lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 15 Jan 2008 16:42:52 -0500
From: gmaggro <gmaggro@...ers.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: scada/plc gear

> An organized SCADA pen testing web presence would be extremely cool.  
> ...
> What do you think? Do you think some sort of a forum/wiki would be a 
> good medium to start with?

To some extent, yes, but considering that I do not respect intellectual 
property laws of any kind, I just don't see how that would be workable.

For example: a compatriot of mine has a collection of SCADA related 
Snort signatures. Someone else might have the Nessus SCADA plugins, 
which are supposed to require you to sign up for a pricey feed.

Let's say they want to trade, or far more preferably, make the 
information freely available. All at minimal risks to themselves, of 
course. Not to help people protect themselves, but so people can 
bootstrap their knowledge and perhaps generate attacks from them. Or 
simply to shave time off due to laziness. I do not care, I just want to 
see it out there and accessible to everyone.

Another example of particular interest to me is the PLCC flash on the 
ADAM-4572 which I'm hoping contains all the code (i.e. nothing masked 
onto the ARM mcu).  It would be instructive to see how the network stack 
was written, how modbus is implemented, etc. If this is the case I would 
want to post the code for analysis. My assembly and reversing skills, 
which are terrible in general, are even worse for anything non-x86. Much 
help would be needed.

On a different note, I'd like to renew my call again for people to 
donate to the software authors or projects that they use. Corporations 
and businesses can take care of themselves, let's do what we can to 
support the little guys - especially those that make the more 'evil' 
tools :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ