Process Control Security in IEEE Security and Privacy Magazine
This month’s issue of IEEE Security and Privacy magazine features a few articles about security in the process control space that might be worth the read. Since the journal isn’t specific to control systems it provides background information on SCADA and DCS. It may be a good start for IT and other departments beginning to [...]
Author: Daniel Peck
Posted: December 15th, 2008 under Uncategorized.
Comments: none
Reexamining AV in the control system
Antivirus is one of those things that is a standard recommendation on almost any assessment you’ll find, but maybe this is something we need to start rethinking. We all know that for the most part the current AV model is an arms race that’s not very functional, and I think it may be even more [...]
Author: Daniel Peck
Posted: November 24th, 2008 under Anti-Virus, Calculating Risk, SCADA Architecture.
Comments: 1
Malware exploiting control systems and out of cycle MS patch
It’s a busier day than usual in regards to network security, and a couple of those events are worth noting here.
For starters it looks like some malware delivery website(s) are targeting industrial control software. An older vulnerability in an ActiveX control included with ICONICS OPC-enabled visualization tools is being actively exploited by at least one [...]
Author: Daniel Peck
Posted: October 23rd, 2008 under Firewall / Perimeter, Microsoft, SCADA Vendor.
Comments: none
On The Increasing Intelligence of Field Devices
Recently I’ve attended a few training classes/sales pitches on some new field devices coming into the market, and a trend that I’m seeing is more and more of them are being built on x86 processors running embedded Windows operating systems. A lot of things can come from this trend, more features, a larger pool of [...]
Author: Daniel Peck
Posted: October 13th, 2008 under Calculating Risk.
Comments: none
IDS Signature for DATAC RealWin SCADA Sever Exploit
This vulnerability was made public a few days ago now, and we’ve put together a signature to detect it. This is another very simple stack based overflow, seeing far too many of these in SCADA software; I hope vendors have already started doing some internal code audits to find these with the increased exposure the [...]
Author: Daniel Peck
Posted: October 12th, 2008 under SCADA IDS.
Comments: 1
TCP DoS, bang or whimper?
There has been a lot of buzz lately about the Denial of Service vulnerability that a Swedish security firm, Outpost24, have discovered. Right now, the details are a bit limited, as the researchers aren’t going to release details until they present at the T2 conference in Helsinki later this month. This is similar to the [...]
Author: Daniel Peck
Posted: October 6th, 2008 under Vulnerability Disclosure.
Comments: none
Updated Citect Snort Signature
I took some time to circle back to the Citect ODBC vulnerability and the signature we released for it a couple weeks ago. After talking to some others in the community and taking another look at things it looks like there was some evasion for the previous signature. The first signature we released should alert [...]
Author: Daniel Peck
Posted: September 23rd, 2008 under IDS / IPS.
Comments: 1
A Quick Rundown on Exploitaiton Frameworks
It occurred to me as I was writing up the previous post that there’s probably a good chance that some of our readers aren’t familiar with Metasploit or other exploitation frameworks, so I’ve created a SCADApedia page outlining the basics and giving a brief description of the more popular platforms. I’ve used Metasploit for a [...]
Author: Daniel Peck
Posted: September 8th, 2008 under Assessment Tools, Site Info.
Comments: none
Public Exploit Code Released for Citect ODBC Vulnerability
Friday evening a metasploit module was released that will exploit the Citect ODBC vulnerability that Core discovered earlier this year. There isn’t not a whole lot to talk about in relation to the vulnerability itself, the details previously released (along with the patch) were more than enough for any reasonably skilled attacker to create reliable [...]
Author: Daniel Peck
Posted: September 7th, 2008 under Assessment Tools, SCADA Vendor, Vulnerability Disclosure.
Comments: 3
Vulnerability Scoring Metrics
Last week at PCSF there were a few issues that seemed to work their way into every presentation and discussion. It seems that both vendors and asset owners are looking hard for the government or some other entity to provide vulnerabilities with some sort of risk equation, but as of yet no one has really [...]
Author: Daniel Peck
Posted: September 2nd, 2008 under Calculating Risk.
Comments: 6