I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to [...]

My recent blog post on application whitelisting, and specifically the Bouncer solution, sparked a lot of offline discussion. One of those conversations was with someone who has a significant stake in NERC CIP and agreed to let me post his comments. I try not to get too involved in hair-splitting discussions about standards compliance but [...]

I’ll start off by saying don’t believe all the FUD that’s been going around, we all know how many members of the media area when they get hold of a story, especially one that can have a date in the future to speculate on.
That said, there are definitely some interesting things going on with the [...]

Let’s face it, no matter how hard we try, or how elaborate the defense, sometimes the fox gets in the hen house (Or sometimes it just eats at McDonald’s). When I was in college taking a computer systems design course my professor stated that computer technology is invented in fits and starts. For [...]

Let’s get this out of the way — application whitelisting does not equal perfect security. But neither do any of the other host-based security products that are competing to get on your control system servers and workstations. The bloated AV programs that do signature-based scanning, heuristics, packet filtering, and intrusion prevention can’t even solve all [...]

Antivirus is one of those things that is a standard recommendation on almost any assessment you’ll find, but maybe this is something we need to start rethinking.  We all know that for the most part the current AV model is an arms race that’s not very functional, and I think it may be even more [...]

Last month I ran across the CoreTrace booth at the ISA Expo. Ever since that happenstance introduction, their name and the concept behind their Bouncer product keep popping up in conversations, news feeds, and even Google advertising — mostly in the context of solving SCADA security and compliance issues. Control system server and workstation security [...]

Sergio Alvarez and Thierry Zoller of nruns gave an interesting presentation at Hack.lu 2007 on vulnerabilities in anti-virus software (hat tip: Pauldotcom podcast Episode 93, 1:21). One of the main problems is anti-virus software takes in just about every file format and attempts to parse and process it. If the software developer makes a mistake [...]

Brian Krebs at the Washington Post’s Security Fix has more detail on a recent utility hack and some grim predictions for 2007 Microsoft Office.
The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. This PowerPoint file, which resembled an innocuous version that [...]

Now that the dust has settled a bit a few comments on the worm and how it impacts SCADA.
1) The time between the vulnerability being made public an exploit was five days. Even if a patch is available on the day the vulnerability is released, it is difficult for a SCADA vendor to run regression [...]