lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F3CD045.24761.E3E3B5@localhost>
From: cta at hcsin.net (Bernie, CTA)
Subject: The Grid, Blaster v. Poor Security Engineering

It is ridiculous to accept that a lightning strike could knock 
out the grid. There are many redundant fault, limit and Voltage-
Surge Protection safeguards and related instrumentation and 
switchgear installed at the distribution centers and along the 
Power Grid that would have tripped to prevent or otherwise 
divert such a major outage. 

I believe that the outage was caused by the blaster, or its 
mutation, besieged upon the respective vulnerability in the 
systems (SCADA and otherwise) running MS 2000 or XP, located 
different points along the Grid. Some of these systems are 
accessible via the Internet, while others are accessible by POTS 
dialup, or private Frame relay and dedicated connectivity.

It is also reasonable to assume that we could have a similar 
security threat regarding those system (SCADA and otherwise 
based on MS 2000 or XP) involved in the control, data 
acquisition, and maintenance of other critical infrastructure, 
such as inter/intra state GAS Distribution, Nuclear Plant 
Monitoring, Water and Sewer Processing, and city Traffic 
Control. IMO

I think we will see a lot of finger pointing by government 
agencies, Utilities, and politicians for the Grid outage, until 
someone confess to the security dilemma and vulnerabilities in 
the systems which are involved in running this critical 
infrastructure.

Regardless of whether the outage can be attributed to the 
blaster or its variant, this is not entirely a Microsoft 
problem, as it cuts to poor System Security Engineering. 

Nonetheless, the incident will cause lots of money to be 
earmarked by the US and Canadian Governments, to be spent in an 
attempt to solve the problem, or more specifically calm the 
public.


-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta@...in.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ