From Craig S Wright, vice president of Global Institute for Cybersecurity + Research, a look at the use of SCADA systems that are connected to the Internet. You probably remember SCADA from the starring role it played in the Stuxnet worm.
For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air.
The issue here is that all that separated the engine control systems and the open network was NAT based filters. There were (and as far as I know this is true today), no extrusion controls. They filter incoming traffic, but all outgoing traffic is allowed. For those who engage in Pen Testing and know what a shoveled shell is... I need not say more.
(Image: 747, a Creative Commons Attribution (2.0) image from dannyboymalinga's photostream)
A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes […]
The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years."
One of the griftiest corners of late-stage capitalism is the "public safety" industry, in which military contractors realize they can expand their market by peddling overpriced garbage to schools, cities, public transit systems, hospitals, etc -- which is how the "aggression detection" industry emerged, selling microphones whose "machine learning" backends are supposed to be able […]
When it comes to large computer systems, not one of them is fully secure. Even with constant updates to the platforms that keep vital networks humming, there’s always a back door. And companies are willing to pay handsomely to effective bouncers that can keep an eye on them. Call them ethical hackers or white hat […]
So you’ve visited the Kennedy Space Center every year. You’ve watched “The Right Stuff” for the 95th time. There must be something to do while you’re waiting to join Space Force for the next manned mission to Mars or the moon. Here’s a combo that should raise a salute from any fan of space or […]
Looking for a new tablet? If you haven’t upgraded in a while, it might be time to check out the latest iPad Pro for two very good reasons. First, the 2018 model is a real workhorse. The 12X Bionic chip processor means it can handle any task you set out for it, and still have […]