So I decided to load the latest test version (1.1) of the roo Honeywall from the Honeynet Project. The image was made public on 11/30/06 and there are numerous improvements. One example being the package respositories are now setup correctly, previously when you would update the honeywall it would get packages from other repos causing […]

Lance Spitzner and the Honeynet Project are responsible for most of the advances in Honeynet technology and is the place to go if you want to learn about Honeynets. Their technology is only slightly modified in the SCADA Honeywall VM, and their honeyd plays an important role in the SCADA Target VM.
The Honeynet Project includes […]

Last week the Microsoft Manufacturing User Group (MsMUG) held a three day event with about 150 people in attendence. I was unable to attend because of S4, but I did get some highlights from Jim Bauhs of Cargill.
There was a rumor in the community that Microsoft might come up with a limited, hardened version of […]

S4 2008?
Our primary goal in creating S4 was to significantly raise the bar on the level of detail and excellence in published SCADA security research. The community needed and still needs to move from generalizations, hand waving and FUD to rigorous, fact based research and peer review. The authors definitely did this, and […]

The day kicked off with two complementary OPC Exposed Presentations.
Session 7 - OPC Exposed, Part I by Lluis Mora of Neutralbit
Lluis’s paper looked at OPC server implementation vulnerabilities, and I covered this a bit in an earlier blog entry. He detailed some of the 24 test cases he ran against 75 different OPC servers and […]

The blog has been very quiet because we have been fully occupied with Digital Bond’s SCADA Security Scientific Symposium (S4). Liveblogging didn’t work well because I was communicating with the Virtual Attendees, handling Q&A, and sitting right next to the speaker. So here are my notes from the event.
S4 Attendees feel free to add your […]

On my way to S4 today I listened to a new podcast from Security Catalyst. I’m a new subscriber to the podcast and the variety of topics/topic differentiation kept me enthused. The author covered how the Energy Policy Act of 2005 will effect Daylight Saving time at the beginning of 2007. Effectively the dates have […]

Remember there is a virtual attendee option where you will be able to watch the live video, see the slides, and participate in the Q&A this Wednesday and Thursday.
Complete S4 Agenda
Register for Physical or Virtual Attendence at S4

During the S4 call for papers we received a very unusual abstract from Julian Rrushi, a second year PhD student at the University of Milan. We went back and forth between thinking the idea was crazy and very clever. It certainly is a different approach to securing communication to controllers and I’m curious to see […]

It is interesting watching the system work from the researcher perspective and see the responses and time line. This was one of the first vulnerabilities that we processed through our vulnerability disclosure policy. Matt identified this in late February and it went to US-CERT and CERT/CC in early March. While nine months may seem like […]