Vulnerabilities Discovered In Prison SCADA Systems 128
phaedrus5001 writes with an excerpt from an Ars Technica article: "Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems. ... The researchers began their work after [John] Strauchs was called in by a warden to investigate an incident in which all the cell doors on one prison's death row spontaneously opened."
Re:Repeat (sort of) (Score:5, Informative)
Slashdot ate the link. here:
http://www.wired.com/threatlevel/2011/07/prison-plc-vulnerabilities/ [wired.com]
Re:Ignorance is bliss (Score:2, Informative)
Yep another typically ignorant post by someone who thinks they know security.
1 - Don't connect shit like this to the internet
Yes the airgap-it-and-fuck-it approach works really well for the targetted attacks on SCADA systems.
don't allow employees to stick their usb drives in work computers
Easier said then done, especially since you just removed their network connections. Like it or not USB as a system to transfer data is here to stay. It needs to be managed not banned. Sure the burn a CD approach works well but these days you can't necessarily take for granted that the computers given to employees are capable of this anymore.
run Linux
Yes the run-linux-and-fuck-it approach works really well for the targetted attack s on SCADA systems. This is as ignorant as post number 1. Actually worse so since you don't actually get the option of what system you run. You will get given the system from the vendor who provided you with the SCADA software. It will be locked down. This is not optional, or do you think people like attempting to maintain Windows NT4 computers for shits and giggles?
Here's an exercise, try find a SCADA vendor who will let you dictate what system you want to buy.
disable Autorun in Windows
My god you said something sensible from a security standpoint. But you've just closed one vector. One of the very many vectors, the weakest one being that humans can click on things.
problem solved
No sir you're did not solve the problem. You and people like you who take haphazard approaches to security and think you're so clever ARE the problem.
Re:Sure, then multiply by one thousand (Score:4, Informative)