Quite correct.  It would be cracked quite key.  But not as fast as a real word,  or modified word using say 0 for o and maybe@ for a.

On Nov 21, 2011 9:23 AM, "Derek Trotter" <expat.arizonan@gmail.com> wrote:
I figure that to be 830,584 possible combinations.  That's 26 lower case letters, 26 more upper case, 10 numbers and the special characters I counted on my keyboard.  That's 94 possible characters for each of the three in the password.  94*94*94=830,584.  Of course there are the other possible characters you can get by holding down the alt key and pressing a number, or using the windows character map.  Somehow I feel if they're only bright enough to come up with a three character password, we can dismiss those possibilities that aren't on the standard US keyboard.  I could be wrong, but I'm guessing a password cracking program wouldn't take too long to try 830,584 possible combinations.

On 11/21/2011 0:33, Michael Butash wrote:
Hah.

"Hacker Says Texas Town Used Three Character Password To Secure Internet Facing SCADA System"

http://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-character-password-secure-internet-facing-scada-system-11201

Good enough for government.

-mb


On 11/20/2011 03:27 PM, Sam Kreimeyer wrote:
I think that most operators generally take whatever data SCADA spits
out at face value. After all, how would they recognize what dangerous
behavior looks like if they don't understand how these systems work
anyway? Let the IT guy figure it out.

I think we are witnessing the nascence of an appreciation for just how
devastating a vulnerability to industrial control mechanisms can be.
The security of these systems has long relied on their own obscurity
and the hope that nobody will be particularly inclined to cause havoc
with no *obvious* potential for profit. That's why they have that
expensive firewall, right?

On 11/20/11, Derek Trotter<expat.arizonan@gmail.com>  wrote:
Same here.  When I first heard of this, I said to myself:  "Bet these
systems run on windows."

On 11/20/2011 14:00, Lisa Kachold wrote:


On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash<michael@butash.net
<mailto:michael@butash.net>>  wrote:

     There was some idle chat here prior about Stuxnet and how it
     almost single-handed stopped or at least delayed Iran's Nuclear
     aspirations, and I'd commented on how there was a variant called
     Duqu that was running rampant in our SCADA systems that run
     municipal water.

     Seems our environmentals that run cities have and are being
     exploited more frequently with more disclosures in the past few
     days of incidents in Springfield Illinois and Houston Texas.  Not
     only do I guarantee security on these systems and networks not up
     to par, their embedded and obscure nature means they probably
     aren't even regularly patched to take advantage.  In the
     Springfield incident they actually caused damage to a critical
     pump, and it's only going to continue to get worse as it's now
     being talked about more mainstream and word spreads.

     http://www.theregister.co.uk/2011/11/17/water_utility_hacked/

     http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/

     I know I sleep better at night knowing all this software runs on
     old windoze systems!  Even better is how they're talking about in
     here how they are often now internet connected systems so they can
     be managed remotely to save costs (i.e. outsource it).  Maybe
     letting the Chinese government run our city water systems isn't
     quite what they had in mind, but anything to save a buck in these
     trying times I suppose...

     -mb


chortle! snort!
--
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com







---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


-- 
"That income tax you know it's nothing more than legal robbery"
Sidney "Pa" Larkin

Please protect my address like I protect yours. When sending messages to multiple recipients, always use the BCC: (Blind carbon copy) and not To: or CC:. Also remove all of the addresses from the message body before forwarding the message. These simple measures prevent spy programs from capturing the addresses shown in the recipient list and the message body.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss