2008 Articles

Vulnerable NetDDE Shares Lead To Complete System Compromise

When the NetDDE share vulnerability in Wonderware's InTouch 8.0 HMI was announced by US-CERT, we noticed that most dismissed it as just typical control system weak permissions. The same as commonly seen in OPC DCOM configurations. However, the true impact of a weak...

read more

Lack of Information and Parsing Words

Alan Paller of SANS has been talking about cyber extortion attempts of utility companies for over a year now, and we now have Tom Donahue, a CIA-rep, on the record. "We have information, from multiple regions outside the United States, of cyber intrusions into...

read more

Bravo FERC!

Today FERC approved the NERC/ERO CIP cyber security standards for the electric industry. This was the right decision to avoid derailing progress. What is most impressive are the comments in the press release and final rule. They directed modifications and...

read more

Chaos Computer Club (CCC) SCADA Presentation Report

Ralph Langner, one of the bright lights in the European SCADA Security community, attended the CCC annual meeting in Berlin right before the new year. There was a Hacking SCADA presentation. Begin Ralph's Report The Chaos Computer Club's annual meeting is the place to...

read more


S4x24 ... 4 - 7 March 2024 in Miami South Beach

Save the date. For the biggest and most future focused on ICS Security Event.