Last week the Microsoft Manufacturing User Group (MsMUG) held a three day event with about 150 people in attendence. I was unable to attend because of S4, but I did get some highlights from Jim Bauhs of Cargill. There was a rumor in the community that Microsoft might...
The day kicked off with two complementary OPC Exposed Presentations. Session 7 – OPC Exposed, Part I by Lluis Mora of Neutralbit Lluis’s paper looked at OPC server implementation vulnerabilities. He detailed some of the 24 test cases he ran against 75...
The blog has been very quiet because we have been fully occupied with Digital Bond’s SCADA Security Scientific Symposium (S4). Liveblogging didn’t work well because I was communicating with the Virtual Attendees, handling Q&A, and sitting right next to...
It is interesting watching the system work from the researcher perspective and see the responses and time line. This was one of the first vulnerabilities that we processed through our vulnerability disclosure policy. Matt identified this in late February and it went...
Brian Krebs at the Washington Post’s Security Fix has more detail on a recent utility hack and some grim predictions for 2007 Microsoft Office. The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document...
When we get on our soapbox and stress the importance of identifying and fixing what we believe our widespread implementation vulnerabilities in SCADA devices and applications we frequently hear “everyone knows the SCADA protocols have no security so what is the...
For those coming in late: 9/11 and multiple worms increase cyber security concern for the electric gridNERC representing bulk electric systems decides cyber security standards are requiredAugust 2003 NERC issues temporary Urgent Action Cyber Security Standard 1200...
In an earlier post I gave a preview of Ralph Langner’s paper and DoS tool for OPC implementations. We have a second brilliant OPC paper at S4 from Lluis Mora of Neutralbit in Barcelona, Spain. Lluis’s paper focuses on implementation vulnerabilities...
