lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: gshively at pivx.com (Geoff Shively)
Subject: east coast powergrid / SCADA [OT?]

>  Now can we give msblast a rest? :)

Not just yet, I still have a breath or two left =).

>This is far from a complete explanation. But it fits the available facts,
it
>fits the timetable of what happened, and it makes logical sense in relation
>to the recent history of the power grid.

I have to concur, but in this case, I am referring to the blast theory. It
does
fit the timetable and available facts. I am not saying this is fact, I am
saying
we should not dismiss it easily.

Quick and easy dismissal on this list and others were surprisingly hard to
find,
discussions have been intelligent and well rounded. Lots of input from
people
who actually know the SCADA and DCS systems, as well as people in general
security.

This information sharing makes me happy compared to the frustration I
experience when I read the quotes by SANS and CERT reps in all of the
national news media articles dismissing the possibility without even
looking into it. How do I know they didn't look into it? Well, for starters
there was a statement made by Alan Paller, CEO of SANS Institute said it is
"highly unlikely" that the  process control computers behind critical
infrastructure like power in the United States would run on the Windows
operating system.

> Please, if that
> were the case, why have none of hte other billons of windows
vulnerabilities
> ever affected the grid? more specifically, why havent any of the thousands
> of rpc vunerabilites ever effected the grid?

This is one of the largest RPC worms released is it not? I am actually
asking,
because I cannot remember one that exploited the same conditions or mimicked
the activates of blaster.

Also, you never know when a certain set of circumstances will permit one
thing from happening and not another. One of the nuances of multi-layers
technology.

> Niagra somehow saw this coming and shut down all generators in time
> to stay on the grid, and as the failure expanded more failsafe kicked in
to
> contain it.

CNN also said that the entire cascading shutdown occurred in 9 seconds
total.

This means that the Niagara plant was one of the first in this cascade
effect and
would have had a fraction of that time to see a surge coming, and with the
speed
in which we all know electrical surges travel there would be little to no
warning.

I am no power expert, I am just working with the facts provided to me, and
my
uber leet math skills of adding and subtracting ;)

> This is far from a complete explanation.

As is anything at this point, but hey, this is all part of the process.

Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

http://www.pivx.com

----- Original Message ----- 
From: "Stephen Clowater" <steve@...vesworld.hopto.org>
To: <full-disclosure@...ts.netsys.com>
Sent: Saturday, August 16, 2003 1:36 AM
Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]


> Its highly unlikely that msblast had anything to do with the power outage.
> For one, the internal rpc network that is used to monitor actual power
> spikes, and to move current from one circut to the next in a grid is a
> closed network. And in the areas were it cant be closed (between major
> utilities) it is tunnled via a VPN. Yes it runs a bit of NT4 and a bit of
> Windows 2000, In the next few years there has been a plan proposed to make
> freeBSD a standard.
>
> MSblast did not cause this, there have been warnings for the last 10 years
> that the grid was overloaded in the particular ring were the overload
> started. For years people have been warning that if a major transmitton
line
> went during a high demand period of time, then you could be looking at a
> surge larger than can be midigated coming out of that ring. And then when
it
> happens people come up with this theory that its msblast? Please, if that
> were the case, why have none of hte other billons of windows
vunerabilities
> ever affected the grid? more specifically, why havent any of the thousands
> of rpc vunerabilites ever effected the grid?
>
> And sure enough, this morning on CNN, officals said they have a working
> theory that a major transmition line inside the ring went, wich created a
> back wave in the grid until it finaly came around in the form of a hudge
> surge. Niagra somehow saw this coming and shut down all generators in time
> to stay on the grid, and as the failure expanded more failsafes kicked in
to
> contain it.
>
> This is far from a complete explanation. But it fits the avialable facts,
it
> fits the timetable of what happened, and it makes logical sense in
relation
> to the recent history of the power grid.
>
> Now can we give msblast a rest? :)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ