It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software
page: 18
share:
Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software
www.wired.com
(visit the link for the full news article)
A group of researchers has discovered serious security holes in six top industrial control systems used in critical infrastructure and manufacturing facilities and, thanks to exploit modules they released on Thursday, have also made it easy for hackers to attack the systems before they’re patched or taken offline.
Skiddies (script kiddies) and exploitation of critical infrastructure is a sound blend. People are up in arms of the DoJ, MegaUpload and RIAA, etc.
being down but wait till SCADA (supervisory control and data acquisition) systems are impacted. Add Stuxnet or Duqu to the equation and you have the
potential for serious disorder. The release is integrated into the popular hacker toolkit called Metasploit.
The debate has now turned again as to whether the release of such knowledge and material should have been made public prior to giving vendors an opportunity to address the problems.
Vulnerability Matrix
brill
www.wired.com
(visit the link for the full news article)
The debate has now turned again as to whether the release of such knowledge and material should have been made public prior to giving vendors an opportunity to address the problems.
Vulnerability Matrix
brill
www.wired.com
(visit the link for the full news article)
edit on 19-1-2012 by brill because: (no reason given)
edit on 19-1-2012 by brill
because: (no reason given)
........
when did january turn into hack the planet? I have a bad feeling about all this...
when did january turn into hack the planet? I have a bad feeling about all this...
I think they should tell them about low-level ones, tell them that it's possible others exist, and then if they do a crappy job, they get what they
get.
Originally posted by whatsinaname
........
when did january turn into hack the planet? I have a bad feeling about all this...
Well in fairness several of the vulnerabilities have been known for a while. This was just an attempt to give a sense of urgency to PLC manufacturers to better identify security deficiencies. As the article states Stuxnet was an eye opener to many. Having commonly available tools to assist in exploitation is frightening in its own sense but its more or less lighting a fire under their collective asses to fix these problems.
Interesting note. A vendor I work with has now begun to release enhanced security protection for industrial controls for their intrusion prevention systems. At the rate things are going we won't need the Mayans prediction to come true, we're on a solid path to take ourselves out.
brill
reply to post by brill
In my mind that is a serious criminal act or should be. Anything that comes of it should lead to at the least massive civil suits by anyone negatively impacted, if not serious felony charges.
In my mind that is a serious criminal act or should be. Anything that comes of it should lead to at the least massive civil suits by anyone negatively impacted, if not serious felony charges.
Originally posted by Blaine91555
reply to post by brill
In my mind that is a serious criminal act or should be. Anything that comes of it should lead to at the least massive civil suits by anyone negatively impacted, if not serious felony charges.
Agreed. In addition I should think there should be much stricter legislation and severe penalties for manufacturers who don't take rigorous steps to secure their products. This is simply not an area of compromise and much more needs to be done.
brill
edit on 19-1-2012 by brill because: (no reason given)
Originally posted by brill
Skiddies (script kiddies) and exploitation of critical infrastructure is a sound blend. People are up in arms of the DoJ, MegaUpload and RIAA, etc. being down but wait till SCADA (supervisory control and data acquisition) systems are impacted. Add Stuxnet or Duqu to the equation and you have the potential for serious disorder. The release is integrated into the popular hacker toolkit called Metasploit.
The debate has now turned again as to whether the release of such knowledge and material should have been made public prior to giving vendors an opportunity to address the problems.
Vulnerability Matrix
brill
www.wired.com
(visit the link for the full news article)edit on 19-1-2012 by brill because: (no reason given)edit on 19-1-2012 by brill because: (no reason given)
The researches responsible should be in jail. But at the least they will probably be sued into oblivion for gross negligence if something bad happens as a result. Because as some have already stated the data they released has already been added to hacker tool kits.
It would be no different if researches released a list of vulnerable US targets overseas(with details of how to exploit their vulnerabilities) and enemies of the USA used that information to target them.
They went far beyond their 1st Amendment rights when they released the information on how to exploit. If they would of said X systems are vulnerable and give a brief(but lacking in depth) explanation of why they are vulnerable.
But what they did went far beyond that and blatantly ventured into enabling hacking, electronic terrorism, of the vulnerable systems.
Does anybody know if Iran has any cyberwar capabilities? If so this seems to be a pretty little Achilles heel.
I never thought I would say this about anything, but this also seems like a juicy target for a false flag,
I never thought I would say this about anything, but this also seems like a juicy target for a false flag,
Originally posted by korathin
The researches responsible should be in jail. But at the least they will probably be sued into oblivion for gross negligence if something bad happens as a result. Because as some have already stated the data they released has already been added to hacker tool kits.
It would be no different if researches released a list of vulnerable US targets overseas(with details of how to exploit their vulnerabilities) and enemies of the USA used that information to target them.
They went far beyond their 1st Amendment rights when they released the information on how to exploit. If they would of said X systems are vulnerable and give a brief(but lacking in depth) explanation of why they are vulnerable.
But what they did went far beyond that and blatantly ventured into enabling hacking, electronic terrorism, of the vulnerable systems.
Doubtful anything will happen to the researchers. Ask yourself this. Would you rather these people reveal the problem or have someone else find it and keep it for themselves to use as they see fit, ie. foreign governments. Also note that some of the problems had been brought to the attention of these vendors before with little concern. Shouldn't the people/companies who manufacture this equipment take blame for their negligence ? Like so many things its only when the actions taken by these researchers are presented do the people responsible sit up and finally take notice. How much should be released though is certainly worth mentioning, as you've noted.
brill
Originally posted by Blaine91555
reply to post by brill
In my mind that is a serious criminal act or should be. Anything that comes of it should lead to at the least massive civil suits by anyone negatively impacted, if not serious felony charges.
You are talking about the companies producing and not patching these systems as the liable party and defendant in your hypothetical law suits correct? The majority of these flaws were known about or should have been known about by the very nature of the type of flaw they are. Hell some of them are not exploits but critical design flaws back doors and lack of security. The manufacturers of the software and hardware are completely liable and the public should know. With the released knowledge now professionals at these firms' customers can at least try to mitigate the risk and do what they can and know what to look out for. Instead of waiting (and hoping) for a fix.
Release of exploits is responsible computing. Odds are very good, if you found a hole: someone else has first.
reply to post by korathin
I disagree entirely. If they know, someone else knows. We should all know. Now, if the word gets out further hopefully everyone in their fields who works with this equipment will know. Hopefully. You'd be surprised how many people might not care, people who work with the systems and should.
If you read this article or understood it, you'd know that some of these flaws are critical design or security flaws that are trivial to exploit, were placed and done purposely to cut corners or time, and / or already previously known about by said manufacturers. They were not fixed, had no time-frame to be fixed and in some cases were blatantly dismissed as won't be fixed.
Live systems with dead man switches hah... if they found out, odds are someone else knew first.
I disagree entirely. If they know, someone else knows. We should all know. Now, if the word gets out further hopefully everyone in their fields who works with this equipment will know. Hopefully. You'd be surprised how many people might not care, people who work with the systems and should.
If you read this article or understood it, you'd know that some of these flaws are critical design or security flaws that are trivial to exploit, were placed and done purposely to cut corners or time, and / or already previously known about by said manufacturers. They were not fixed, had no time-frame to be fixed and in some cases were blatantly dismissed as won't be fixed.
Live systems with dead man switches hah... if they found out, odds are someone else knew first.
edit on 19-1-2012 by seaez because: / or forgot
it
new topics
-
A Warning to America: 25 Ways the US is Being Destroyed
New World Order: 1 hours ago -
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 7 hours ago -
Maestro Benedetto
Literature: 8 hours ago -
Is AI Better Than the Hollywood Elite?
Movies: 9 hours ago
top topics
-
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 7 hours ago, 27 flags -
Weinstein's conviction overturned
Mainstream News: 17 hours ago, 8 flags -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 13 hours ago, 8 flags -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 15 hours ago, 7 flags -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 12 hours ago, 6 flags -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 15 hours ago, 5 flags -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 13 hours ago, 4 flags -
Is AI Better Than the Hollywood Elite?
Movies: 9 hours ago, 3 flags -
A Warning to America: 25 Ways the US is Being Destroyed
New World Order: 1 hours ago, 3 flags -
Maestro Benedetto
Literature: 8 hours ago, 1 flags
active topics
-
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 65 • : Jukiodone -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three • 50 • : F2d5thCavv2 -
Russia Ukraine Update Thread - part 3
World War Three • 5732 • : F2d5thCavv2 -
The Acronym Game .. Pt.3
General Chit Chat • 7751 • : F2d5thCavv2 -
Salvador Dali's Moustaches
People • 28 • : zosimov -
Is AI Better Than the Hollywood Elite?
Movies • 17 • : ThePsycheaux -
The best Rice dish i've ever tasted... Kimchi Rice
Food and Cooking • 26 • : lamhaocc -
A Warning to America: 25 Ways the US is Being Destroyed
New World Order • 1 • : 727Sky -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest • 15 • : tarantulabite1 -
How ageing is" immune deficiency"
Medical Issues & Conspiracies • 35 • : annonentity
8