| |
Fearing Industrial Destruction, Researcher Delays Disclosure of New Siemens SCADA Holes | Threat Level | Wired.com
by janelane at 4:35 pm EDT, May 19, 2011 |
It was a vulnerability in a PLC belonging to Siemens’ Step7 control system that was the target of the sophisticated Stuxnet worm. Stuxnet was discovered on systems in Iran last year and is believed to have been designed by a nation state aimed at destroying uranium-enrichment centrifuges at the Natanz nuclear facility in Iran.
Thanks to Decius trying to educate us environmental engineers, I'm a little closer to understanding how totally fucked Siemens' SCADA is. Thanks, Decius! -janelane |
| |
RE: Fearing Industrial Destruction, Researcher Delays Disclosure of New Siemens SCADA Holes | Threat Level | Wired.com
by Decius at 2:23 pm EDT, May 20, 2011 |
janelane wrote:
Thanks to Decius trying to educate us environmental engineers, I'm a little closer to understanding how totally fucked Siemens' SCADA is. Thanks, Decius! -janelane
lol - To be fair what happened to Siemens with Stuxnet could have happened to any vendor. The attackers were very sophisticated and demonstrated a capability to find vulnerabilities in secure systems. At the same time, it does make sense for security researchers like this one to look for vulnerabilities in these systems as they are obviously potential attack targets. I'm not surprised that this research was successful. Everything has bugs in it. Similar systems from other vendors may be similarly "fucked." |
|
| | |
RE: Fearing Industrial Destruction, Researcher Delays Disclosure of New Siemens SCADA Holes | Threat Level | Wired.com
by janelane at 3:43 pm EDT, May 20, 2011 |
Decius wrote: janelane wrote:
Thanks to Decius trying to educate us environmental engineers, I'm a little closer to understanding how totally fucked Siemens' SCADA is. Thanks, Decius! -janelane
lol - To be fair what happened to Siemens with Stuxnet could have happened to any vendor. The attackers were very sophisticated and demonstrated a capability to find vulnerabilities in secure systems. At the same time, it does make sense for security researchers like this one to look for vulnerabilities in these systems as they are obviously potential attack targets. I'm not surprised that this research was successful. Everything has bugs in it. Similar systems from other vendors may be similarly "fucked."
Certainly, but in the linked article, the researcher appears particularly appalled at how easy to crack and how numerous the vulns are (beyond any run-of-the-mill vendor). Maybe he just has higher standards for German conglomerates. :-) -janelane |
|
|
|
