Hah. "Hacker Says Texas Town Used Three Character Password To Secure Internet Facing SCADA System" http://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-character-password-secure-internet-facing-scada-system-11201 Good enough for government. -mb On 11/20/2011 03:27 PM, Sam Kreimeyer wrote: > I think that most operators generally take whatever data SCADA spits > out at face value. After all, how would they recognize what dangerous > behavior looks like if they don't understand how these systems work > anyway? Let the IT guy figure it out. > > I think we are witnessing the nascence of an appreciation for just how > devastating a vulnerability to industrial control mechanisms can be. > The security of these systems has long relied on their own obscurity > and the hope that nobody will be particularly inclined to cause havoc > with no *obvious* potential for profit. That's why they have that > expensive firewall, right? > > On 11/20/11, Derek Trotter wrote: >> Same here. When I first heard of this, I said to myself: "Bet these >> systems run on windows." >> >> On 11/20/2011 14:00, Lisa Kachold wrote: >>> >>> >>> On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash>> > wrote: >>> >>> There was some idle chat here prior about Stuxnet and how it >>> almost single-handed stopped or at least delayed Iran's Nuclear >>> aspirations, and I'd commented on how there was a variant called >>> Duqu that was running rampant in our SCADA systems that run >>> municipal water. >>> >>> Seems our environmentals that run cities have and are being >>> exploited more frequently with more disclosures in the past few >>> days of incidents in Springfield Illinois and Houston Texas. Not >>> only do I guarantee security on these systems and networks not up >>> to par, their embedded and obscure nature means they probably >>> aren't even regularly patched to take advantage. In the >>> Springfield incident they actually caused damage to a critical >>> pump, and it's only going to continue to get worse as it's now >>> being talked about more mainstream and word spreads. >>> >>> http://www.theregister.co.uk/2011/11/17/water_utility_hacked/ >>> >>> http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/ >>> >>> I know I sleep better at night knowing all this software runs on >>> old windoze systems! Even better is how they're talking about in >>> here how they are often now internet connected systems so they can >>> be managed remotely to save costs (i.e. outsource it). Maybe >>> letting the Chinese government run our city water systems isn't >>> quite what they had in mind, but anything to save a buck in these >>> trying times I suppose... >>> >>> -mb >>> >>> >>> chortle! snort! >>> -- >>> (602) 791-8002 Android >>> (623) 239-3392 Skype >>> (623) 688-3392 Google Voice >>> ** >>> HomeSmartInternational.com >>> >>> >>> >>> >>> >>> >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss