2008 Articles
Vulnerable NetDDE Shares Lead To Complete System Compromise
When the NetDDE share vulnerability in Wonderware's InTouch 8.0 HMI was announced by US-CERT, we noticed that most dismissed it as just typical control system weak permissions. The same as commonly seen in OPC DCOM configurations. However, the true impact of a weak...
Lack of Information and Parsing Words
Alan Paller of SANS has been talking about cyber extortion attempts of utility companies for over a year now, and we now have Tom Donahue, a CIA-rep, on the record. "We have information, from multiple regions outside the United States, of cyber intrusions into...
Bravo FERC!
Today FERC approved the NERC/ERO CIP cyber security standards for the electric industry. This was the right decision to avoid derailing progress. What is most impressive are the comments in the press release and final rule. They directed modifications and...
Chaos Computer Club (CCC) SCADA Presentation Report
Ralph Langner, one of the bright lights in the European SCADA Security community, attended the CCC annual meeting in Berlin right before the new year. There was a Hacking SCADA presentation. Begin Ralph's Report The Chaos Computer Club's annual meeting is the place to...
Article Archive By Year
Article Archive By Category
UPCOMING EVENTS
OTCEP ... August 22 - 23 in Singapore
I'll be giving my OT Cybersecurity ... From Speculation To Science keynote and participating in panel discussions at the CSA's OT Cybersecurity Expert Panel event.
SoterICS Event ... Sept 19 in Antwerp, Belgium
SoterICS is celebrating their company's launch with a one-day event. I'll be giving my OT Cybersecurity ... From Speculation to Science keynote.
S4x24 ... 4 - 7 March 2024 in Miami South Beach
Save the date. For the biggest and most future focused on ICS Security Event.