Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
In reply to the discussion: This is forensic! Its indisputable: Former CIA operative slams Trump for dismissing Russian hacks [View all]HoneyBadger
(2,297 posts)20. Definitely queen geek
http://blog.ptsecurity.com/2015/05/schneider-electric-thanks-winner-of.html
Schneider Electric Thanks the Winner of the Positive Hack Days Hacker Contest
Early April, Schneider Electric has released several updates and patches fixing vulnerabilities in the software used for creating SCADA and HMI systems at nuclear power plants, chemical plants and other critical units.
The vulnerabilities which even a novice attacker could exploit were found in InduSoft Web Studio 7.1.3.2, InTouch Machine Edition 2014 7.1.3.2 as well as previous versions of these products. Among bugs fixed — arbitrary code execution and non-encrypted storage/transfer of sensitive data. The vendor recommends downloading the new patches as soon as possible.
Ilya Karpov and Kirill Nesterov, Positive Technologies researchers, detected the vulnerabilities during an ICS security analysis. Meanwhile, many bugs in those products were independently revealed by the participants of the Critical Infrastructure Attack contest held in May 2014 at the international infosec conference Positive Hack Days IV.
Schneider Electric thanked the contest winner, Alisa Shevchenko (Esage Lab), for the vulnerabilities she identified.
The first PHDays contest in analyzing ICS security was held in 2013 when security experts at Positive Technologies laboratory developed a railway model, whose components (trains, railroad crossing gates, and cranes) were controlled by an ICS based on three real SCADA systems and three industrial controllers.
In 2014, the contest infrastructure was significantly changed to allow detection of zero-day vulnerabilities within a wider range of systems and industrial protocols including: transport, city lighting system, power plants and various robots.
In the competition scenario, SCADA systems and controllers are used at critical installations within various industries. If exploited in a real life situation, these vulnerabilities could have very serious consequences. According to the responsible disclosure policy, Critical Infrastructure Attack contestants must notify respective vendors about vulnerabilities they detected. Details about the vulnerabilities are available upon the fixes being disclosed by the vendor.
Schneider Electric Thanks the Winner of the Positive Hack Days Hacker Contest
Early April, Schneider Electric has released several updates and patches fixing vulnerabilities in the software used for creating SCADA and HMI systems at nuclear power plants, chemical plants and other critical units.
The vulnerabilities which even a novice attacker could exploit were found in InduSoft Web Studio 7.1.3.2, InTouch Machine Edition 2014 7.1.3.2 as well as previous versions of these products. Among bugs fixed — arbitrary code execution and non-encrypted storage/transfer of sensitive data. The vendor recommends downloading the new patches as soon as possible.
Ilya Karpov and Kirill Nesterov, Positive Technologies researchers, detected the vulnerabilities during an ICS security analysis. Meanwhile, many bugs in those products were independently revealed by the participants of the Critical Infrastructure Attack contest held in May 2014 at the international infosec conference Positive Hack Days IV.
Schneider Electric thanked the contest winner, Alisa Shevchenko (Esage Lab), for the vulnerabilities she identified.
The first PHDays contest in analyzing ICS security was held in 2013 when security experts at Positive Technologies laboratory developed a railway model, whose components (trains, railroad crossing gates, and cranes) were controlled by an ICS based on three real SCADA systems and three industrial controllers.
In 2014, the contest infrastructure was significantly changed to allow detection of zero-day vulnerabilities within a wider range of systems and industrial protocols including: transport, city lighting system, power plants and various robots.
In the competition scenario, SCADA systems and controllers are used at critical installations within various industries. If exploited in a real life situation, these vulnerabilities could have very serious consequences. According to the responsible disclosure policy, Critical Infrastructure Attack contestants must notify respective vendors about vulnerabilities they detected. Details about the vulnerabilities are available upon the fixes being disclosed by the vendor.
Edit history
Please sign in to view edit histories.
40 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
RecommendedHighlight replies with 5 or more recommendations
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
RecommendedHighlight replies with 5 or more recommendations
This is forensic! Its indisputable: Former CIA operative slams Trump for dismissing Russian hacks [View all]
deminks
Dec 2016
OP
thanks for that perspective... personally, I have no clue how to evaluate this stuff
Fast Walker 52
Dec 2016
#23
This is false on its face, .. that's like saying climate scientist disagree... SOME climate scientis
uponit7771
Dec 2016
#32
A herd of millions. FFS, where do we live now. I expect Alex Jones to soon be the lead on Fox News,
RKP5637
Dec 2016
#27
This link has nothing to do with this hack, but everything to do with the hackers
HoneyBadger
Dec 2016
#31
See Putin's yooooge party tonight to celebrate putting his lackey Trump in the WH.
keithbvadu2
Dec 2016
#34
