×
Security

CIA Claims Cyber Attackers Blacked Out Cities 280

Posted by ScuttleMonkey from the say-g'night-dick dept.
Dotnaught writes to tell us InformationWeek is reporting that the CIA admitted today that recent power outages in multiple cities outside the United States are the result of cyberattacks. "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
Security

SCADA Systems a Target for Hackers? 189

Posted by CowboyNeal from the isn't-everything-already dept.
superstick58 writes "As a system integrator, I am often providing control solutions that utilize sophisticated Ethernet networks and as they say in the biz 'link top floor to shop floor.' Forbes has an article about the security issues that exist in SCADA systems. When I look back at some of the systems I have put in which include direct I/O control over ethernet and distributed HMI monitoring, if I can get access from the internet, it would be easy to bring down power for a plant or at the very least make operators in the building very uncomfortable. How vulnerable are the manufacturing centers of the world?"
Security

MS Mulling Changes to Thwart .ANI-type Attacks 99

Posted by Zonk from the thinking-around-the-problem dept.
Scada Moosh writes "ZDNet has a story about the lessons Microsoft learned from the recent animated cursor (.ani) attacks and some of the broad changes being made to flag this type of vulnerability ahead of time. The changes include a possible addition to the list of banned API function calls, more aggressive checks for buffer overruns and enhancements to existing fuzz testing tools. '[Michael] Howard said Microsoft will "rethink the heuristics" used by the /GS compiler to flag certain issues. "Changing the compiler is a long-term task. In the short-term, we have a new compiler pragma that forces the compiler to be much more aggressive, and we will start using this pragma on new code," he added. Two other Windows Vista security mechanisms -- ASLR and SafeSEH -- were also in place to catch code failures but, in the case of the .ani bug, Howard said the attackers were able to wrap vulnerable code in an exception handler to find ways around those mitigations.'"
Graphics

Digitizing VGA? (take 2) 49

Posted by Cliff from the forget-printscrn-go-digital dept.
urgent asks: "In March of 2002, Ask Slashdot ran this article, wherein advice on 'hardware to digitize the VGA output of a PC' was sought. Most of the responses seemed to assume that remote administration of PC's/servers was the end goal. If you've got control of the software and/or hardware, it's pretty clear there are easier solutions for that. On the other had, there are many legacy and embedded systems where it would be nice to monitor and record display output. For instance, integrating old computerized factory equipment into a SCADA system, or recording old embedded maritime and medical displays (hint: jobs). My dream hardware would be a dongle that connected to a VGA out and could be polled over ethernet or CAN."
United States

NERC Releases Interim Report on Aug 14th Blackout 426

Posted by michael from the candlelight-vigil dept.
will writes "The North American Electric Reliability Council has released four documents concerning the August 14th power outage power outage in the North East. The blackout investigation homepage lists all NERC's documents relating to this event. Press coverage is at The Washington Post, CNN, and CBS News. The take home message: FirstEnergy did it. The are, of course, denying it." The report is also available at reports.energy.gov. Reader stinkydog writes "According to Yahoo News part of the blame for the big fizzle of 2003 lies with a failing SCADA system, GE's XA/21 power management system. 'Not only did the software that controls audible and visual alarms stop working at 2:14 p.m. EDT, but about a half hour later, two servers supporting the emergency system failed, too.' According to the product specs, it is a Unix system with X Windows."

Slashdot Top Deals