A very brief Friday News and Notes … Critical Intelligence reports that Shodan is now scanning the default PROFINET port (TCP/34962). Last September Shodan added DNP3 to its scan list. S4x13 vet Ali Abbassi has released a “very basic Modbus fuzzer”...
We encourage passionate disagreement and promotion of new, maybe slightly crazy concepts at S4 through Unsolicited Responses. Attendees can submit their idea for a 5 minute talk, with or without slides, at the event. Some are serious; some are funny. Normally we...
Eric Byres suggested we take our back and forth from the blogs to the stage at S4x14. I had 5 minutes to explain why SCADA Apologist, as I claim Eric is, are a major impediment to progress in ICS security. Then Eric had 5 minutes to respond why he was a SCADA Realist...
With all the furor about S4 over the past week, our readers may have missed some of the developments on the NERC CIP front. Last week, NERC and electric power representatives (and a bunch of us consulting folks) met in both Phoenix and Atlanta for a one-day conference...
We hear all the time about the lifecycle of ICS software and hardware being measured in decades rather than years. So even if new code goes through a security development lifecycle (SDL), the ICS community has a large amount of legacy code with latent vulnerabilities...
The NY Times reported NSA Devises Radio Pathway Into Computers. This program fits perfectly into my Preparation and Persistence talk at ICSage and the motivation behind the PLCpwn. I’ll have more on this when we post the PLCpwn video, but readers can think about...
As discussed in an earlier blog, attendees of S4x14 wanted to interact with ICS devices they may not have seen before, or even in some case just wanted more practice with devices they know quite well. It also allowed people from the novice to the advanced to have...
We decided to move up the release of Adam Crain / Chris Sistrunk S4x14 video because DISTRIBUTECH is next week in San Antonio. This is a big electric sector event and the DNP3 Technical Committee meets in conjunction with this event. The story of vulns in the DNP3...
Jason kicked off S4x14 with an instant classic S4 talk, and not because it spawned a lot of triangle jokes. 4kB of free space. That is all Jason had on this sensor to implement the attack and whatever measures to hide the attack from the operator. This is not enough...
At the S4x14 conference in Miami this past week, Alexander Bolshev of ERPScan gave an presentation on his work on the Highway Addressable Remote Transducer protocol (HART). HART is a commonly used industrial protocol for communication over legacy 4-20 ma...
