Risk Management, Project Management, cloud computing security, PCI Compliance, scada security

The Coming Storm: PCI DSS 2.0

‍‍November 21st, 2011 - ה חשון תשעב Ariel No comments

On January 1, 2012 ce, the next version of PCI DSS, 2.0, will come into effect. Are you ready?

The Coming Storm: PCI DSS 2.0

I have always felt that PCI-DSS was no more than a lip service to proper security. Some HP employees will recall me saying that I think that PCI has as much to do with security as a monkey has to do with blueberry juice. I slay myself.

While I do not believe PCI-DSS is prescriptive or a panacea to whatever ails your organization, I have to admit that more money and effort has been spent on security and privacy due to PCI.

On January 1st, the new version of PCI DSS will become effective. What’s the big deal, you ask?

Some of us had to deal with the 12 current requirements of PCI:

The Biggest Hole – Keeps Getting Bigger

‍‍October 16th, 2011 - יח תשרי תשעב Ariel No comments

It is amazing that over two years after I wrote my post The SCADA Scandal, that the problem still exist. Nay, it grows larger, seemingly daily.

In a short but succinct post below, which was first posted here and is graciously made available to readers of this blog, Mourad explains:

Italian security researcher recently revealed details of several vulnerabilities in the system supervisory control and data acquisition (SCADA) from multiple vendors. Luigi Auriemma (site no longer available) has released details and proof of concept code for 6 vulnerabilities affecting popular SCADA systems. Most of the vulnerabilities allow remote code execution, many of them are easy to use,” – says Luigi Auriemma. “At least three vendors have released patches, and Rockwell Automation is working on it right now.”

The affected products are:

Beckhoff TwinCAT ‘TCATSysSrv.exe’ Network Packet Denial of Service Vulnerability
Rockwell RSLogix Overflow Vulnerability
Measuresoft ScadaPro Multiple Vulnerabilities
Cogent DataHub Multiple Vulnerabilities
AzeoTech DAQFacstory Stack Overflow
Progea Movicon Multiple Vulnerabilities

It is amazing that we keep finding these holes daily. Forget Stuxnet and the STARS. These still exist in everyday life-support infrastructure and utilities networks we depend on for our very civilization. Until when will they be allowed to exist unmitigated?

Permalink:http://arielsilverstone.com/scada/the-biggest-hole-keeps-getting-bigger/

Categories: SCADA Tags: code execution, cybersecurity, denial of service, overflow vulnerability, scada systems, scandal, stack overflow, supervisory control and data acquisition, vulnerabilities

Newer Entries Older Entries

שְׁמַע | יִשְׂרָאֵל, יְיָ | אֱלֹהֵינוּ, יְיָ | אֶחָֽד:

בָּרוּךְ שֵׁם כְּבוֹד מַלְכוּתוֹ לְעוֹלָם וָעֶד

וְאָהַבְתָּ אֵת יְיָ | אֱלֹהֶיךָ, בְּכָל-לְבָֽבְךָ, וּבְכָל-נַפְשְׁךָ, וּבְכָל-מְאֹדֶֽךָ. וְהָיוּ הַדְּבָרִים הָאֵלֶּה, אֲשֶׁר | אָֽנֹכִי מְצַוְּךָ הַיּוֹם, עַל-לְבָבֶֽךָ: וְשִׁנַּנְתָּם לְבָנֶיךָ, וְדִבַּרְתָּ בָּם בְּשִׁבְתְּךָ בְּבֵיתֶךָ, וּבְלֶכְתְּךָ בַדֶּרֶךְ וּֽבְשָׁכְבְּךָ, וּבְקוּמֶֽךָ. וּקְשַׁרְתָּם לְאוֹת | עַל-יָדֶךָ, וְהָיוּ לְטֹטָפֹת בֵּין | עֵינֶֽיךָ, וּכְתַבְתָּם | עַל מְזֻזֹת בֵּיתֶךָ וּבִשְׁעָרֶֽיךָ:

The Security Blog

The Coming Storm: PCI DSS 2.0

On January 1, 2012 ce, the next version of PCI DSS, 2.0, will come into effect. Are you ready?

The Coming Storm: PCI DSS 2.0

The Biggest Hole – Keeps Getting Bigger

Services

Categories

Blogroll

שְׁמַע | יִשְׂרָאֵל, יְיָ | אֱלֹהֵינוּ, יְיָ | אֶחָֽד:

בָּרוּךְ שֵׁם כְּבוֹד מַלְכוּתוֹ לְעוֹלָם וָעֶד