August 2010

Why Another Security Blog? Stuxnet Shows Why.

Submitted by Eric Byres on Wed, 2010-08-04 21:00

Over the past half decade I have avoided creating blog on cyber security.  After all, there certainly are plenty of blogs out there, and some provide excellent and detailed analysis of the latest news in SCADA security.

Why Stuxnet Affects All Windows Systems

Submitted by Eric Byres on Wed, 2010-08-11 10:05

If you have been reading the various advisories on the Stuxnet malware, you would be forgiven for thinking that only computers running relatively new versions of the Windows systems are vulnerable to this worm. For example, the Siemens Stuxnet advisory states; “The virus affects operating systems from XP and higher.” Does that mean if I am running Windows 2000 servers I am immune?

Unfortunately, the answer is NO! Based on our testing, all versions of Windows are vulnerable to Stuxnet, regardless of age.

Sample ICS Security Incident: Hackers Shut Down Crude Oil Loading Terminal For 8 Hours

Submitted by Scott Howard on Tue, 2010-08-17 17:50

We had a request recently from a reader to provide an example of a malicious attack by outsiders on a control system, how it was done, and what impact it had on the plant and the owner. This is surprisingly tough to do, because according to RISI the vast majority of security incidents are internal and/or accidental in nature. Additionally, people whose control systems have been hacked do not like to talk about it - why give attackers more info and ideas than they already have?

Using Modbus PLC's? Here's How To Protect Them

Submitted by Scott Howard on Thu, 2010-08-26 11:02

Last week I wrote about a malicious attack on an industrial control system (ICS) initiated by outsiders. This week I'll discuss a PLC accident caused by an insider, and suggest some possible solutions for both of these incidents.

Passwords: Real Bad Security (But We Have To Live With Them)

Submitted by Eric Byres on Tue, 2010-08-31 15:33

One of the best things about the whole Stuxnet worm fiasco is that it has brought one of the biggest security issues – the use and abuse of passwords – into focus. Currently most of the discussion has focused on Siemens’ unfortunate use of fixed default passwords in their products (for example, see Joe Weiss’ post on http://news.infracritical.com/pipermail/scadasec/2010-August/001756.html).