I presented “You Have No Integrity” today at the SANS SCADA Security Summit in Orlando, Florida. The presentation included numerous examples on how ICS lack integrity — if you can get to the ICS it is game over because source and data authentication...
After the S4 conference, I attended the RFCat class taught by atlas 0f d00m(@at1as on twitter). The RFCat is a combination of hardware and software used to explore the 300-928 Mhz radio spectrum. It’s not SDR, but it’s LIKE SDR. The intent, and...
Yes, critical infrastructure and high value ICS need to upgrade or replace their insecure by design PLC’s and other field devices now. As stated in an earlier article, this is likely a 1 to 3 year effort, and some systems may take longer. The key is to begin the...
I’ll be at the SANS SCADA Security Summit next Monday – Wednesday. On Wednesday I’ll be presenting, “You Have No Integrity” with numerous technical and ethical examples. Say hi or throw tomatoes if you are there. The National Association...
Responding to cyber vulnerabilities as a vendor is a lot like responding to diaper issues. No matter what, you are going to handle a lot of crap from both ends. As a vendor, all you want to do is clean it up, and move on with operation. But just like diapers, doing it...
The team at SCADA Strangelove has added the ability to crack Siemens S7 passwords to the John the Ripper tool. And the team at Drainware released Siemens S7 discovery scripts for nmap. The Washington Post reports that the US military will increase its cybersecurity...
Eric Byres disagrees with my NOW! presentation and disappointment that he went the SCADA Apologist route. Check his article and comments on it out. Below was my clarification and reply on his site: Hi Eric, You summarize the disagreement fairly, and in a civil way,...
When Reid Wightman was still at Digital Bond in 2012 we discussed how to follow up Project Basecamp. The idea was to give field firewalls a hard shake. Fortunately he was able to continue the work and present at S4 after moving to IOActive. I have a lot to say about...
The theme of S4x13 was NOW! The first video released is my 10-minute introduction to the conference theme and the mission that ICS security experts must stop being SCADA Apologists. Rather than try to repeat the whole presentation in text, just watch the short video....
(Note – we started the post S4x13 coverage with this presentation since Nicole Perlroth of the NY Times has an online and print article on this today) The most important lesson to learn from the S4 ICS Spear Phishing presentation is it demonstrates that...