[Full-disclosure] SCADA refresher
gmaggro
gmaggro at rogers.com
Mon Dec 3 00:52:17 GMT 2007
Been giving myself a little refresher on SCADA, hope no-one minds the MLP.
Stock presentation on SCADA security issues:
http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf
Ganesh Devarajan's Defcon presentation was interesting:
http://video.google.com/videoplay?docid=2434649448102709100&hl=en
Makes of SCADA and related products I have seen in actual use:
Allen Bradley (hardware)
Siemens (hardware)
RAND (hardware)
ABB (hardware)
Wonderware (software, assuming this was what Ganesh was assaulting)
Well, assuming it was Wonderware (http://us.wonderware.com) since in
multiple networks of hundreds of thousands of nodes, and the companies
that own them... Wonderware was the only SCADA related package that
creeped up.
On a different and amusing note, X.25 was still in use in a number of
these locations. Take that for what you will, but I don't think that's a
good sign. Hello, Datapac! However I have little idea what the X.25
landscape is like anymore. Would be interesting if both
credit/financial and infrastructure data regularly travelled over the
same paths. Get access to a lottery/debit terminal, or just its
connectivity, and leverage that.
24th Chaos Communication Congress "Hacking SCADA", it sure would be nice
to make it over:
http://events.ccc.de/congress/2007/Fahrplan/events/2227.en.html
More amusement, though it's a subscription site:
http://www.digitalbond.com/wiki/index.php/SCADA_IDS_Signatures
Anyone have any resources they'd care to share?
Full-Disclosure is hosted and sponsored by Secunia.