On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash
<michael@butash.net> wrote:
There was some idle chat here prior about Stuxnet and how it almost single-handed stopped or at least delayed Iran's Nuclear aspirations, and I'd commented on how there was a variant called Duqu that was running rampant in our SCADA systems that run municipal water.
Seems our environmentals that run cities have and are being exploited more frequently with more disclosures in the past few days of incidents in Springfield Illinois and Houston Texas. Not only do I guarantee security on these systems and networks not up to par, their embedded and obscure nature means they probably aren't even regularly patched to take advantage. In the Springfield incident they actually caused damage to a critical pump, and it's only going to continue to get worse as it's now being talked about more mainstream and word spreads.
http://www.theregister.co.uk/2011/11/17/water_utility_hacked/
http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/
I know I sleep better at night knowing all this software runs on old windoze systems! Even better is how they're talking about in here how they are often now internet connected systems so they can be managed remotely to save costs (i.e. outsource it). Maybe letting the Chinese government run our city water systems isn't quite what they had in mind, but anything to save a buck in these trying times I suppose...
-mb