lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200408310735.i7V7Z75c013866@plug.fi>
From: tjk at tksoft.com (Troy)
Subject: Viral infection via Serial Cable

If I understand this correctly, you have a system like this:
-machine A has windows and is connected to the Internet.
-machine B is the laser cutter with windows 2000.
-machine A is used to control machine B. The commands are sent
 from machine A through a serial cable to machine B.

If this is the case, you question boils down to:
1. "what kind of communication protocol, and what kind of message format is
    being used to send messages to machine B?" 
2. "what software(s) are handling the messages on machine B?"
3. "what kind of other software is running on machine B, which is accessible through 
    the serial port?"

If machine B accepts messages in, say Excel format, it is possibly vulnerable.
If machine B uses windows networking or TCP/IP to communicate over the serial link, 
it is possibly vulnerable.
If machine B has some exploitable service open on it, it is vulnerable.

You get my drift. You have to start from finding out what's on the machines,
and how they communicate. Once you know what you have, you can make a risk
analysis of the situation.




Troy




> > On Mon, 30 Aug 2004 19:35:25 +0200, Jean Gruneberg
> > 
> > 
> > <gruneberg@...amail.co.za> wrote:
> > > Hi all
> > >
> > > OK - here is a basic question - sorry if this is totally clueless.
> > >
> > > I have a client who runs a heavy engineering shop.  To date all his
> > > computerised punches and bend breaks etc. have been driven via a windows CAD
> > > workstation talking to them on a serial cable - basically a data dump to the
> > > machine which runs a modified dos based OS.
> > >
> > > So he buys a new sheet metal laser cutter and they bring the system online
> > > whilst I'm busy throwing shielded cabling for serial comms to the new
> > > machine - lo and behold the system boots to windows 2000 (the concept of a
> > > high powered laser metal cutting device driven by windows is another
> > > conversation entirely...)
> > >
> > > So I have a closer look at the beast and it is basically a pc built into a
> > > very large machine - has all the usual LAN / USB etc.  The system even comes
> > > pre-installed with Norton AV.  We (read me) make a management decision not
> > > to park said machine on the LAN (concept of disgruntled employee and said
> > > laser)  also the data suite that talks to the laser is now windows based and
> > > not an old dos prompt data suite to the older machines.
> > >
> > > So the question is, is a pc / machine connected to another pc via serial
> > > cable only using specialised windows software to move data to the machine at
> > > all vulnerable to viruses?  Can they transmit themselves across a serial
> > > cable?
> > >
> > > Jean
> > >
> > > ---
> > >
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > 
> > 
> > --
> > Peace. ~G
> > 
> > 
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ