Full Disclosure mailing list archives
RE: The Grid, Blaster v. Poor Security Engineering
From: "Myers, Marvin" <MRMyers () anteon com>
Date: Fri, 15 Aug 2003 14:05:06 -0400
Not only is it ridiculous, it goes against everything that the power companies have been telling us for years. If anyone has ever stood outside during a thunderstorm and watched lightening bounce back and forth across wires and transformers, then they will know that this is bull. A single lightening strike while being able to cause significant damage has never been proven able to bring down such a large portion of the grid in the past. And if this were the case, they would be showing the damage as soon as possible to quell and or stop the conspiracy and doomsday theorists in their tracks. I know from experience, having done work in several foreign countries, that even though we may live in a free society, we are spoon fed only the information that the government wants us to have. When information does leak out that they do not want us to have, it is called a scandal. It gets reported on widely until the news stops selling and then we move on to the next one. I am not paranoid, I know that they are out to get me. But I live my life to the fullest and am having fun during the journey. -----Original Message----- From: Bernie, CTA [mailto:cta () hcsin net] Sent: Friday, August 15, 2003 12:21 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] The Grid, Blaster v. Poor Security Engineering It is ridiculous to accept that a lightning strike could knock out the grid. There are many redundant fault, limit and Voltage- Surge Protection safeguards and related instrumentation and switchgear installed at the distribution centers and along the Power Grid that would have tripped to prevent or otherwise divert such a major outage. I believe that the outage was caused by the blaster, or its mutation, besieged upon the respective vulnerability in the systems (SCADA and otherwise) running MS 2000 or XP, located different points along the Grid. Some of these systems are accessible via the Internet, while others are accessible by POTS dialup, or private Frame relay and dedicated connectivity. It is also reasonable to assume that we could have a similar security threat regarding those system (SCADA and otherwise based on MS 2000 or XP) involved in the control, data acquisition, and maintenance of other critical infrastructure, such as inter/intra state GAS Distribution, Nuclear Plant Monitoring, Water and Sewer Processing, and city Traffic Control. IMO I think we will see a lot of finger pointing by government agencies, Utilities, and politicians for the Grid outage, until someone confess to the security dilemma and vulnerabilities in the systems which are involved in running this critical infrastructure. Regardless of whether the outage can be attributed to the blaster or its variant, this is not entirely a Microsoft problem, as it cuts to poor System Security Engineering. Nonetheless, the incident will cause lots of money to be earmarked by the US and Canadian Governments, to be spent in an attempt to solve the problem, or more specifically calm the public. - **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The Grid, Blaster v. Poor Security Engineering Bernie, CTA (Aug 15)
- RE: The Grid, Blaster v. Poor Security Engineering Richard M. Smith (Aug 15)
- <Possible follow-ups>
- RE: The Grid, Blaster v. Poor Security Engineering Myers, Marvin (Aug 15)
- Re: The Grid, Blaster v. Poor Security Engineering Darren Reed (Aug 16)
- RE: The Grid, Blaster v. Poor Security Engineering Christopher F. Herot (Aug 15)
- RE: The Grid, Blaster v. Poor Security Engineering Myers, Marvin (Aug 18)