[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <003701c36452$a66ccd30$0201a8c0@stephenjfrss85>
From: steve at stevesworld.hopto.org (Stephen Clowater)
Subject: east coast powergrid / SCADA [OT?]
----- Original Message -----
From: "Geoff Shively" <gshively@...x.com>
To: "Stephen Clowater" <steve@...vesworld.hopto.org>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Saturday, August 16, 2003 3:55 PM
Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> >
> > I'd read thru the bugtraq archives on securityfocus.com so you can
really
> > get a sense of the kinda long standing trouble rpc has been causeing
over
> > the years, RPC has been a long standing issue, in fact, For the last few
> > years, Most places have just started blocking rpc out to the internet
and
> > given up on securing the protocol. Its caused many a headache to samaba
> > (were you can now guess passwords curtosy of rpc) and Windows. With all
> the
> > vunerabilities that windows goes through, alot of the particulars get
lost
> > in the grand river of crapulance that is windows security. Ths is the
> first
> > worm to spread Exclusivly on a RPC exploit. And this Is the worst rpc
> > Exploit yet (hell probably the worst windows exploit yet) But by just
the
> > sheer numbers of Exploits that show up in windows, if the systems doing
> > critical monitoring were open to all on the internet, shurly we would
> heave
> > been seeing outages like this before hand, there have been thousands of
> > exploits agianst windows since the monitoring systems went into place.
> >
>
> Correct. We have been working on RPC stuff for as long as I can remember.
> even
> had a hand in the latest stuff before it became blaster. I was curious if
> there was
> any other small or medium scale worm that used this in the past few years.
I
> don't
> think there has been, it would have had to been pretty far 'under the
> radar'.
Well its not so much that they wernt as major as that no one made a worm
that would spread so quickly, and then screwed it up so badly. There have
been hundreds of RPC problems that I have personally found myself cleaning
up because some CFO wanted to be able to get to his Email from outhouse
(outlook) express (no one read the mail headers on this email I'm on my
windows box with a imap connection `/me starts crying in shame`) when he
found were windows puts the folders for storage, and how to make it point
somewere else, then of COURSE, MOUNTING the mailboxes at work and then
mounting the share at home and pointing outhouse to that network drive was
the solution he wanted.
>
> Point being its a new beast with new consequences. Slammer and 13k BoFA
> ATMS,
> flight control systems, etc etc. As these new machines come about new
> consequences
> are going to appear.
>
True, but flight control systems are on a VPN for instructions to aircraft,
and internet for desktop uses. For the most part, regulated things like
power, water, and other critical systems have learned not to use windows for
what they are doing. But windows does remain in place at these same places
for desktop use. But things like ATM's and some long distance trunks can be
disrupted with things like slammer.
> > Well my l33t hax0r ski11z lead me to watch CNN and draw on experience :)
>
> Did u 0wnz0r1z3 yur TeeVee yet? =)
0h ya....and th3n 1 hax0r3d 1t 1nt0 showing p0rn a11 th3 t1m3 4 fr33. :)
hehe
>
>
> Cheers,
>
> Geoff Shively, CHO
> PivX Solutions, LLC
>
> http://www.pivx.com
>
Powered by blists - more mailing lists