- Microsoft has released a new threat modeling tool. We are huge fans of threat modeling, and it is a part of our application assessment methodology. Looking forward to trying out the tool. Just wish they would release a version of Visio for the Mac.
- Another presentation on hacking Modbus enabled devices. This time at SIFT in Australia.
- The team at AlienVault has a free plugin feed for Nessus. They have developed some new SCADA plugins. Jason’s quick analysis indicated most of these SCADA plugins identify OPC Servers on the network via the AppID. [hat tip: Landon Lewis]
- This week OSIsoft released a “critical security patch for PI Enterprise Server (OSIsoft PLI 18175OSI8) addresses vulnerability in the PI Network Manager service. The vulnerability could allow remote code execution if an affected system receives a specially crafted PI-API message.” This is another example of why you need to monitor more than just Microsoft for security patches. We are seeing more asset owners with effective Windows patch management programs, who at the same time are ignoring patches for the database, components like JRE, SCADA app, ICCP app, OPC app … Each system and application should have an admin who is responsible for monitoring an authoritative service for that system / application. FD: OSIsoft is a participant and contributer in Digital Bond’s Dept of Energy research projects and a S4 sponsor.
|
|||
Friday News and Notes1 comment to Friday News and NotesLeave a Reply |
Subscribe: Got a hot tip? See something interesting in SCADA Security? Tell Us
See Technical ICS Security Presentations Digital Bond's S4 2012 Video Channel
More Metasploit Modules from Project Basecamp
Bandolier Scan Policy for CIP-007 R8
Project Basecamp: News from Camp 4
Valentine Release of Metasploit Modules from Project Basecamp ControlLogix, Quantum and Koyo
See 90 Minutes on PLC Hacking & Exploits in Project Basecamp. Results from 7 devices.
Digital Bond and Tenable more Nessus SCADA plugins from Project Basecamp
 |
||
|
Copyright © 2012 Digital Bond, Inc. - All Rights Reserved http://www.digitalbond.com/feed/ 
|
|||
Just to save fellow blog readers some time, the MOST IMPORTANT CONCLUSION of the “hacking Modbus” presentation (54 PPT slides) reads:
“Modbus is inherently insecure and obscurity does not save it”.
Well, thanks for telling us, Daniel Grzelak. BTW, Daniel did never hack a Modbus enabled device but used a Modbus software simulator for his experiments. He requests, however, that someone donates equipment for his further work.