Shortly after publishing the Innominate blog, a new press release from Byres Security hit the mailbox. [link to be added when available] The Secure Asset Management module purports to “discover[s] and identify[ies] what devices are on the network and creates the firewall rules to control the traffic flowing to them, all without risk to the […]

The field security appliance market just got smaller - - or larger. Innominate was one of the first companies to develop a firewall for the plant floor or SCADA field sites. We have covered them in the blog over the years.
Innominate announced at Hannover Messe that they had been acquired by Phoenix Contact. This announcement […]

Stephan Beirer from GAI Netconsult in Berlin sent in this report from the Hannover Messe, a huge event in Europe.
Last year the IT security topic was a bit more prominent at the fair, with several discussion rounds and IT/SCADA security vendors exhibiting. This year the subject is a bit more hidden. Except for Industrial Defender […]

Since we have been talking about virtualization in our industry, there are a couple of VMware security news items that are notable. I plan to discuss the security issues in depth in a future post but didn’t want to wait to cover these stories.
The first is a critical security alert for some VMware products running […]

Our last post in this series covered the benefits of virtualization for testing in a lab or development environment. Today we are going to address some of the same features but with a different twist – this time we’re talking about using VM in a production environment.
It doesn’t take much exposure to virtualization before you […]

For part 3 of this series, let’s dive into one of the major uses of virtualization – testing – and see if we can sort through how and where it applies to control systems. As we discuss this topic, we are assuming that the majority of servers connected to control systems are physical machines. […]

Before we get too deep in this discussion, perhaps we should make sure we’ve covered the basics for those who may not be familiar with the concept of virtualization. In theory, virtualization is an abstraction of any computing resource and has been around for forty-plus years. The most common use of the term now, however, […]

A few years back, the traditional IT world was debating the merits of virtualization. There were concerns about performance, security, vendor support, and a host of other issues. Fast-forward to today, however, and you’ll find virtual machines in use in nearly every data center. The number one reason virtual machines have revolutionized server-side computing, I […]

US-CERT put out three vulnerability notes related to the GE Fanuc issues discussed in Eyal Udassin’s S4 paper. Eyal works for C4 in Israel. These issues had been reported to vendor almost a year ago and had been closely coordinated with CERT’s in the US and Israel.
What makes these even more interesting than just another […]

Sergio Alvarez and Thierry Zoller of nruns gave an interesting presentation at Hack.lu 2007 on vulnerabilities in anti-virus software (hat tip: Pauldotcom podcast Episode 93, 1:21). One of the main problems is anti-virus software takes in just about every file format and attempts to parse and process it. If the software developer makes a mistake […]