lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <413484A7.8030104@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: Viral infection via Serial Cable

James Tucker wrote:

>Sure, but you can only move up a stack which exists.
>
>Given that there should be no applications on the other end of the
>RS232 apart from the CAD/CAM control program (one would hope, this
>would be considered 'normal'), the only hackable device should be that
>program. It's not unlikely that the program in question could be set
>to perform destructive actions; allot of industrial software of this
>type is not well written and buffers certainly don't always get
>checked. This would require a custom hack though, I don't know of any
>viri which carry protocol definitions for RS232 CAD/CAM programs.
>
>  
>
I think that we're missing something here. The workstation sends 
commands to the laser via the serial connection (assumed RS232 for this 
example and not TCP/IP based) so presumably, the win2k workstation can 
send whatever commands it wants to the laser via the serial cable within 
the bounds of its programming. 

Therefore, you don't need to send a virus along the serial cable, you 
just need to gain remote access to the CAD/CAM workstation and cause it 
to do something nasty.

This would require prior knowledge of it's operation and configuration, 
of course, and the will to carry out this crack -- but one of the cited 
scenarios was a "disgruntled employee" and we can presume that they have 
special knowledge of the environment.

In other words: keep that box off the LAN.  That's my suggestion.  We 
*know* that win2k is vulnerable to worm and virus outbreaks, and that's 
all we need to know for this scenario.  It's like tunneling from a 
system with an external IP into a NAT'ed LAN -- same exact concept, only 
probably easier because you already have an authenticated connection to 
your destination. 


>>  "There aught to be limits to freedom!"    George Bush
>>    
>>
>Not to defend the guy, he makes allot of stupid comments and
>decisions, however he is talking about laws and he is not wrong, there
>are many people in the world who need certain freedoms removed. How
>about they learn to remove the freedom of gun ownership.
>
>  
>
I agree with you, but when the quote is put into context, that's not 
what Bush meant.  It was an angry response of his to an American who 
owned a website criticizing him.

Bush's point was that there ought to be limits to free speech and that 
people shouldn't be allowed to criticize him (and, to be fair, he could 
have meant others as well).

You give the man too much credit.


                -Barry





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ