nanog mailing list archives
RE: First real-world SCADA attack in US
From: "Jason Gurtz" <jasongurtz () npumail com>
Date: Mon, 21 Nov 2011 16:51:02 -0500
Having worked on plenty of industrial and other control systems I can safely say security on the systems is generally very poor. The vulnerabilities have existed for years but are just now getting attention.
+1 Just for context, let me tell everyone about an operational characteristic of one such system (Sold by a Fortune 10 (almost Fortune 5 ;) company for not a small amt. of $) that might be surprising; the hostname of the server system cannot be longer than eight characters. The software gets so many things so very very wrong I wonder how it is there are not more exploits! ~JasonG
Current thread:
- Re: First real-world SCADA attack in US, (continued)
- Re: First real-world SCADA attack in US Stefan Bethke (Nov 21)
- Re: First real-world SCADA attack in US Leigh Porter (Nov 21)
- Re: First real-world SCADA attack in US Mark Radabaugh (Nov 21)
- Re: First real-world SCADA attack in US Steven Bellovin (Nov 21)
- Re: First real-world SCADA attack in US Michael Painter (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Charles Mills (Nov 21)
- Re: First real-world SCADA attack in US Mark Radabaugh (Nov 21)
- RE: First real-world SCADA attack in US Jason Gurtz (Nov 21)
- Re: First real-world SCADA attack in US Christopher Morrow (Nov 21)
- Re: First real-world SCADA attack in US Jimmy Hess (Nov 21)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Jussi Peltola (Nov 21)
- Re: First real-world SCADA attack in US Valdis . Kletnieks (Nov 21)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 22)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)