lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42B71BDC6F8D6D4BB99AC2A03725A983680848@exchange-lgst-1.logisoft.tv>
From: jcaggy at logisoft.com (Caggy, James)
Subject: SCADA makes you a target for terrorists take 2

This is a "Lessons learned from Slammer" advisory put out by the NAERC
two months ago and admits that the SCADA system is vulnerable to worms
and/or viruses.

http://www.esisac.com/publicdocs/SQL_Slammer_2003.pdf

There's still no reason not to believe that last week's blackout wasn't
in someway related to MSBlaster or a hacker taking advantage of RPC.



-----Original Message-----
From: Bernie, CTA [mailto:cta@...in.net] 
Sent: Monday, August 18, 2003 9:03 PM
To: full-disclosure@...ts.netsys.com
Cc: Elinor.Abreu@...ters.com
Subject: [Full-Disclosure] SCADA makes you a target for terrorists take
2

Over a year ago the NIPC put out a warning about threats 
regarding the SCADA Systems

Again, my point is regardless of what caused the Blackout, 
attention needs to be given on improving and integrating System 
Security first, and replacing the so called worn out Grid 
(cables and related infrastructure) last. Vulnerable components 
should be identified, isolated and neutralized immediately. 
Worry about the sagging cables later. 

I can not understand why the same basic principles of systems 
security engineering should not apply to the Power Industry 
i.e., analyze potential Threats (Accessibility, Integrity, 
Confidentiality), Vulnerabilities and Attacks.

Ok I'm done... for now.

>>>>
 National Infrastructure Protection Center


Terrorist Interest in Water Supply and SCADA Systems
Information Bulletin 02-001
30 January 2002

NIPC Information Bulletins communicate issues that pertain to 
the critical national infrastructure and are for information 
purposes only.

A computer that belonged to an individual with indirect links to 
USAMA BIN LADIN contained structural architecture computer 
programs that suggested the individual was interested in 
structural engineering as it related to dams and other water-
retaining structures. The computer programs included CATIGE, 
BEAM, AUTOCAD 2000 and MICROSTRAN, as well as programs used to 
identify and classify soils using the UNIFIED SOIL 
CLASSIFICATION SYSTEM.

In addition, U.S. law enforcement and intelligence agencies have 
received indications that Al-Qa'ida members have sought 
information on Supervisory Control And Data Acquisition (SCADA) 
systems available on multiple SCADA-related web sites. They 
specifically sought information on water supply and wastewater 
management practices in the U.S. and abroad. There has also been 
interest in insecticides and pest control products at several 
web sites.

Recipients can find additional information regarding posting 
sensitive infrastructure-related information on Internet web 
sites in NIPC Advisory 02-001 issued on 17 January 2002 at 
http://www.nipc.gov/warnings/advisories/2002/02-001.htm. The 
intent of this bulletin was to encourage Internet content 
providers to review the sensitivity of the data they provide 
online.

The NIPC encourages recipients of this Information Bulletin to 
report information concerning criminal or terrorist activity to 
their local FBI office http://www.fbi.gov/contact/fo/fo.htm or 
the NIPC, and to other appropriate authorities. Recipients may 
report incidents online at 
http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC 
Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or 
nipc.watch@....gov-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta@...in.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ