Forgot your password?

Comment: Paul Vixie is an hypocrite (Score 1, Insightful) 565

by luca (#34528434) Attached to: WikiLeaks, Money, and Ron Paul

  1. 1. both sides are willing to inflict collateral damage on innocent third parties and can offer arguments as to why their cause warrants this;
  2. 2. each side thinks the other is evil and must be opposed and that the rule of law is neither fast enough nor effective enough to get the job done;
  3. 3. both sides believe that the other side must not be allowed to communicate normally with customers, suppliers, supporters, etc.

How can the man that created maps, to which all of the above applies, say these things with a straight face?.

Comment: Re:What the? (Score 1) 167

by luca (#33618234) Attached to: Stuxnet Worm Infected Industrial Control Systems

In the Siemens case the physical switch is only present on the S7-400 series, the S7-300 series don't have it, and I can tell you that the difference between them isn't $4, you'll have to add 2 to 3 zeros depending on the model.
However, even with the key in the "run" position (where you supposedly cannot alter the software) not everything is locked: you cannot change the program (and I'm not even 100% sure about that since the "password protection" can override the switch) but you can change the data and disrupt the process.

Comment: Re:uhhh (Score 5, Informative) 545

by luca (#33104668) Attached to: Verizon Changing Users Router Passwords

What are you all on about? He said he disabled administrative access from outside.

He disabled the user visible administrative interface.

Google for tr69 and you'll be enlightened.

In my router it's impossible to disable, however in some normally hidden menu I could modify the "call home" url, rendering it ineffective.

Comment: Re:Windows for SCADA? WTF?! (Score 1) 214

by luca (#32925052) Attached to: Malware Targets Shortcut Flaw In Windows, SCADA

process control is still handled by the PLCs (unaffected by any sort of malware... that I know of) and if something was looking like it was about to go wrong, then the PLC should be set up to deal with it...

The PLCs I'm forced to work with (that happens to be from the same manufacturer that produces the POS that's WinCC[*]) can be networked and, as soon as you connect them to a network, you can control them (as in, modify the program, start them, stop them, the whole lot) remotely.
The communication is not encrypted and it's not password protected[**], so anybody that can obtain access to the network (and that's not very difficult in many factories, especially the very big ones) can control them at will.

[*] and other manufacturers aren't better

[**] there's a password protection, but it's enforced by the programming software, not by the PLC itself. You just have to use your own program, using the reverse engineered communication protocol and you're set.

They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- Carl Sagan