Results 1 to 8 of 8

Thread: Security News

  1. #1
    Join Date
    Oct 2003
    Location
    Minnesota
    Posts
    1,377

    Security News

    Chuckle,

    Doing my morning reading of the news and ran across these.

    Most everyone here is aware of this story about the Stuxnet worm which targeted certain Siemens industrial control systems.

    http://www.computerworld.com/s/artic...strial_systems

    But, of course, few really cared as it seemed to be a targeted attack against Iranian nuclear facilities.

    Always in the news are folks like the Anonymous and LulaSec groups.

    But McAfee notes that the two above groups are largely amateurish and relatively harmless in the larger scheme of things.

    Of more interest and concern are things like this:

    http://www.zdnet.com/blog/btl/has-th...l-harbor/53901

    The above is a short synopsis of a McAfee report. The White Paper from McAfee is available on line.

    Note that McAfee only mentions a SMALL number of the overall findings they made.

    The interest here is that the intrusions appear to be planned, long term, and likely backed by someone (or some government) with plenty of cash and resources. And often times the victims don't even know they've been had.

    Other interesting (to me) reports.

    Scada systems:
    http://news.cnet.com/8301-27080_3-20...?tag=mncol;txt

    Is your car vulnerable?
    http://news.cnet.com/8301-27080_3-20...?tag=mncol;txt

    Do you have diabetes or wer a pace-maker?
    http://news.yahoo.com/insulin-pumps-...100605899.html

    However, in general recent articles suggest good news.

    Attacks against Microsoft based systems are down, and those against Apple's IOS, Linux, and Android systems are up ... in a major way.

    Ain't it a wonderful world?

    LOL ...

    As to how it directly concerns those of us in our line of work, I was just thinking that if someone were able to hack into my work laptop, and had any clue as to what they were doing, I have info on it that could allow access and control remotely of literally hundreds of buildings.

    Not a lot of chance of that. For one, the targets presented are not particularly high value targets. Secondly, besides the security software always running on my laptop (kept undated) I also routinely do manual checks to see if anything is doing something I don't know about. I also avoid doing anything with the work laptop to increase its vulnerability like using it to look at unknown/untrusted sites, never open emails with it except for those related to business through our company secure email service, etc.

    We recently, last year, made sure that NO sites we install or have installed in the past have the factory default passwords enabled.
    A site where I stash some stuff that might be interesting to some folks.
    http://cid-0554c074ec47c396.office.l...e.aspx/.Public

  2. #2
    Join Date
    Aug 2010
    Posts
    31
    Quote Originally Posted by osiyo View Post
    Ain't it a wonderful world?

    LOL ...
    Osiyo,

    Have followed Stuxnet for a while so I read all of the links with interest. Anon & Lulz grabs the headlines, but for as much "damage" as they have been doing, they aren't the real players.

    One of the articles (or one I clicked through to) talked about using Google to find SCADA systems - I spent about 2 minutes to figure out how, then proceeded to come up with Google results for dozens & dozens of Niagara log-ins.

    I hope everyone else has sufficient understanding of how simple some of these exploits are, and how damaging (even if just to our reputations, let alone our customer's operations) the results could be.

    Our policy has been to use strong passwords, especially for systems "in the open".

    Yes, wonderful world indeed...

  3. #3
    Join Date
    Apr 2007
    Location
    San Diego, CA
    Posts
    1,338
    Interesting TED video on the subject of viruses that touches on Stuxnet, very well presented (18 min):

    http://www.ted.com/talks/mikko_hyppo...g_the_net.html

    an no, he doesn't have a 5Ό in. floppy drive on his laptop... almost fooled me.

  4. #4
    Join Date
    Aug 2010
    Posts
    31
    Here's some more news relating to this topic:

    http://www.cnn.com/2011/11/18/us/cyb...tml?hpt=hp_bn2

    Seems like mischief at best and sabotage at worst is well on it's way. Batten down your hatches (read BAS systems!)

  5. #5
    Join Date
    Oct 2003
    Location
    Minnesota
    Posts
    1,377
    Quote Originally Posted by mathetes View Post
    Here's some more news relating to this topic:

    http://www.cnn.com/2011/11/18/us/cyb...tml?hpt=hp_bn2

    Seems like mischief at best and sabotage at worst is well on it's way. Batten down your hatches (read BAS systems!)
    Yep, seen the article in another source besides CNN.

    I kinda follow this sort of thing, as a matter of interest. Old HACKER here. Used to love hacking into systems. Just as a challenge. Tho I never did anything to damage someone else's system.

    Well, depending upon what one calls "damaging".

    i.e. Once hacked a government system, just so as to make it such that every time a particular person logged on he got the "one finger salute". (I didn't care for that fellow much, you may correctly assume)

    Or the time I hacked a government system so as to allow me to control the computer that decided as to whether or not I should be allowed to make a long distance call at government expense. But only did that a couple times, just to prove I could do it.

    A few times hacked into and modified a system belonging to an employer, a major international telecom, just to keep their IT folks on their toes. They kept announcing they'd made their system "bullet-proof". I kept pointing out that they were wrong. Wayyyyy wrong. It was so easy it was ridiculous.

    But I didn't do anything except modify some log-in scripts those IT folks used to announce "You've been HAD." Then script went about business as usual.

    The thing is, many ... MANY systems are really open and vulnerable. They haven't been "hit" solely because the average hacker just hasn't been trying. No reason to bother. Pretty uninteresting stuff to most.

    That may change.
    A site where I stash some stuff that might be interesting to some folks.
    http://cid-0554c074ec47c396.office.l...e.aspx/.Public

  6. #6
    Join Date
    May 2009
    Posts
    639
    Scott Jalbert
    Harris Integrated Solutions

    Formerly Liebert (Emerson Network Power)
    Expressed opinions are my own

  7. #7
    Join Date
    May 2009
    Posts
    639
    Security firm finds SCADA software flaws; won't report them to vendors

    http://www.computerworld.com/s/artic...hem_to_vendors
    Scott Jalbert
    Harris Integrated Solutions

    Formerly Liebert (Emerson Network Power)
    Expressed opinions are my own

  8. #8
    Join Date
    Jan 2003
    Location
    USA
    Posts
    1,712
    Quote Originally Posted by MaxBurn View Post
    Security firm finds SCADA software flaws; won't report them to vendors
    Of course not, these flaws are good money.

    1. Hackers sell them.
    2. Security companies can sell "protection" that no one else can offer.
    3. New to the arena, governments can use them against each other.

    If they get released and fixed, that kills the profit of #1 & 2, and costs #3 more money to find more flaws.

    I wonder how much #3 is funding #1 & 2??

    It's a sick game.
    Propagating the formula. http://www.noagendashow.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Comfortech Show Promo Image

Related Forums

Plumbing Talks | Contractor Magazine
Forums | Electrical Construction & Maintenance (EC&M) Magazine
Comfortech365 Virtual Event