[146745] in North American Network Operators' Group
RE: First real-world SCADA attack in US
daemon@ATHENA.MIT.EDU (Jason Gurtz)
Mon Nov 21 16:54:54 2011
Date: Mon, 21 Nov 2011 16:51:02 -0500
In-Reply-To: <4ECAC426.9090203@amplex.net>
From: "Jason Gurtz" <jasongurtz@npumail.com>
To: <nanog@nanog.org>
Reply-To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Having worked on plenty of industrial and other control systems I can
> safely say security on the systems is generally very poor. The
> vulnerabilities have existed for years but are just now getting
> attention.
+1
Just for context, let me tell everyone about an operational =
characteristic
of one such system (Sold by a Fortune 10 (almost Fortune 5 ;) company =
for
not a small amt. of $) that might be surprising; the hostname of the
server system cannot be longer than eight characters.
The software gets so many things so very very wrong I wonder how it is
there are not more exploits!
~JasonG
