Friday News and Notes
A few items from this week:
- MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution is likely to NOT have a widespread impact on OPC servers. Both Jim Luth of the OPC Foundation and Eric Murphy of Matrikon are saying that OPC uses a custom COM configuration and this should not apply to most OPC servers. Searching on the offending dll at the OPC Foundation site only found one hit.
- MS08-008 Part II - Even with this good news from OPC experts, you still should check with your vendor and see if their implementation uses the offending oleaut32.dll. This is a good test as to how responsive your vendor is, and even the experts are using words like “should” and “most” because they do not know how every vendor chose to implement their OPC server. Our concern remains if a vendor did not follow the Microsoft best practices and redistributes oleaut32.dll with their executable. It this instance it would be possible to apply the Microsoft patch and still be vulnerable. Our research team continues to look at this, and we will have more good or bad news in the upcoming weeks.
- Triangle MicroWorks, whose DNP3 stack is used in the majority of DNP3 implementations, is acquiring Tamarack and their IEC 61850 and ICCP protocol stacks. Consolidation around a one or two vendor stacks is a mixed blessing from a security perspective. Lot’s of positives, but it does make it a more important target and a wider impact if a vulnerability is found. However, the availability of Secure DNP3 in the Triangle MW DNP3 stack can only be viewed as a huge positive. Vendors get this into your products! Purchasers demand it!
- The Australian SCADA listserv has moved to scadaperspective.com. While based and run by Australians it has readers and writers from around the world. If you were on the old listserv, you are being transferred over and no action is required.
Author: Dale Peterson
Posted: February 15th, 2008 under Uncategorized.
Comments: 2
Comments
Comment from Jake Brodsky
Time: February 15, 2008, 6:32 pm
Word to the wise: OPC is based on OLE which is based on… RPC. And there are some claims on the DailyDave list that this may be a very underrated exploitable flaw.
I wouldn’t know. I’m at best only an amateur windows system guy. But the folks who contribute to Daily Dave are usually pretty good.
Comment from Ron Southworth
Time: February 15, 2008, 11:21 pm
Hi Dale,
Thanks for putting up your note regarding the Australian SCADA mail list server imminant change. You beat me to emailing you about what was happening so you could include it in your Friday notes.
I was relying on your present habbit of posting on Saturday but you caught me on the hop 
The short version background to why things have changed is:
The list host service provider gave notice of cessation of service to occurr soon. A new home had to be found.
Ian also wanted to enjoy more of his spare time with his sea change that he is now well accustomed to. The good news for me is, he is still interested in maintaining his association with the community and with the list.
I am very happy to see that he can continue his association and hopefully I and others can share his love of Western Australian Wine and Beer at his very exclusive resort!
Apart from the inconvienience of a few clicks or an email in some circumstances the changeover has been fairly painless for subscribers, well so far anyways…
I consider the move as merely a cosmetic change and formalising the role reversal, where I am now the list Admin and Ian is now the guest moderator / admin.
The move required a domain name change and the best domain name that I could think of was scadaperspective.com.
My reasoning behind the name was that the list is about looking at SCADA from different angles or perspectives, without focussing on any single vertical or “part of the pie”.
I hope this explains the change sufficiently for your regular readers. Any problems with subscriptions people can contact me via my email account southworthrg@bigpond.com and I am more than happy to assist in fixing problems or issues as they occurr.
Thanks for your support to the community Dale it is certainly apreciated.
Write a comment