lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: gshively at pivx.com (Geoff Shively) Subject: east coast powergrid / SCADA [OT?] > > I'd read thru the bugtraq archives on securityfocus.com so you can really > get a sense of the kinda long standing trouble rpc has been causeing over > the years, RPC has been a long standing issue, in fact, For the last few > years, Most places have just started blocking rpc out to the internet and > given up on securing the protocol. Its caused many a headache to samaba > (were you can now guess passwords curtosy of rpc) and Windows. With all the > vunerabilities that windows goes through, alot of the particulars get lost > in the grand river of crapulance that is windows security. Ths is the first > worm to spread Exclusivly on a RPC exploit. And this Is the worst rpc > Exploit yet (hell probably the worst windows exploit yet) But by just the > sheer numbers of Exploits that show up in windows, if the systems doing > critical monitoring were open to all on the internet, shurly we would heave > been seeing outages like this before hand, there have been thousands of > exploits agianst windows since the monitoring systems went into place. > Correct. We have been working on RPC stuff for as long as I can remember. even had a hand in the latest stuff before it became blaster. I was curious if there was any other small or medium scale worm that used this in the past few years. I don't think there has been, it would have had to been pretty far 'under the radar'. Point being its a new beast with new consequences. Slammer and 13k BoFA ATMS, flight control systems, etc etc. As these new machines come about new consequences are going to appear. > Well my l33t hax0r ski11z lead me to watch CNN and draw on experience :) Did u 0wnz0r1z3 yur TeeVee yet? =) Cheers, Geoff Shively, CHO PivX Solutions, LLC http://www.pivx.com ----- Original Message ----- From: "Stephen Clowater" <steve@...vesworld.hopto.org> To: "Geoff Shively" <gshively@...x.com> Cc: <full-disclosure@...ts.netsys.com> Sent: Saturday, August 16, 2003 12:34 PM Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?] > > ----- Original Message ----- > From: "Geoff Shively" <gshively@...x.com> > To: "Stephen Clowater" <steve@...vesworld.hopto.org> > Cc: <full-disclosure@...ts.netsys.com> > Sent: Saturday, August 16, 2003 3:33 AM > Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?] > > > > > Please, if that > > > were the case, why have none of hte other billons of windows > > vulnerabilities > > > ever affected the grid? more specifically, why havent any of the > thousands > > > of rpc vunerabilites ever effected the grid? > > > > This is one of the largest RPC worms released is it not? I am actually > > asking, > > because I cannot remember one that exploited the same conditions or > mimicked > > the activates of blaster. > > I'd read thru the bugtraq archives on securityfocus.com so you can really > get a sense of the kinda long standing trouble rpc has been causeing over > the years, RPC has been a long standing issue, in fact, For the last few > years, Most places have just started blocking rpc out to the internet and > given up on securing the protocol. Its caused many a headache to samaba > (were you can now guess passwords curtosy of rpc) and Windows. With all the > vunerabilities that windows goes through, alot of the particulars get lost > in the grand river of crapulance that is windows security. Ths is the first > worm to spread Exclusivly on a RPC exploit. And this Is the worst rpc > Exploit yet (hell probably the worst windows exploit yet) But by just the > sheer numbers of Exploits that show up in windows, if the systems doing > critical monitoring were open to all on the internet, shurly we would heave > been seeing outages like this before hand, there have been thousands of > exploits agianst windows since the monitoring systems went into place. > > > > > Also, you never know when a certain set of circumstances will permit one > > thing from happening and not another. One of the nuances of multi-layers > > technology. > > > > > Niagra somehow saw this coming and shut down all generators in time > > > to stay on the grid, and as the failure expanded more failsafe kicked in > > to > > > contain it. > > > > CNN also said that the entire cascading shutdown occurred in 9 seconds > > total. > > > > This means that the Niagara plant was one of the first in this cascade > > effect > > Well yes, But since all the plants around the loop were hit just as fast, It > also means the problem originated in that loop :) > > > and would have had a fraction of that time to see a surge coming, and > with the > > speed > > in which we all know electrical surges travel there would be little to no > > warning. > > True, I'm not sure how they saw it coming, I suspect that one of the systems > at Niagra picked it up and started an emergency shutdown of the generators. > How long it takes the plants to get back up really is just a function of how > fast the generators were running when the grid went down around it. To get a > sense of what happens to a generator when cut off from the grid, put your > car into reverse and then drop clutch it :) Its something like that. So, in > order to prevent any problems at niagra, All they really had to do was to > get the generators Mostly shut down by the time the surge tripped the stuff > up there. After that the surge probably bleed of into the surrounding grid. > > Also, Niagra's Shut down and how fast they had to shut down just shows that > the problem probably originated in the loop that they were feeding into. > More than likely what happend was as the surge began in the loop, it tripped > some alarms at niagra. Wich fits the theory that something began with the > hardware in the power loop. > > > > > I am no power expert, I am just working with the facts provided to me, and > > my > > uber leet math skills of adding and subtracting ;) > > Well my l33t hax0r ski11z lead me to watch CNN and draw on experience :) But > really all any of us are all doing is speculating, We will know for sure > soon enough, there are to many burecrats involved here for some pie in the > sky conspericey theory. For now we are just bouncing random theories around > the place. >
Powered by blists - more mailing lists