Shortly after publishing the Innominate blog, a new press release from Byres Security hit the mailbox. [link to be added when available] The Secure Asset Management module purports to “discover[s] and identify[ies] what devices are on the network and creates the firewall rules to control the traffic flowing to them, all without risk to the […]

The field security appliance market just got smaller - - or larger. Innominate was one of the first companies to develop a firewall for the plant floor or SCADA field sites. We have covered them in the blog over the years.
Innominate announced at Hannover Messe that they had been acquired by Phoenix Contact. This announcement […]

Our podcast and blog on Microsoft’s new minimal attack surface Server Core seemed to get the same reaction Server Core got at the MSMUG summit - - little or none. We believe this is an important development, even potential top ten story for 2008, so let me try another way.
We reviewed the 25 security bulletins […]

Minimizing your attack surface is an important security principle. This has been a challenge with bloated operating systems, but this is changing with an interesting build of Windows 2008 Server called Server Core. To make matters even more interesting, a control system vendor will soon release an application on Server Core. Hopefully this is the […]

 

 Server Core for Control Systems: Play Now | Play in Popup | Download

For the past week I have been looking at the MS08-008 OLE remote execution vulnerability. During that time, I have been speaking with an exploit writer who wishes to remain anonymous. According to my anonymous source, the vulnerability exists within the ActiveX class MSForms Image and uses the IImage Interface. As the vulnerability […]

Sergio Alvarez and Thierry Zoller of nruns gave an interesting presentation at Hack.lu 2007 on vulnerabilities in anti-virus software (hat tip: Pauldotcom podcast Episode 93, 1:21). One of the main problems is anti-virus software takes in just about every file format and attempts to parse and process it. If the software developer makes a mistake […]

Catching up on some magazines on airplane rides I ran across a feature in the September issue of Automation World, Vista and Office 2007 Target Manufacturing. Sounds interesting. To my great surprise it read like a PR piece and most of the benefits listed had nothing to do with control systems.
Let me give you […]

I had a chance to talk with Torsten Rossel of Innominate about a new model in their mGuard field security appliance line. The mGuard RS has support for Ethernet, dial-up and ISDN all in one small industrial appliance.
In this 10-minute interview we talk about the RS and some of the interesting features, such as rulebase […]

 

 Innominate Interview: Play Now | Play in Popup | Download

I’ve been a bit surprised at the reaction to the excerpt of the DHS tape showing a demonstration of cyber attack on a power plant. The reaction from the press and those not in what I often call the “community” in this blog is an expected combination of shock and wonder at how this is […]

Mini-rant warning. I received a press release from Industrial Defender announcing, Industrial Defender Awarded Patent For Cyber Risk Mitigation Technology. However no where in this press release does it explain, even in broad terms, what was patented. Pure and poor marketing - - unless it works.
Somehow we are supposed to believe because some unspecified patent […]