Written By Reid Wightman Vendors are redSCADA is blueNow everybodycan demonstrate vulnerabilities in controllers As promised, we have more PLC exploits ready to roll in time for Valentine’s Day. First, I can’t stress enough how much the other Basecamp...
Industrial Defender announced “its flagship product”, the Automated Systems Manager (ASM) last week at the SANS SCADA Security Summit. On Tuesday I had the opportunity to talk with ID’s CEO Brian Ahern and VP of Marketing Kim Legelis to learn more...
Written By Reid Wightman I’ve experienced a lot of cognitive dissonance concerning the Basecamp disclosure and exploit tools release over the last few months. I might as well explain some more thinking of why doing what we’ve done is a good idea in the...
Rubén Santamarta did a fantastic static analysis of this device’s firmware here, and I won’t repeat his findings here (I did that once already). In addition to having a slew of backdoor accounts, an open telnet service, and an open WindRiver RPC-Debug...
Where is the outrage? We hoped for at least the start of outrage demanding fragile and insecure PLC’s in the critical infrastructure be either fixed or replaced. Of course, we expected some aimed at us for pointing out the problem and creating tools to make it...
While Kim Zetter’s Wired article had a sensational “Vigilante” teaser headline, it was a fair accounting of the presentation at S4. And I was very pleased that she captured a couple of key quotes on the “why” of Project Basecamp and...
This morning, at our S4 Conference, Reid Wightman gave a detailed two-hour presentation on the Project Basecamp results. Project Basecamp had six great researchers looking for vulnerabilities in six different PLC’s / field devices, and the PLC’s took a beating. There...
The UK Government Centre for Protection of National Infrastructure (CPNI) published a list of 20 Critical Controls for Cyber Defence in conjunction with SANS. Many in the ICS world don’t follow SANS, so this distribution may reach a broader ICS audience. The...
Industrial Defender recently hired Pike Research to write a research report titled: Convergence in Automation: Systems Protection, Monitoring, Managing, and Securing Control Systems, and it’s available for free with registration on the ID site. There also is a...
Question – Can a PLC or other field device be certified as secure if lack of basic authentication allows an attacker to control a process and compromise the integrity of the PLC? Between Dillon’s S7 work, Ruben’s recent Modicon post and all the...
