Tuesday, July 19, 2016

Choo-Shoo pwn explained

...A detailed analysis of the security status of widely-used ICS/Scada systems, including railway and interlocking CBCS, has identified faults and vulnerabilities, which allow cyber criminals to not only degrade key reliability parameters and bypass safety mechanisms, but also to carry out attacks which directly affect rail traffic safety. Remarkably, these systems meet all of the relevant IT security and functional safety requirements and all have the required international, national and industrial certificates...

Monday, July 11, 2016

Friends don't let friends put SCADA on the Internet. At least tried...

220,558 Internet-connected ICS components worldwide
188,019 unique hosts (IP addresses)
170 countries (~82% of all)

HTTP is still most widespread industrial protocol
50,3% HTTP
13,4% Telnet
9,3% Niagara Fox
7,6% SNMP
7,4% Modbus