lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: JThomas at poweronemedia.com (Joshua Thomas)
Subject: east coast powergrid / SCADA [OT?]

It wasn't. Say some luser with an unpatched/compromised laptop connected to
the network. *poof*

What I have more trouble believing is that a single
workstation/controlstation would allow a large enough change to a power
plant to cause an effect like this.

In an ideal world, doing something like shuting down the whole power station
would be like firing a nuke: You need two people with keys, they're too far
apart for one person to do it by themself, etc.

Just my $.02.

Joshua Thomas
Network Operations Engineer
PowerOne Media, Inc.
tel: 518-687-6143
jthomas@...eronemedia.com 

-----Original Message-----
From: gml [mailto:gml@...ick.net]
Sent: Friday, August 15, 2003 4:50 PM
To: RMcElroy@....com; scheidell@...nap.net; tetsujin@...cast.net
Cc: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]


I can't image that anything really important would be connected to the
internet.  Then again who knows right.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
RMcElroy@....com
Sent: Friday, August 15, 2003 3:41 PM
To: scheidell@...nap.net; tetsujin@...cast.net
Cc: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]

At least on the west coast they do not, I think the requirements of the
systems are way out of Microsoft's range. Lot's and Lot's of Unix

-----Original Message-----
From: Michael Scheidell [mailto:scheidell@...nap.net] 
Sent: Friday, August 15, 2003 11:36 AM
To: tetsujin
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]


> 
> Paller said it is "highly unlikely" that the process control computers

> behind critical infrastructure like power in the United States would 
> run on the Windows operating system.

well, ONTARIO HYDRO does seem to have SOME windoes boxes.. at least here
is one that appears to have been infected with slammer:

http://www.hackertrap.net/LID.pl?IID=39335068

(Aug 9th through the 12th?)


-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030815/75fb7b61/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ