HD Moore recently published a blog entry highlighting some serious vulnerabilities in VxWorks – – an operating system used by a number of field devices in SCADA and DCS. What does and doesn’t this mean?

This has little or no impact on the security of control system field devices. Not because they could not be vulnerable [...]

Following up my last post on fuzzing an unknown proprietary protocol, we’ve now got a collection of packet captures to start ripping through to get some semblance of a fuzzer going to send packets to our target.  Theres a few routes we can go, something as simple as flipping bits and putting garbage data into [...]

Thanks to the near constant stream of “the sky is falling, these protocols aren’t secure” presentations at security conferences around the globe, everyone is familiar with mainstream ICS protocols, Ethernet IP, DNP3, and of course Modbus, amongst others. And of course it is important to make sure that these protocols are implemented correctly to assure [...]

After reading Daniel’s SCADA Everywhere blog I decided to take a look on the Android marketplace. It appears there is very little control system software available for the Android platform. Of the applications I did find, there were a couple of home automation applications, a model train control application and a MODBUS/TCP appliction. [...]

We are two weeks away from S4. Still time to sign up to be a physical or virtual attendee.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail [...]

Last week I had the opportunity to attend the first public planning/brainstorming session for the DHS seeded Open Information Security Foundation and their next generation IDS project. Lots of good discussion, with the first couple hours focusing on the foundation itself, and the rest of the day was spent discussing various features that would be [...]

As a followup to our preprocessor code release, we’re going to put together a few posts detailing the use of a few of the features provided by them.
To begin, we’ll work our way through an example with enip/cip.  Lets say that we wanted to have a log of everytime that a sucessful “Open Connection” request [...]

We are pleased to announce the beta release of some Quickdraw software components today. Quickdraw is a Digital Bond research project funded by the US Department of Homeland Security (DHS). This beta release is the first three SCADA IDS preprocessors that were the crux of the Quickdraw project. They are:

DNP3
Ethernet Industrial Protocol (EtherNet/IP and [...]

It’s been a little while since we’ve had a Quickdraw update, and I wanted to fill everyone in on how we’re doing and the approach we’re using.

As we’ve described before we’re basing the project on the snort 2.8.x tree, and we could do much of the processing and alerting using only the snort rule language [...]

During our application assessment of the OPC UA SDK, it was very clear that vendors creating OPC UA clients and servers are going to make a number of choices that affect security of their offerings. All OPC UA servers will not be created equal from a security perspective.
When the fixes from our assessment are completed, [...]