The photo that got Stacey Snyder into trouble, because of its caption:
Department of Homeland Security is warning that a witches brew of recent events make it increasingly likely that politically or ideologically motivated hackers may launch digital attacks against industrial control systems.
The alert was issued the same day that security researchers published information about an undocumented software backdoor in industrial control systems sold by hundreds different manufacturers and widely used in power plants, military environments and nautical ships.
The information about the backdoor was published by industrial control systems ICS security vendor Digital Bond, which detailed how a component used in industrial control systems sold by manufacturers contains a functionality that will grant remote access to anyone who knows the proper command syntax and inner workings of the device, leaving systems that are connected to the public open to malicious tampering.
Indeed, according to Wightman, a quick search using Shodan revealed vulnerable devices directly connected to the Internet, although Wightman said he suspected the computer location service could turn up far more with a more targeted search.
To complicate matters further, Wightman said tools for automating the exploitation of the backdoor will soon be made available for Metasploit, a penetration testing tool used by hackers and security professionals alike.
In an alert PDF issued Thursday, DHS warned that these search engines are being actively used to identify and access control systems over the Internet, and that combining these tools with easily obtainable exploitation tools, attackers can identify and access control systems with significantly less effort than ever before.
They are acquiring and using specialized search engines to identify Internet facing control systems, taking advantage of the growing arsenal of exploitation tools developed specifically for control systems.
In addition, individuals from these groups have posted online requests for others to visit or access the identified device addresses. Asset owners should take these changes in threat landscape seriously…and should not assume that their control systems are secure or that they are not operating with an Internet accessible configuration.
Instead, asset owners should thoroughly audit their networks for Internet facing devices, weak authentication methods, and component vulnerabilities.
Only when control system operators begin to see how these vulnerabilities could be used to disrupt their operations will they be motivated enough to demand that ICS hardware and software vendors make security a priority.
Warnings abound about the dangers of even running a port scan on a PLC. Wightman can be seen in this video detailing those vulnerabilities, some of which affected vendors said would only be fixed in future generations of the hardware.
Rather, DHS noted that it recently was contacted by a team of researchers that had used Shodan and specialized search terms to compile a list of more than a half million control systems-related devices that are reachable via the Internet.
On Thursday, I spoke at length with Bob Radvanovsky, a security expert with the security consultancy Infracritical and among several ICS experts who reached out to DHS after enumerating the half-million devices.
Radvanovsky and his partner Jake Brodsky compiled the list over the past six months, using a set of scripts they devised that made targeted queries at the Shodan search engine each night and recorded the results.
Radvanovsky said he agrees that ICS hardware and software vendors need prodding to build security into their products, and to respond more quickly with feasible solutions when researchers discover and report vulnerabilities.
But he said even when such fixes are available, implementing them can be a laborious, costly and painful affair for asset owners.
You can follow any comments to this entry through the RSS 2. Both comments and pings are currently closed.Since the crash, Sean and Jenny have embraced their new mission in life – to tell everyone they can about choices, consequences, and the preventable dangers of drinking and driving.
WhenSeanSpeaks, Inc. is Sean’s and Jenny’s nonprofit organization that raises money for traumatic brain injury research.
If you are showing signs that you may have a drinking problem, don’t wait and make the problem worse; seek help immediately. While you may not be a full-blown alcoholic, when you are starting to notice the signs of alcohol dependence, you inch closer to the dangers of addiction. Use Only as Directed About Americans a year die by accidentally taking too much acetaminophen, the active ingredient in Tylenol. The toll does not have to be so high. Another way to help would be to volunteer with an organization set out to end drinking and driving, this will help you to reach out to more individuals and get the word across about the dangers of drinking .
Man Faints After Drinking Ice Cold Water And Wants Everyone To Know The Dangers. Share Pin. Tweet. The informative post began: “So we’ve all heard not to drink really cold water in the heat, but a lot of us haven’t heard the why or experienced it first hand. “In case it wasn’t clear enough, drinking water throughout the.
College Drinking Is A Serious Problem. fit in or being pressured by the people they associate themselves with. With all of the uncontrollable drinking, it leads to deaths, assaults, injuries, unprotected sex, sexual abuse, health problems, and more.
Although not a geographic term, 'the CIS' covers Central Asia, some of Eastern Europe and the Caucasus. Central Asia is covered here, this vast region, know to many as the -stans, is home to intriguing ancient cities and spectacular mountains, but for the most part steppe and timberdesignmag.com included is Armenia & Georgia in a region known as the .
Recognize the dangers of teen drinking and driving and that teen drivers are at much greater risk of crashing after drinking alcohol than adult drivers. Provide teens with a safe way to get home (such as picking them up or paying for a cab) if their driver has been drinking. Use Only as Directed About Americans a year die by accidentally taking too much acetaminophen, the active ingredient in Tylenol.
The toll does not have to be so high.