lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Dec 2007 14:51:30 -0500
From: "Dude VanWinkle" <dudevanwinkle@...il.com>
To: gmaggro <gmaggro@...ers.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SCADA refresher

Also Johnson Controls

in 2005 they were busy converting the proprietary BACnet speaking
SCADA devices to embedded windows XP, considering NASA and friends run
JCI, and there is no good way to update embedded XP (AFAIK) remotely,
these systems should be prime targets...

Whats an MLP?

-JP

On Dec 2, 2007 7:52 PM, gmaggro <gmaggro@...ers.com> wrote:
> Been giving myself a little refresher on SCADA, hope no-one minds the MLP.
>
> Stock presentation on SCADA security issues:
>
> http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf
>
> Ganesh Devarajan's Defcon presentation was interesting:
>   http://video.google.com/videoplay?docid=2434649448102709100&hl=en
>
> Makes of SCADA and related products I have seen in actual use:
>   Allen Bradley (hardware)
>   Siemens       (hardware)
>   RAND          (hardware)
>   ABB           (hardware)
>   Wonderware    (software, assuming this was what Ganesh was assaulting)
>
> Well, assuming it was Wonderware (http://us.wonderware.com) since in
> multiple networks of hundreds of thousands of nodes, and the companies
> that own them... Wonderware was the only SCADA related package that
> creeped up.
>
> On a different and amusing note, X.25 was still in use in a number of
> these locations. Take that for what you will, but I don't think that's a
> good sign. Hello, Datapac! However I have little idea what the X.25
> landscape is like anymore.  Would be interesting if both
> credit/financial and infrastructure data regularly travelled over the
> same paths. Get access to a lottery/debit terminal, or just its
> connectivity, and leverage that.
>
> 24th Chaos Communication Congress "Hacking SCADA", it sure would be nice
> to make it over:
>   http://events.ccc.de/congress/2007/Fahrplan/events/2227.en.html
>
> More amusement, though it's a subscription site:
>   http://www.digitalbond.com/wiki/index.php/SCADA_IDS_Signatures
>
> Anyone have any resources they'd care to share?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists