[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e024ccca0712031151xd8453fdm9c376f38583fb639@mail.gmail.com>
Date: Mon, 3 Dec 2007 14:51:30 -0500
From: "Dude VanWinkle" <dudevanwinkle@...il.com>
To: gmaggro <gmaggro@...ers.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SCADA refresher
Also Johnson Controls
in 2005 they were busy converting the proprietary BACnet speaking
SCADA devices to embedded windows XP, considering NASA and friends run
JCI, and there is no good way to update embedded XP (AFAIK) remotely,
these systems should be prime targets...
Whats an MLP?
-JP
On Dec 2, 2007 7:52 PM, gmaggro <gmaggro@...ers.com> wrote:
> Been giving myself a little refresher on SCADA, hope no-one minds the MLP.
>
> Stock presentation on SCADA security issues:
>
> http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf
>
> Ganesh Devarajan's Defcon presentation was interesting:
> http://video.google.com/videoplay?docid=2434649448102709100&hl=en
>
> Makes of SCADA and related products I have seen in actual use:
> Allen Bradley (hardware)
> Siemens (hardware)
> RAND (hardware)
> ABB (hardware)
> Wonderware (software, assuming this was what Ganesh was assaulting)
>
> Well, assuming it was Wonderware (http://us.wonderware.com) since in
> multiple networks of hundreds of thousands of nodes, and the companies
> that own them... Wonderware was the only SCADA related package that
> creeped up.
>
> On a different and amusing note, X.25 was still in use in a number of
> these locations. Take that for what you will, but I don't think that's a
> good sign. Hello, Datapac! However I have little idea what the X.25
> landscape is like anymore. Would be interesting if both
> credit/financial and infrastructure data regularly travelled over the
> same paths. Get access to a lottery/debit terminal, or just its
> connectivity, and leverage that.
>
> 24th Chaos Communication Congress "Hacking SCADA", it sure would be nice
> to make it over:
> http://events.ccc.de/congress/2007/Fahrplan/events/2227.en.html
>
> More amusement, though it's a subscription site:
> http://www.digitalbond.com/wiki/index.php/SCADA_IDS_Signatures
>
> Anyone have any resources they'd care to share?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists