http://news.cnet.com/8301-27080_3-20087201-245/researchers-warn-of-scada-equipment-discoverable-via-google/ By Elinor Mills InSecurity Complex August 2, 2011 LAS VEGAS -- Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop. Acknowledging that he wouldn't click on any link results to avoid breaking the law by accessing a network without authorization, researcher Tom Parker typed in some search terms associated with a Programmable Logic Controller (PLC), an embedded computer used for automating functions of electromechanical processes. Among the results was one referencing a "RTU pump status" for a Remote Terminal Unit, like those used in water treatment plants and pipelines, that appeared to be connected to the Internet. The result also included a password -- "1234." That's like putting up a billboard saying SCADA (Supervisory Control and Data Acquisition) system here and, oh by the way, here are the keys to the front door. "You can do a Google search with your Web browser and start operating [circuit] breakers, potentially," Parker, chief technology officer at security consultancy FusionX, told CNET in a break during the workshop on "Building, Attacking And Defending SCADA Systems in the Age of Stuxnet." [...] ___________________________________________________________ Attend Black Hat USA 2011, hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4, offering over 60 training sessions and 9 tracks of Briefings from security industry elite. To sign up visit: http://www.blackhat.comReceived on Wed Aug 03 2011 - 02:48:50 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 03 2011 - 02:50:08 PDT