lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Dec 2007 14:51:30 -0500 From: "Dude VanWinkle" <dudevanwinkle@...il.com> To: gmaggro <gmaggro@...ers.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: SCADA refresher Also Johnson Controls in 2005 they were busy converting the proprietary BACnet speaking SCADA devices to embedded windows XP, considering NASA and friends run JCI, and there is no good way to update embedded XP (AFAIK) remotely, these systems should be prime targets... Whats an MLP? -JP On Dec 2, 2007 7:52 PM, gmaggro <gmaggro@...ers.com> wrote: > Been giving myself a little refresher on SCADA, hope no-one minds the MLP. > > Stock presentation on SCADA security issues: > > http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf > > Ganesh Devarajan's Defcon presentation was interesting: > http://video.google.com/videoplay?docid=2434649448102709100&hl=en > > Makes of SCADA and related products I have seen in actual use: > Allen Bradley (hardware) > Siemens (hardware) > RAND (hardware) > ABB (hardware) > Wonderware (software, assuming this was what Ganesh was assaulting) > > Well, assuming it was Wonderware (http://us.wonderware.com) since in > multiple networks of hundreds of thousands of nodes, and the companies > that own them... Wonderware was the only SCADA related package that > creeped up. > > On a different and amusing note, X.25 was still in use in a number of > these locations. Take that for what you will, but I don't think that's a > good sign. Hello, Datapac! However I have little idea what the X.25 > landscape is like anymore. Would be interesting if both > credit/financial and infrastructure data regularly travelled over the > same paths. Get access to a lottery/debit terminal, or just its > connectivity, and leverage that. > > 24th Chaos Communication Congress "Hacking SCADA", it sure would be nice > to make it over: > http://events.ccc.de/congress/2007/Fahrplan/events/2227.en.html > > More amusement, though it's a subscription site: > http://www.digitalbond.com/wiki/index.php/SCADA_IDS_Signatures > > Anyone have any resources they'd care to share? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists