| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Brian.Perry at phns.com (Perry, Brian) Subject: Terrorist UFO hackers killed the grid Heh, <huge grin>! I must post this... http://www.virtuallystrange.net/ufo/mufonontario/archive/blkout.htm I must have been terrorist, UFO hackers that caused the grid to fail... Honestly though, due to cost constraints, human nature, etc....I find it unlikely that mankind will ever create a fault-proof system of any kind. And I don't see why lightning or other sources could not cause a relay failure (as in 65) that could overload an already overloaded grid. Regarding the rumors (Slashdot, etc.)...I do agree about the horribly vulnerable SCADA and other systems that control all our grids. (Having participated in some vulnerability assessments of those systems) It really doesn't matter (as much, thanks MS if you were a part of this mess) what OS is run as there will always be interfaces, modems, etc. attached to them. Unless a complete change of policy occurs, this will continue be the case. Moderator, please censor my garbage and others' like it from ever reaching the list. Anyone got 0day UFO code? -----Original Message----- From: Myers, Marvin [mailto:MRMyers@...eon.com] Sent: Friday, August 15, 2003 1:05 PM To: cta@...in.net; full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] The Grid, Blaster v. Poor Security Engineering Not only is it ridiculous, it goes against everything that the power companies have been telling us for years. If anyone has ever stood outside during a thunderstorm and watched lightening bounce back and forth across wires and transformers, then they will know that this is bull. A single lightening strike while being able to cause significant damage has never been proven able to bring down such a large portion of the grid in the past. And if this were the case, they would be showing the damage as soon as possible to quell and or stop the conspiracy and doomsday theorists in their tracks. I know from experience, having done work in several foreign countries, that even though we may live in a free society, we are spoon fed only the information that the government wants us to have. When information does leak out that they do not want us to have, it is called a scandal. It gets reported on widely until the news stops selling and then we move on to the next one. I am not paranoid, I know that they are out to get me. But I live my life to the fullest and am having fun during the journey. -----Original Message----- From: Bernie, CTA [mailto:cta@...in.net] Sent: Friday, August 15, 2003 12:21 PM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] The Grid, Blaster v. Poor Security Engineering It is ridiculous to accept that a lightning strike could knock out the grid. There are many redundant fault, limit and Voltage- Surge Protection safeguards and related instrumentation and switchgear installed at the distribution centers and along the Power Grid that would have tripped to prevent or otherwise divert such a major outage. I believe that the outage was caused by the blaster, or its mutation, besieged upon the respective vulnerability in the systems (SCADA and otherwise) running MS 2000 or XP, located different points along the Grid. Some of these systems are accessible via the Internet, while others are accessible by POTS dialup, or private Frame relay and dedicated connectivity. It is also reasonable to assume that we could have a similar security threat regarding those system (SCADA and otherwise based on MS 2000 or XP) involved in the control, data acquisition, and maintenance of other critical infrastructure, such as inter/intra state GAS Distribution, Nuclear Plant Monitoring, Water and Sewer Processing, and city Traffic Control. IMO I think we will see a lot of finger pointing by government agencies, Utilities, and politicians for the Grid outage, until someone confess to the security dilemma and vulnerabilities in the systems which are involved in running this critical infrastructure. Regardless of whether the outage can be attributed to the blaster or its variant, this is not entirely a Microsoft problem, as it cuts to poor System Security Engineering. Nonetheless, the incident will cause lots of money to be earmarked by the US and Canadian Governments, to be spent in an attempt to solve the problem, or more specifically calm the public. - **************************************************** Bernie Chief Technology Architect Chief Security Officer cta@...in.net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately.
Powered by blists - more mailing lists