Threat to computers for industrial systems now serious
Threat to computers for industrial systems now serious - Via InfoWorld | News | 2008-09-10 | By Robert McMillan, IDG News Service:
A security researcher has published code that could be used to take control of computers used to manage industrial machinery, potentially giving hackers a back door into utility companies, water plants, and even oil and gas refineries.
The software was published late Friday night by Kevin Finisterre, a researcher who said he wants to raise awareness of the vulnerabilities in these systems, problems that he said are often downplayed by software vendors. "These vendors are not being held responsible for the software that they're producing," said Finisterre, who is head of research with security testing firm Netragard. "They're telling their customers that there is no problem, meanwhile this software is running critical infrastructure."
Finisterre released his attack code as a software module for Metasploit, a widely used hacking tool. By integrating it with Metasploit, Finisterre has made his code much easier to use, security experts said. "Integrating the exploit with Metasploit gives a broad spectrum of people access to the attack," said Seth Bromberger, manager of information security at PG&E. "Now all it takes is downloading Metasploit and you can launch the attack."
The code exploits a flaw in Citect's CitectSCADA software that was originally discovered by Core Security Technologies and made public in June. Citect released a patch for the bug when it was first disclosed, and the software vendor has said that the issue poses a risk only to companies that connect their systems directly to the Internet without firewall protection, something that would never be done intentionally. A victim would have to also enable a particular database feature within the CitectSCADA product for the attack to work.
These types of industrial SCADA (supervisory control and data acquisition) process control products have traditionally been hard to obtain and analyze, making it difficult for hackers to probe them for security bugs, but in recent years more and more SCADA systems have been built on top of well-known operating systems like Windows or Linux making them both cheaper and easier to hack.
(Read Original Article - Via InfoWorld | News | 2008-09-10 | By Robert McMillan, IDG News Service.)
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- In Bid to Sway Sales, Cameras Track Shoppers
- Unprecedented 25-Year Sentence Sought for TJX Hacker
- EFF Appeals Dismissal of Warrantless Wiretapping Case
- Viacom Makes Its Case Against Yesterday's YouTube
- Obama supports Senators draft plan to rework U.S. immigration policy - Includes National Biometric ID card for all.
- Domain Names Can't Defend Themselves
- Hacker Disables More Than 100 Cars Remotely
- Judges Approves $9.5 Million Facebook ‘Beacon’ Accord
- Hooking Up The Big Brother Machine... And Fighting It
- Court: State Can Dump Non-Sex Offenders Into Registry
