Decius wrote:

janelane wrote:
Thanks to Decius trying to educate us environmental engineers, I'm a little closer to understanding how totally fucked Siemens' SCADA is. Thanks, Decius!

-janelane

lol - To be fair what happened to Siemens with Stuxnet could have happened to any vendor. The attackers were very sophisticated and demonstrated a capability to find vulnerabilities in secure systems. At the same time, it does make sense for security researchers like this one to look for vulnerabilities in these systems as they are obviously potential attack targets. I'm not surprised that this research was successful. Everything has bugs in it. Similar systems from other vendors may be similarly "fucked."

Certainly, but in the linked article, the researcher appears particularly appalled at how easy to crack and how numerous the vulns are (beyond any run-of-the-mill vendor).

Maybe he just has higher standards for German conglomerates. :-)

-janelane

RE: Fearing Industrial Destruction, Researcher Delays Disclosure of New Siemens SCADA Holes | Threat Level | Wired.com