lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47535341.6060206@rogers.com>
Date: Sun, 02 Dec 2007 19:52:17 -0500
From: gmaggro <gmaggro@...ers.com>
To: full-disclosure@...ts.grok.org.uk
Subject: SCADA refresher

Been giving myself a little refresher on SCADA, hope no-one minds the MLP.

Stock presentation on SCADA security issues:

http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf

Ganesh Devarajan's Defcon presentation was interesting:
  http://video.google.com/videoplay?docid=2434649448102709100&hl=en

Makes of SCADA and related products I have seen in actual use:
  Allen Bradley	(hardware)
  Siemens	(hardware)
  RAND		(hardware)
  ABB		(hardware)
  Wonderware	(software, assuming this was what Ganesh was assaulting)

Well, assuming it was Wonderware (http://us.wonderware.com) since in
multiple networks of hundreds of thousands of nodes, and the companies
that own them... Wonderware was the only SCADA related package that
creeped up.

On a different and amusing note, X.25 was still in use in a number of
these locations. Take that for what you will, but I don't think that's a
good sign. Hello, Datapac! However I have little idea what the X.25
landscape is like anymore.  Would be interesting if both
credit/financial and infrastructure data regularly travelled over the
same paths. Get access to a lottery/debit terminal, or just its
connectivity, and leverage that.

24th Chaos Communication Congress "Hacking SCADA", it sure would be nice
to make it over:
  http://events.ccc.de/congress/2007/Fahrplan/events/2227.en.html

More amusement, though it's a subscription site:
  http://www.digitalbond.com/wiki/index.php/SCADA_IDS_Signatures

Anyone have any resources they'd care to share?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ