From Craig S Wright, vice president of Global Institute for Cybersecurity + Research, a look at the use of SCADA systems that are connected to the Internet. You probably remember SCADA from the starring role it played in the Stuxnet worm.
For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air.
The issue here is that all that separated the engine control systems and the open network was NAT based filters. There were (and as far as I know this is true today), no extrusion controls. They filter incoming traffic, but all outgoing traffic is allowed. For those who engage in Pen Testing and know what a shoveled shell is... I need not say more.
(Image: 747, a Creative Commons Attribution (2.0) image from dannyboymalinga's photostream)
Amazingly, this is an improvement on last year, when hackers took 300,000 taxpayers’ records from the IRS.
A basic best-practice for email servers is to use TLS (Transport Layer Security) when they connect to one another, which guards against “man in the middle” attacks that would allow attackers to read or change emails while they travel between mail-servers.
The White House released an announcement today on President Obama’s Cybersecurity National Action Plan. In thousands of not actually bad at all words about cybersecurity, they managed not to say the word “encryption” once.
Light used to just be one of two things: on or off. Simple as that. Either a flood of yellow or total darkness. Then the dimmer switch happened and you could adjust the brightness to meet your seductive needs and suddenly everyone looked a little better in the gentler light. And now your luminary universe […]
Projects will always need management. And now with the tech gold rush it feels like there are more projects than ever with fewer managers than there’s demand for. But it takes too much time and money to go back to school full time so luckily the Project Management Professional certification training course is now 96% […]
If you’ve been blessed enough to avoid them yourself, you’ve definitely heard the horror stories. Late night, crushing out a ton of work, writing, coding, anything, then boom – your computer crashes. The battery blows, you spill water or coffee all over the place, or it just shuts down with no explanation, and you’re screwed. […]