Project Basecamp highlights the fragility and insecurity in most PLC’s and provides tools so anyone can demonstrate and prove it. There should be no doubt that after ten years the ICS community needs to deal with this, but how? Part 1 covered what Asset Owners...
ODVA, the organization in charge of the EtherNet/IP protocol responds to the Project Basecamp Metasploit module and payloads that take advantage of the protocol’s lack of authentication to reboot or completed stop the device. It basically says yes this is true...
Hopefully loyal readers now accept that we need to address the decade old problem of insecure and fragile PLC’s/RTU’s/field devices, and the Basecamp information and tools provide some additional compelling evidence and demonstrations to prove the point to...
More Project Basecamp modules and tools have been released today. The Basecamp reaction has been predictable and disappointing at the same time. The initial furor is over the disclosure, and there continues to be very little anger over the fragility and insecurity...
Written By Reid Wightman Vendors are redSCADA is blueNow everybodycan demonstrate vulnerabilities in controllers As promised, we have more PLC exploits ready to roll in time for Valentine’s Day. First, I can’t stress enough how much the other Basecamp...
Written By Reid Wightman I’ve experienced a lot of cognitive dissonance concerning the Basecamp disclosure and exploit tools release over the last few months. I might as well explain some more thinking of why doing what we’ve done is a good idea in the...
Rubén Santamarta did a fantastic static analysis of this device’s firmware here, and I won’t repeat his findings here (I did that once already). In addition to having a slew of backdoor accounts, an open telnet service, and an open WindRiver RPC-Debug...
Where is the outrage? We hoped for at least the start of outrage demanding fragile and insecure PLC’s in the critical infrastructure be either fixed or replaced. Of course, we expected some aimed at us for pointing out the problem and creating tools to make it...
While Kim Zetter’s Wired article had a sensational “Vigilante” teaser headline, it was a fair accounting of the presentation at S4. And I was very pleased that she captured a couple of key quotes on the “why” of Project Basecamp and...
This morning, at our S4 Conference, Reid Wightman gave a detailed two-hour presentation on the Project Basecamp results. Project Basecamp had six great researchers looking for vulnerabilities in six different PLC’s / field devices, and the PLC’s took a beating. There...
