The term Protocol Differential Analysis needs to make Google as an infosec technique. I first heard the term from esSOBi at Indianapolis’ Circle City Con. I first encountered the trick, though, in a research lab a few years before: a quick and dirty...
Wurldtech announced the Achilles Industrial Firewall. It was hard to understand why GE purchased Wurldtech for their protocol testing, but if they were purchasing this product it begins to makes sense. The pricing for the perimeter model starts at $30K and the field...
S4x15 registration will open at noon EDT on October 23rd. Registering early will not only guarantee you a spot at the event, it will also save you some money. We have kept the price for the two-day S4 event at $995 since the first S4 in 2007. We even added a third...
The US Food and Drug Administration (FDA) published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. We haven’t had time to read it yet, but take a look at Patrick Coyle’s analysis. Pull quote, “Interestingly, in...
ICS-CERT published an advisory on web server vulnerabilities in Schneider Electric PLC’s including Quantums, Momentums, TSX and other Modicon models. It is a near perfect example of what is wrong with DHS and PLC vendors and in a way the ICSsec community for...
The folders that ICS applications are installed in are usually configured as exclusions to anti-virus scanning. In some cases, the almost constant updating of the ICS data files leads to unacceptable performance if subjected to anti-virus protection. In other cases...
Our Stephen Hilt released another Project Redpoint script as part of his DerbyCon presentation on Sunday. Modicon-info.nse will identify PLC’s and other Schneider Electric/Modicon devices on the network and then enumerates the device. The script pulls...
There is a truism in information security, and it is that everything will eventually be found to be vulnerable. I believe the lesson here should be, ‘plan to patch.’ It is tragically common in the embedded device space that vendors don’t take...
The clock is ticking to get your session proposal in for S4x15 Week. Take a look at the full CFP and get it in by October 1. We don’t just wait for the CFP responses. We actively chase down researchers and topics. So if you see something that is S4-worthy please...
David Perera of Politico released a good article yesterday on the difficulty of taking out the electric grid. Unfortunately the headline writers missed the mark, “US Grid Safe From Large Scale Attack, Experts Say”, and it is difficult to write two very...
