http://arstechnica.com/security/2012/10/backdoor-in-computer-controls-opens-critical-infrastructure-to-hackers/
Things are just peachy with infrastructure security, this quote sums it up, "The CoDeSys tool will grant a command shell to anyone who knows the
proper command syntax and inner workings, leaving systems that are
connected to the public Internet open to malicious tampering."
This involves power plants and other infrastructure in the US and other parts of the world.
Not only is it frightening, it is really sad, just how big a vulnerability this single issue causes.
Not really even hacking, more like no security at all.
There are more infrastructure security issues out there.
There is a ridiculously bad category called Forever Day Bugs, also know as iDays, or Infinite Days.
Name is similar to Zero Day, only Forever Day/iDays vulnerabilities remain for years even after they are disclosed.
For various reasons iDays don't get patched or fixed.
Bruce Schneier has talked about Forever Day Bugs (vulnerabilities) http://www.schneier.com/blog/archives/2012/04/forever-day_bug.html
Ars has also covered them http://arstechnica.com/business/2012/04/rise-of-ics-forever-day-vulnerabiliities-threaten-critical-infrastructure/
ICS=Industrial Control Systems, not Ice Cream Sandwich, in this context.
No comments:
Post a Comment