http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/229625393/researcher-challenges-siemens-public-reaction-to-new-scada-flaws.html By Kelly Jackson Higgins Dark Reading May 23, 2011 A researcher who late last week pulled his planned public presentation on some newly discovered and deadly SCADA bugs contends that Siemens is unfairly attempting to publicly downplay the flaws and the nature of their exploitability. Dillon Beresford, a researcher with NSS Labs, canceled his talk at TakedownCon 2011 in Dallas at the eleventh hour due to concerns about the contents' possible risk to human life. He had planned to reveal vulnerabilities and proof-of-concept (PoC) exploit code for flaws in Siemens SCADA industrial-control systems products. Details of the research and on the bugs themselves are being closely held by Beresford, his colleagues, ICS-CERT, and Siemens, but the description of the so-called "Chain Reactions—Hacking SCADA" presentation certainly raised alarm and interest: "Combining traditional exploits with industrial control systems allows attackers to weaponize malicious code, as demonstrated with Stuxnet. The attacks against Iran's nuclear facilities were started by a sequence of events that delayed the proliferation of nuclear weapons. "We will demonstrate how motivated attackers could penetrate even the most heavily fortified facilities in the world, without the backing of a nation state," the description continues. "We will also present how to write industrial grade malware without having direct access to the target hardware. After all, if physical access was required, what would be the point of hacking into an industrial control system?" [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Mon May 23 2011 - 22:13:04 PDT
This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 22:23:34 PDT