| User Info
| Oh Great -- Power Plants, Chemical Plants, Etc. At Risk in forum [Market-Ticker]
|
Widgeon
Posts: 13481
Incept: 2007-08-30
Region formerly known as the United States
|
It is not safe to dissent. ANYONE that delivers "bad news" is instantly vilified, marginalized, and driven away ... really, blacklisted. Just saying, in the trenches of the work-a-day world, that's the fact. Those on the ground, closest to the issues that can see the problems, etc. effectively can't speak. They've seen their outspoken co-workers eliminated.
|
Crzymorse
Posts: 1189
Incept: 2010-06-25
Maryland
|
Somehow everybody knew this type of **** was going to happen.
|
Digitlman
Posts: 330
Incept: 2011-03-04
|
******nit, we don't have time for this nonsense!
We're far too busy trying Roger Clemens to deal with this!
|
Eighty6thebs
Posts: 4183
Incept: 2007-06-26
It's contained to sub-prime!
|
Dude...he's standing right their and you're talking about our back doors?
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Tesla
Posts: 15541
Incept: 2008-04-03
State of Disbelief
|
But we're safe ! The TSA fondled a 4 year old a few days ago...
----------
"Even a dog knows the difference between being stumbled over and being kicked." -Justice Oliver Wendell Holmes
"Neither the wisest Constitution nor the wisest laws will secure the liberty and happiness of a people whose manners are universally corrupt." -Samuel Adams
|
Optimus2861
Posts: 55
Incept: 2009-12-16
Dartmouth NS Canada
|
Those *******s! I've used those switches a number of times over the years, even recommended them to others! I don't think I ever put one of them directly on the Internet, and I always recommend against such things to my clients unless there's a good firewall in front of them, but still. And to think Siemens just bought them out. Oh well - I never liked Siemens in the first place.
|
Mari
Posts: 1012
Incept: 2010-03-05
Central MD
|
Well, thanks for this bright and cheery ray of sunshine because I wasn't effing scared enough by the book "One Second After"...
----------
I bleed purple and orange!
|
Anti
Posts: 4292
Incept: 2007-10-09
|
I got this video about hackability of the power grid in an email today. There seemed some hyperbole at the end regarding the viability of solar power so I discounted some of the alarmism within but FWIW: http://www.forbiddenknowledgetv.com/vide....
----------
Health is better than health insurance
http://gerson.org/
Over the past 60 years, thousands of people have used the Gerson Therapy to recover from so-called “incurable” diseases such as cancer, diabetes, heart disease and arthritis.
|
Gantww
Posts: 542
Incept: 2011-04-22
Nashville, TN
|
Widgeon, as someone who was terminated for insubordination for refusing to implement a system in a manner that would have exposed hundreds of people to identity theft, I just want to say that you have a point and it is a better one than most people realize. Point out a major problem that might keep someone from meeting next quarter's numbers (and getting their bonus), even if the problem could bankrupt the company, and they'll happily frog march you into HR, tell you that you are terminated, and not even let you go back to your desk when it is over with. I, being the belligerent S.O.B. that I am, went back to my desk anyway to get my stuff. I told them they were welcome to call the law or to try to restrain me if they wished. It turns out that was a perceptive choice, as legal attention of any sort was the last thing they wanted. I didn't get a good reference from them, but given their recent problems, that wouldn't have been very useful anyway. Point is, you are undertaking a serious risk on yourself if you report security issues to the people who should be watching for them. It's like pointing out that our country is already bankrupt - it's true, but everybody with power wants to sweep it under the rug until they get theirs.
As an aside, my former employers are now facing federal charges including insurance fraud, wire fraud, and God-knows what else. Speaking of security holes that I have warned them of in the past, I'm tempted to warn them of a particular back-door exploit that I sincerely hope they face soon. But that would be mean, and I don't owe them anything.
|
Steelhead23
Posts: 2041
Incept: 2008-09-09
Portland OR
|
This post scares the living bejeezus outa me. SCADA is everywhere and the concept that everything from railroad switchyards to hydroelectric dams could be sabotaged by a 14 yo playing around is enough to make me cringe. Look, it wouldn't even have to be malicious. Pass the Dickel.
----------
"Give me control of a nation's money and I care not who makes it's laws" —Mayer Amschel Bauer Rothschild Benjamin Bernanke
For-profit commercial banks are a menace and should be eradicated
|
Eighty6thebs
Posts: 4183
Incept: 2007-06-26
It's contained to sub-prime!
|
Most of this is on private networks. If you put your **** on the public internet you're nuts.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Genesis
Posts: 130717
Incept: 2007-06-26
|
Uh huh 86..... and a lot of those "private networks" have some sort of gateway somewhere.
They shouldn't, but they DO.
----------
I don't care if it makes sense -- only if it makes money. -- Me
Bank (n): See scam, fraud and theft. Eat a bankster -- they're low-carb.
What part of "shall not be infringed" was unclear?
|
Obsidian
Posts: 2445
Incept: 2008-10-10
Eagle Mountain, Utah
|
Quote:Most of this is on private networks. If you put your **** on the public internet you're nuts. Private networks ARE public if they can be breached... ...they can be breached.
----------
232-Th + n --> 233-Th --> 233-Pa --> 233-U.
Trolling is a art.
|
Grf
Posts: 1337
Incept: 2008-12-08
|
This has been known about for years if not decades.
----------
"Every time we on TF talk about God and gays, God frees a banker and gives him a bonus." --me
"Your farts are interstate commerce and if they want to stick a muffler up your ass they will do it." --Boughtthefarm
|
Billy_ray_v
Posts: 1039
Incept: 2010-10-08
east of the rockies
|
Get a 900 mhz clandestine flex transmitter and send fake blackberry "instrument" status reports to control.Over compensation and destruction follows.
Hilarity ensues.Sorta like the Russian pipeline **** we pulled before.
You'd be busted quick (quick enough to null your objective?) for having a
TX powerful enough to override original signal.
Capcodes can be easily be spoofed,just need raw power to stop original message. /evil scientist mode off
BRV
----------
When a country allows itself to be coerced,it has to suffer
the consequences.
Reason: message follows
|
Kochevnik
Posts: 547
Incept: 2007-07-30
Dallas TX
|
Everyone and his brother is jerking off to the 'cloud' right now and the higher you go up the corp or govt food chain the more clueless those that make these kinds of decisions are. The grunts, at least the smart honest ones know all about these vulnerabilities and NO ONE ****ING LISTENS and as others have pointed out, you open your mouth and object and you are shown the door.
I just spent almost 2 years with a small subsidiary of one of the nations largest manufacturers - while I was there, I warned my temp boss again and again that the guys he has as leads were doing things that they should never ever do, and that it would come back to haunt them in the end. I never pushed it hard enough to get canned, in fact they offered me these guys jobs, which I politely told them to stuff since the pay was about half of what I made as a contractor. Three weeks ago, one of the key mental midgets left after giving his two weeks notice. Now they are running an entire manfacturing company on software written 15+ years ago that is virtually unfixable because the guys my boss let run things are the only ones who knew how it works. At some point in the next few weeks of months I know I will get a terrified phone call, please help us, our plant is completely shut down because the software failed and there is no one here who know how it works or how to fix it. I'm guessing one or two thousand people instantly unemployed when that happens.
You would ask, why would any herd of managers allow a situation to happen that would easily result in the complete destruction of their own company ?
Easy. My manager is 9 months from retirement. The managers above him aren't really interested in actually managing - they pop in every blue moon, make come nonsensical comments that make it look like they are doing something and then move on to the next con call or useless meeting.
It's like watching the flash from a nuke going off and wondering just how long you'll have to wait to hear/feel the bang.
----------
There are decades where nothing happens - and there are weeks where decades happen.
-- Vladimir Ilyich Lenin
|
Dakine2004
Posts: 9231
Incept: 2007-10-23
MD.MI.NC.SD.
|
|
Darth
Posts: 2182
Incept: 2009-07-07
SWVA - US
|
Much of the time, such vulnerabilities are caused by 3rd party vendors, and not the people actually working at the places(even though THEY are the ones responsible). A vendor will come in and install some equipment, hardware, software, or all three. From my experience, their security is almost always either non-existent or a joke. Typically they go with out of the box, default passwords, or use something uniform and very easy, so things will be 'convenient' for their support or field techs. I've went rounds with them on more than one occasion, with many vendors. Companies/facilities need to stand firm, and not let them leave open doors to your network/systems.
All it takes is ONE compromised machine, and with the right person on the other end of the connection, your whole company could be potentially screwed!
|
Cobra2411
Posts: 10339
Incept: 2007-06-26
Philly P.a.
|
Quote:I am frequently amazed at how stupid people who ought to know better actually are. Or, as is often said by people who try to make things "idiot proof": The problem is that they keep coming up with better idiots! I used to say "idiot proof" but now only say "idiot resistant". When I was active in the IT field the biggest companies I ever dealt with were fortune 100's but I can say that the security at most of the companies I went to was a complete joke. For ****s and giggles I used to show up in a t-shirt and jeans and maybe a laptop, walk right in and say "I'm here to fix the server, where's it at?" and better than half the time I'd be shown right to the server with very few questions. I always loved when the receptionist was using the server as her personal computer... The people I talked to didn't know me yet I was able to get access and passwords... Sure, it wasn't critical systems but definitely could have been good for some corporate espionage... Was good for selling "security packages" and it allowed me to work in a t-shirt and jeans most days... So yeah, I'm a little scared thinking these systems are hooked to the internet... If you need that level of speed and connectivity, set it up but shut the port down at the router or switch and use a modem to log in and bring up the connection in the router/switch.
----------
To err is human. To really **** things up takes government.
|
Marvinmartian
Posts: 750
Incept: 2011-03-16
Pasadena, CA
|
The story has moved to Wired from the arsTechnica publication. This article also includes Siemens as another culprit. http://www.wired.com/threatlevel/2012/04....Quote:RuggedCom, which is based in Canada, was recently purchased by the German conglomerate Siemens. Siemens, itself, has been highly criticized for having a backdoor and hard-coded passwords in some of its industrial control system components. The Siemens vulnerabilities, in the company’s programmable logic controllers, would let attackers reprogram the systems with malicious commands to sabotage critical infrastructures or lock out legitimate administrators.
A hardcoded password in a Siemens database was used by the authors of the Stuxnet worm to attack industrial control systems used by Iran in its uranium enrichment program.
Hardcoded passwords and backdoor accounts are just two of numerous security vulnerabilities and security design flaws that have existed for years in industrial control systems made by multiple manufacturers. The security of the devices came under closer scrutiny in 2010 after the Stuxnet worm was discovered on systems in Iran and elsewhere.
Numerous researchers have been warning about the vulnerabilities for years. But vendors have largely ignored the warnings and criticism because customers haven’t demanded that the vendors secure their products. |
