Duplicity, Ineffectiveness & Challenge Pass/Fail

Reid Wightman of Digital Bond Labs presented Vulnerability Inheritance in ICS at S4xJapan, and he posted the video and a technical article yesterday. I’d like to weigh in on the duplicity of 3S, the ineffectiveness of ICS-CERT, and the challenge passed and...

S4x15 Theme & Other ICS Security Events

Registration for S4x15 Week will open this Thursday, and be ready if you want to get one of the 50 lowest cost tickets to the event. We are still working on the one word theme for the event. Some of the leading contenders are Advance, Beyond, and Push. I’ve seen the...

Vulnerability Inheritance in PLCs – CoDeSys V3 Edition

At last week’s S4xJapan conference, I gave a talk about insecure-by-design vulnerabilities inherited in PLCs, and provide two vulnerable Japanese PLC vendors as examples of those inheriting security issues. During the talk, I am speaking purposefully slowly...

Friday News & Notes

The biggest story of the week … we may have the 3rd example of malware targeting ICS. Kyle Wilhoit and Jim Gogolinski of Trend Micro write about Sandworm attacking GE Cimplicity HMI. Interesting pull quote, “As further proof of the malware targeting...

Protocol Differential Analysis

The term Protocol Differential Analysis needs to make Google as an infosec technique.  I first heard the term from esSOBi at Indianapolis’ Circle City Con.  I first encountered the trick, though, in a research lab a few years before: a quick and dirty...

Friday News & Notes

Wurldtech announced the Achilles Industrial Firewall. It was hard to understand why GE purchased Wurldtech for their protocol testing, but if they were purchasing this product it begins to makes sense. The pricing for the perimeter model starts at $30K and the field...

S4x15 Registration Info

S4x15 registration will open at noon EDT on October 23rd. Registering early will not only guarantee you a spot at the event, it will also save you some money. We have kept the price for the two-day S4 event at $995 since the first S4 in 2007. We even added a third...

Friday News & Notes

The US Food and Drug Administration (FDA) published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. We haven’t had time to read it yet, but take a look at Patrick Coyle’s analysis. Pull quote, “Interestingly, in...

Security Theater ICS Webisode

ICS-CERT published an advisory on web server vulnerabilities in Schneider Electric PLC’s including Quantums, Momentums, TSX and other Modicon models. It is a near perfect example of what is wrong with DHS and PLC vendors and in a way the ICSsec community for...

Where To Hide Malware In ICS

The folders that ICS applications are installed in are usually configured as exclusions to anti-virus scanning. In some cases, the almost constant updating of the ICS data files leads to unacceptable performance if subjected to anti-virus protection. In other cases...