2008 Articles

Vulnerable NetDDE Shares Lead To Complete System Compromise

When the NetDDE share vulnerability in Wonderware's InTouch 8.0 HMI was announced by US-CERT, we noticed that most dismissed it as just typical control system weak permissions. The same as commonly seen in OPC DCOM configurations. However, the true impact of a weak...

read more

Lack of Information and Parsing Words

Alan Paller of SANS has been talking about cyber extortion attempts of utility companies for over a year now, and we now have Tom Donahue, a CIA-rep, on the record. "We have information, from multiple regions outside the United States, of cyber intrusions into...

read more

Bravo FERC!

Today FERC approved the NERC/ERO CIP cyber security standards for the electric industry. This was the right decision to avoid derailing progress. What is most impressive are the comments in the press release and final rule. They directed modifications and...

read more

Chaos Computer Club (CCC) SCADA Presentation Report

Ralph Langner, one of the bright lights in the European SCADA Security community, attended the CCC annual meeting in Berlin right before the new year. There was a Hacking SCADA presentation. Begin Ralph's Report The Chaos Computer Club's annual meeting is the place to...

read more

UPCOMING EVENTS

Sept 19-20 in Sochi, Russia

I'll give a keynote at the Kaspersky Industrial Cybersecurity Conference 2019. I spoke at this event in 2017, and Kaspersky is always a tremendous host. Hopefully some of my Russian followers will be there.

S4x20 ... Jan 21 - 23 in Miami South Beach

Make sure you mark your calendar for the largest and most advanced OT / ICS Security event. And you can catch up on past S4 on the S4xEvents YouTube Channel.

2019 PAST EVENTS

April 11th in Cebu

A private event where I'll discuss the future of attacks on and defense of Level 1 devices (PLC's). A lot changed in 2018, and this is just a hint as to what is coming.

March 5th in San Francisco

I moderated an event by the Basque Cybersecurity Centre to promote leading edge cybersecurity countries in the region. 

February 4th in New Orleans

Best Practices in Utility Security at Distributech. (See the video) I spoke about Real Time Network and Asset Monitoring at this new event. Lot's to say after the S4x19 ICS Detection Challenge experience.