blog/security/metasploit-and-scada-exploits-dawn-of-a-new-era/7672 By Ryan Naraine Zero Day ZDNet News November 4, 2010 Guest editorial by Shawn Merdinger On 18 October, 2010 a significant event occurred concerning threats to SCADA (supervisory control and data acquisition) environments. That event is the addition of a zero-day exploit for the RealFlex RealWin SCADA software product into the Metasploit repository. Here are some striking facts about this event: 1. This was a zero-day vulnerability that unfortunately was not reported publicly, to a organization like ICS-CERT or CERT/CC, or (afaik) to the RealFlex vendor. 2. This exploit was not added to the public Exploit-DB site until 27 October, 2011. 3. The existence of this exploit was not acknowledged with a ICS-CERT advisory until 1 November, 2010. 4. This is the first SCADA exploit added to Metasploit. So what are the lessons learned and takeaways from this seminal event? [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/
Current thread:
- Metasploit and SCADA exploits: dawn of a new era? InfoSec News (Nov 04)