Security & Hacking: "Unauthorized Access to a New Jersey Company’s Industrial Control System"

http://publicintelligence.net/fbi-antisec-ics/

Some snippets of interest:

"US Business 1 had a controller for the system that was password protected, but was set up for remote/Internet access. By using the link posted by the hacktivist, the published backdoor URL provided the same level of access to the company’s control system as the password-protected administrator login. The backdoor required no password and allowed direct access to the control system."

"The URL that linked to the control system of US Business 1 provided access to a Graphical User Interface (GUI), which provided a floor plan layout of the office, with control fields and feedback for each office and shop area. All areas of the office were clearly labeled with employee names or area names."

As a gamer, I'll note the second snippet matches up with some games, which seems amusing, sad, and ironic to me.

As someone with much deeper background in physical security than computer security, I'll also note that the second snippet above would provide a lot of very useful intel for physical attacks and/or social engineering.

IMHO Social Engineering attacks are on a boundary of Physical & Computer Security, walking in and pretending to be there to fix something is certainly a Physical attack, though you might be placing a physical keylogger or other Pen Testing equipment to attack the computer network.
 

Security & Hacking: US Infrastructure Enormous Vulnerabilities

Also seems like a lot of stupidity going on as well.

This article today from Sophos http://nakedsecurity.sophos.com/2012/10/31/nuclear-security-silence/ isn't anything new, see http://cliffsesportcorner.blogspot.com/2012/10/security-hacking-backdoor-in-computer.html

But this Quote of a Quote [I'm quoting Sophos, quoting Reuters article], illustrates just how messed up Infrastructure Security is, as well as the stupidity:

"In addition, attendees said they were alarmed to learn that because the government has kept a technique it discovered for attacking electricity generation equipment secret for five years, potential targets had not realized they were vulnerable and therefore did not buy hardware needed to protect themselves." 

Also might want to look at Basecamp, which is trying to raise public awareness to pressure politicians and business to improve situation http://www.digitalbond.com/tools/basecamp/

A bit technical, but most computer nerds should be able to follow it no problem.

Some Wikipedia articles that explain the acronyms.

• SCADA http://en.wikipedia.org/wiki/SCADA
• DCS http://en.wikipedia.org/wiki/Distributed_control_system
• PLC http://en.wikipedia.org/wiki/Programmable_logic_controller
• RTU http://en.wikipedia.org/wiki/Remote_Terminal_Unit