Langner: Stuxnet Is a Stealth Control System

By Robert Vamosi | 1/18/12 3:59 AM

Speaking at the S4ICS conference in Miami, FL on Wednesday, Ralph Langner described Stuxnet as a long-term Man-in-the-Middle attack rather than a short-term virus attack.

Stuxnet is a two-step malware product that first infects Windows systems, then attacks Siemens System 7 PLC units, such as those being used in Iran for nuclear research. Langner, a security researcher who knows more about Stuxnet code than practically anyone else, was quoted as saying, "we are 100 percent confident that Stuxnet's target was the Natanz enrichment plant in Iran."

Read More >

Rockwell To Patch SCADA Flaw Soon

By Robert Vamosi | 9/23/11 5:36 AM

Within the next seven days, Rockwell Automation will release a patch for a supervisory control and data acquisition (SCADA) vulnerability first made public last Friday.

Read More >

SCADA Vulnerabilities Continue

By Robert Vamosi | 9/20/11 5:58 AM

Security researcher Luigi Auriemma has unearthed a few more SCADA vulnerabilities, most affect the Human–machine interface (HMI) systems. As a result US-CERT has published alerts much like this one for all of Auriemma's new vulnerabilities. This is becoming a standard drill for the ICS industry.

In March 2011, Auriemma published thirty-some vulnerabilities after claiming he had no prior experience with SCADA systems. In June, Siemens patched vulnerabilities posted by Dillon Breseford.

Read More >

SCADA Software Vulnerable To Stack Overflows

By Robert Vamosi | 5/13/11 6:43 AM

The US Industrial Control Systems Computer Emergency Response Team (ICS-CERT) is warning of a new stack overflow in an ActiveX control used in Iconics WebHMI, Genesis32, BizViz HMI and SCADA systems.

Read More >