We have another control system incident in the news that will surely fill up slidedecks for the next decade.
News became public yesterday of an arrest of security guard involved in a compromise of the HVAC system, and likely the rest of the hospital network,  at the Carrel Clinic in Dallas, Texas.  Thankfully nothing was done [...]

We are pleased to announce the beta release of some Quickdraw software components today. Quickdraw is a Digital Bond research project funded by the US Department of Homeland Security (DHS). This beta release is the first three SCADA IDS preprocessors that were the crux of the Quickdraw project. They are:

DNP3
Ethernet Industrial Protocol (EtherNet/IP and [...]

Often times those involved in operating critical infrastructure are given a false sense of security when looking over the daily stream of vulnerability disclosures and patch information, as these feeds/lists seems to seldom contain anything specific about their systems.  But there is a lot of code dwelling on the purpose built servers and embedded systems [...]

This is a little deviation from our usual critical systems, but considering it is a tool that heavily influences whether a guilty person goes free or an innocent one goes to jail it seems critical to me.  In the State v. Chun case the defendant argued for analysis of the source code running the breathalyzer [...]

It’s been a little while since we’ve had a Quickdraw update, and I wanted to fill everyone in on how we’re doing and the approach we’re using.

As we’ve described before we’re basing the project on the snort 2.8.x tree, and we could do much of the processing and alerting using only the snort rule language [...]

I’ll start off by saying don’t believe all the FUD that’s been going around, we all know how many members of the media area when they get hold of a story, especially one that can have a date in the future to speculate on.
That said, there are definitely some interesting things going on with the [...]

The disclosure debate is raging once again and its even seeing some discussion on the SCADA mailing lists.  This was stirred up by the No More Free Bugs “campaign” announced at Cansecwest by Miller, Sotirov, and Dai Zovi.  Accomplished guys and names that should at least sound familiar if you try to stay current on [...]

This survey was done jointly by Oracle and the Independent Oracle Users Group and theres some downright scary stuff in it that probably won’t surprise many of you.  As you might expect, patching is not a big priority for Oracle admins, a full 11% of those surveyed have never applied a patch, and close to [...]

An interesting and quite dangerous situation is playing itself out over the firewall in corporate security. There’s some Adobe 0day being exploited in the wild, and while that alone is enough to make all of the control system admins out there take a quick glance at their firewall rules (Adobe 0day essentially means that [...]

With a few things wrapping up with other projects this week I’ve been concentrating on our Quickdraw project and expanding out the capabilities of snort to be able to do detection and alerting quite a bit easier.  Thankfully the good people who’ve created snort have made this a lot easier by providing a way to [...]