BugTraq
RE: Vulnerabilities in some SCADA server softwares Mar 23 2011 05:03PM
Jim Harrison (jim isatools org) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 06:13PM
Theo de Raadt (deraadt cvs openbsd org) (3 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 24 2011 05:50PM
CJC (parttimesecurityguy gmail com) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 24 2011 06:12PM
Michal Zalewski (lcamtuf coredump cx)
> A lot of people are failing to see the vendors customer side of things.
>  Industrial Control Systems (ICS), SCADA users, historically have their
> focus on availability (you don`t want you electricity/water/petrocehmicals
> being cut now do you) and safety (no one want to die making sure you get
> your electricity/water/petrochemicals), and security was never an issue
> because the SCADA systems were air gapped and the security needs were
> different that IT security.

Exactly the same arguments could have been brought up 15 years ago
against the then-disruptive and novel disclosure of vulnerabilities in
Unix systems or in Windows ("you can't just expect to shut down a bank
and roll out potentially disruptive security updates every week!"
coupled with "vendors certainly know what's best for us"). Back then,
commodity OSes have been designed insecurely because of similar
business considerations, and not because of malice.

The roots of BUGTRAQ are with the movement to end bug secrecy of that
era. It caused some pain, and also caused some significant long-term
improvements by convincing the public and the vendors that security is
something you simply can't afford not to care about.

Views on the cost / benefit balance of this process are varied, of
course, but knowing what I learned thanks to this process, I sure
wouldn't want to be using any of the operating systems available back
then.

/mz

[ reply ]
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 10:51PM
bugtraq cgisecurity net
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 06:36PM
J. Oquendo (sil infiltrated net) (4 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 24 2011 11:13AM
Willy Tarreau (w 1wt eu)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 08:43PM
Jamie Riden (jamie riden gmail com)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 07:33PM
Simple Nomad (thegnome nmrc org)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 07:03PM
Theo de Raadt (deraadt cvs openbsd org)


 

Privacy Statement
Copyright 2010, SecurityFocus