[ISN] Vital US institutions left wide open to terror attack

From: InfoSec News (alerts@private)
Date: Wed May 09 2007 - 23:30:46 PDT


http://www.theinquirer.net/default.aspx?article=39483

By Nick Farrell
09 May 2007

WHILE THE US Department of Homeland Security has been making life 
miserable for those who have the misfortune of being tourists to its 
country, they seem to have missed a huge software security hole which 
could bring down their nuclear power stations.

The flaw, found in Protocol Handling Vital National Infrastructure 
Systems which control dams, oil refineries, railroads and nuclear power 
plants have a vulnerability that could mean that hackers could take them 
over.

Security boffins Neutralbit say that the flaw is remotely exploitable 
and can be found in SCADA which is short for supervisory control and 
data acquisition.

The hole is in the NETxAutomation NETxEIB OPC Server which is Microsoft 
software designed to write GUI applications for SCADA. Neutralbit has 
also published five vulnerabilities having to do with OPC.

Apparently NETxAutomation has addressed the flaw by releasing version 
3.0.1300 of the NETxEIB OPC Server. The company has also released a 
patch for NETxEIB OPC Server version 3.0. US-Cert recommends restricting 
remote access to the server to only trusted hosts by using firewalls or 
only connecting them to private networks, until a fixed version of the 
server can be deployed.

Either way it is a bit more important than bringing a bottle of water on 
a plane.

L'INQ - http://www.physorg.com/news94025004.html


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Wed May 09 2007 - 23:35:03 PDT