Submitted by Eric Byres on Thu, 2012-11-08 10:28
Who is responsible for fixing the thousands (some say 100,000) of vulnerabilities that exist in PLCs, DCS, RTUs and other automation devices that are in use in facilities around the world?
On the one hand, we have the position of Dale Peterson at Digital Bond. Dale ardently argues for (and takes) aggressive measures to pressure ICS vendors into making their products more secure. Through their 2012 Project Basecamp and subsequent disclosures, Digital Bond publically released vulnerability details for a large number of controllers.
Submitted by Eric Byres on Wed, 2010-12-15 14:28
Last week Jason Holcomb at Digital Bond wrote a great article called “Everybody Knows Your Passwords” on the issues of default passwords. In it he talked about how some control system vendors continue to bury hidden “default” passwords in their system. As Stuxnet illustrated, these passwords can be later accessed by malware or hackers, making them the perfect backdoor into a company’s operations.
