[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <497BC68FEF2B4D4B93C27539FD5155E9026B05@HBRG-EXCHANGE.anteon.com>
From: MRMyers at anteon.com (Myers, Marvin)
Subject: The Grid, Blaster v. Poor Security Engineering
Not only is it ridiculous, it goes against everything that the power
companies have been telling us for years. If anyone has ever stood
outside during a thunderstorm and watched lightening bounce back and
forth across wires and transformers, then they will know that this is
bull. A single lightening strike while being able to cause significant
damage has never been proven able to bring down such a large portion of
the grid in the past. And if this were the case, they would be showing
the damage as soon as possible to quell and or stop the conspiracy and
doomsday theorists in their tracks. I know from experience, having done
work in several foreign countries, that even though we may live in a
free society, we are spoon fed only the information that the government
wants us to have. When information does leak out that they do not want
us to have, it is called a scandal. It gets reported on widely until the
news stops selling and then we move on to the next one.
I am not paranoid, I know that they are out to get me. But I live my
life to the fullest and am having fun during the journey.
-----Original Message-----
From: Bernie, CTA [mailto:cta@...in.net]
Sent: Friday, August 15, 2003 12:21 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] The Grid, Blaster v. Poor Security
Engineering
It is ridiculous to accept that a lightning strike could knock
out the grid. There are many redundant fault, limit and Voltage-
Surge Protection safeguards and related instrumentation and
switchgear installed at the distribution centers and along the
Power Grid that would have tripped to prevent or otherwise
divert such a major outage.
I believe that the outage was caused by the blaster, or its
mutation, besieged upon the respective vulnerability in the
systems (SCADA and otherwise) running MS 2000 or XP, located
different points along the Grid. Some of these systems are
accessible via the Internet, while others are accessible by POTS
dialup, or private Frame relay and dedicated connectivity.
It is also reasonable to assume that we could have a similar
security threat regarding those system (SCADA and otherwise
based on MS 2000 or XP) involved in the control, data
acquisition, and maintenance of other critical infrastructure,
such as inter/intra state GAS Distribution, Nuclear Plant
Monitoring, Water and Sewer Processing, and city Traffic
Control. IMO
I think we will see a lot of finger pointing by government
agencies, Utilities, and politicians for the Grid outage, until
someone confess to the security dilemma and vulnerabilities in
the systems which are involved in running this critical
infrastructure.
Regardless of whether the outage can be attributed to the
blaster or its variant, this is not entirely a Microsoft
problem, as it cuts to poor System Security Engineering.
Nonetheless, the incident will cause lots of money to be
earmarked by the US and Canadian Governments, to be spent in an
attempt to solve the problem, or more specifically calm the
public.
-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta@...in.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists