Re: Fwd: [SCADASEC] SCADA hack talk canceled after U.S., Siemens request

[Valdis.Kletnieks () vt edu]

On Wed, 18 May 2011 18:20:07 PDT, Paul Ferguson said:
> Ostrich syndrome revisited.

> "Dillon was not threatened or prevented from speaking. Rather he made
> the decision based on the potential negative impact to human life and
> the fact that the vendor's proposed mitigation had failed," NSS Labs
> Chief Executive Rick Moy said in an e-mail. "ICS-CERT has done a great
> job of assisting us with this process and we look forward to Siemens
> being able to address the issue for their customers."

The proposed mitigation had failed, but we look forward to Siemens
being able to fix it somehow.

What world do these people live in? The company shipped it broken, then
the company couldn't fix it the first time.  How many chances you intend
to give them?

In related news, I'm confident that Playstation Network will be totally
secure when they finally get it back up, even though they got pwned twice,
shut it down, and then after forcing everybody to change their passwords,
they got pwned *again* - via the password change page.

https://www.computerworld.com/s/article/9216834/Sony_takes_down_PlayStation_Network_after_URL_error

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.