It’s a busier day than usual in regards to network security, and a couple of those events are worth noting here.
For starters it looks like some malware delivery website(s) are targeting industrial control software.  An older vulnerability in an ActiveX control included with ICONICS OPC-enabled visualization tools is being actively exploited by at least one [...]

Friday evening a metasploit module was released that will exploit the Citect ODBC vulnerability that Core discovered earlier this year.  There isn’t not a whole lot to talk about in relation to the vulnerability itself, the details previously released (along with the patch) were more than enough for any reasonably skilled attacker to create reliable [...]

Prior to the holiday I took a swing through the Pacific Northwest. Here are a few items:

In Vancouver I stopped in on Wurldtech. Achilles continues to mature with lots of new configuration and reporting features, but what I found most interesting is the way Wurldtech is looking at new, or at least non-traditional, business [...]

I couldn’t let the Wonderware Suitelink vulnerability go by without commenting on it, and even Jason commenting on it below won’t steal my thunder.
First, lets talk about the vulnerability from a technical perspective. It appears that this is a fairly classic example of the program allocating an amount of memory based on a request [...]

Sebastian Muniz from Core Security Technologies discovered a denial of service vulnerability in the Wonderware SuiteLink service that was made public today. Here are some links:
Core Security Advisory
National Vulnerability Database
Wonderware Tech Alert (login required)
This SuiteLink vulnerability affects the same version of Wonderware InTouch that had the NetDDE problem. When we presented the NetDDE vulnerability [...]

Travel to industry events can be difficult and out of reach of many budgets. And SCADA security research is going on around the world. So in the inaugural SCADA Security Scientific Symposium (S4) in Jan 2007 we offered a Virtual Attendee option. Virtual Attendees had a 3 pane display with live video, presentation slides, and [...]

The guys at Neutralbit in Barcelona continue to do great work. This time it is Xavi Panadero in the lead with assistance from Lluis Mora.
During a project they identified a serious vulnerability in Wondware’s Intouch Version 8.0 that was disclosed by US-CERT today. The default configuration settings of NetDDE allow an application with Net DDE [...]

First the good news. We are seeing substantial progress on patching Microsoft security vulnerabilities. Most vendors are testing applicable Microsoft patches on a timely basis and letting their clients know via support sites if the patched system continued to operate properly. Asset owners are further behind, but many have started to address deploying Microsoft patches [...]

Wurldtech announced today that ABB’s AC800M industrial controller is now Level 1 Certified. I’ve blogged before on Achilles Level 1 Certification, but in brief it means a controller passed rigorous positive, negative and resource exhaustion test cases in layers 2 to 4 of the OSI model, e.g. Ethernet, IP, TCP, ICMP, ….
This certification is gaining [...]

Mini-rant warning. I received a press release from Industrial Defender announcing, Industrial Defender Awarded Patent For Cyber Risk Mitigation Technology. However no where in this press release does it explain, even in broad terms, what was patented. Pure and poor marketing – – unless it works.
Somehow we are supposed to believe because some unspecified patent [...]