http://www.theinquirer.net/default.aspx?article=39483 By Nick Farrell 09 May 2007 WHILE THE US Department of Homeland Security has been making life miserable for those who have the misfortune of being tourists to its country, they seem to have missed a huge software security hole which could bring down their nuclear power stations. The flaw, found in Protocol Handling Vital National Infrastructure Systems which control dams, oil refineries, railroads and nuclear power plants have a vulnerability that could mean that hackers could take them over. Security boffins Neutralbit say that the flaw is remotely exploitable and can be found in SCADA which is short for supervisory control and data acquisition. The hole is in the NETxAutomation NETxEIB OPC Server which is Microsoft software designed to write GUI applications for SCADA. Neutralbit has also published five vulnerabilities having to do with OPC. Apparently NETxAutomation has addressed the flaw by releasing version 3.0.1300 of the NETxEIB OPC Server. The company has also released a patch for NETxEIB OPC Server version 3.0. US-Cert recommends restricting remote access to the server to only trusted hosts by using firewalls or only connecting them to private networks, until a fixed version of the server can be deployed. Either way it is a bit more important than bringing a bottle of water on a plane. L'INQ - http://www.physorg.com/news94025004.html _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 09 2007 - 23:35:03 PDT