The SheevaPlug 3.0 is a full PC in a tiny package. Featuring a 2 ghz Armada cpu, built in micro HD, usb, Wi-Fi, hi speed ethernet and blue tooth in an about 2″x3″ “plug in” form (no bigger than a lot of laptop power supplies) the SheevaPlus...
A few days ago a friend of mine shared out an old editorial about lifeboats, parodying the objections to civil defense programs in the early 60s, from the Harvard Crimson. People haven’t changed much. The same type of arguments brought up time and time again...
As I read the twelve initiatives of the CNCI, I was looking for its strong and weak points. However, I couldn’t help but think about the level of effort that was required to produce these nice words on these general thoughts. Is this document and the program...
A new video out of Rutgers University demonstrates remote control of a rootkit infected open source Linux based smart phone that allows the attackers to use the phone as a listening device without the user being aware that the phone is communicating. While not a new...
We’ve had a lot of posts about fuzzing on the blog lately. We’ve looked at the latest technologies and techniques, we’ve talked about fuzzers, intelligent versus dumb, some of the tradeoffs involved with design choices, and in the future we’re going to talk some more...
It’s RSA Conference time so companies have reports and studies to release. One that I actually found interesting is Veracode’s State of Software Security. The data comes from assessment of “billions of lines of codes and thousands of...
Yesterday I blogged on the scan results, configuration issues and increasing use of Verizon, AT&T and other carriers’ broadband services for SCADA. Today I’ll address the question of whether these networks should be used in SCADA systems. Like most...
I’ll start with the stats: we found 1,420 Raven Airlink devices in a wireless class B network that any customer with a wireless card from the carrier could access. These are ruggedized devices with Ethernet and serial connectors used for sending monitoring and...
One of the rules we try to live by and inculcate with our clients is “don’t try or promise the impossible”. This is a simple and certainly not brilliant concept to avoid a path doomed to failure and frustration and wasted effort. An example of...
This past Wednesday, SANS and CWE released their 2010 top 25 programming errors list. The list contains many errors that are present in control systems both developed recently or a few years back. For example, Daniel Peck of Digital Bond wrote a paper showing what can...
