The best way to get the most of any conference is to be a speaker. At S4 you get a chance to present your great research or passionate viewpoint to an audience of advanced ICSsec pro’s who will get it. They might not agree, but they will get it. So check...
The Switches Get Stitches crew has been hard at work on quite a few switching projects. Indeed they released a new exploit tool against GE and GarrettCom switches early this morning, after attempting to get a fix for a Denial of Service bug for at least one year...
I tweeted on this OSIsoft self-disclosure last week: It’s huge that OSIsoft self reported these and even provided summary CVSS info. Continued leadership in ICSsec space https://t.co/YL3dYw3HxU— Dale Peterson (@digitalbond) August 14, 2015 But I want to write a...
BlackHat and DefCon are over, and vendors are breathing sighs of relief (or, digging trenches). Let’s look at this week’s top news, according to us. In the database world, we have two stories (a fail and a win): – Oracle’s CSO floated a vaguely threatening...
I’d encourage loyal readers to check out the comments on the recent OT is Mission Critical IT article. Some are better written than my original article and others highlight the problem. Jake writes: Most IT departments would take “mission critical” to mean do...
The Tripwire team asked a number of people for 100 words on the following questions: How does the IoT change the dynamics between IT and OT? What practical tips can you provide for working together effectively? You can read the full set of responses in this...
A failing grade When reading CERT advisories in the ICS space I used to skim to the CVSS score as a quick way to assess what the vuln was. I rarely like what I see when I think about the actual vulnerability to which the score is applied. CVSS, or the Common...
SHAKACON was a well run and friendly conference with about 300 attendees and high quality talks over 2 days. If you are thinking about it for 2016: GO – If you live in Hawaii. This is a no brainer. The opportunity to go to Hawaii draws better speakers than you...
Three sessions at Day 1 of SHAKACON in Honolulu were noteworthy for the ICSsec community. Charlie Miller and Chris Valasek on Auto Hacking The big session from this team will be at Blackhat where they will unveil and demo their ability to remotely control cars, most...
The Sessions Digital Bond Labs appeared at Black Hat Sessions in Ede, Netherlands. We gave a talk on vulnerability inheritance in PLCs, and also discussed some of the challenges associated with removing vulnerable internet-connected control systems from their...
