2010 July

July 2010

Cell Phone Interception at DefCon

More details on the privacy concerns and impact here.




Wireless WPA2 Broken?

More details here.


Facebook Snatching

One of the great tools that can be used to work an OSINT (Open Sourced Inteligence) gatheing excersize is the use of Facebook as a way to leverage sensitive informaiton from users. By heading over to http://www.facebook.com/directory you are able to see every user  Now this data has been automated by the use of a torrent file (here) that contains the spidered Facebook contents.

See the full details and uses here



“Blue Screen of Death” not only harms computers

In his testimony Friday, Michael Williams, the chief electronics technician aboard the Transocean-owned Deepwater Horizon, said that the rig’s safety alarm had been habitually switched to a bypass mode to avoid waking up the crew with middle-of-the-night warnings.  During that interview, Michael also said that the computer that monitored the drilling operations on the Deepwater Horizon had been freezing with a “blue screen of death” prior to the explosion that sank the oil rig and resulting in the deaths of 11 workers.

When I read that article, I had a strong case of Déjà vu. This is not the first time that a Blue Screen problem has impacted the SCADA systems controlling an offshore oil rig. I was on a team that responded to a similar incident back in 2004. The prior Blue Screen problem was caused by the SQL Slammer worm, and resulted in 8 hours of downtime and over 1.2 million dollars of financial loss. At least that incident did not involve any human losses.

So since the last time the Blue Screen of Death impacted SCADA Systems was due to the SQL Slammer worm, what do you think was the cause of the Blue Screen problem with the Deepwater incident? Having performed over 120 security assesments of SCADA systems, I can say with first hand knowledge that many of those systems are connected to the Internet, missing security patches, and prone to malware and botnet code.

It is time that SCADA and IT professionals start viewing SCADA Security as not only a security problem, but also a SAFETY problem. Neglect to harden the security of SCADA systems could also lead to legal implecations, especially where security standards like ISA S99, and regulations like the NERC CIP and DHS CFATS have been published and available for some time now. Hopefully our industry will learn from these issues, view this as a wake up call, and start taking action to secure their SCADA and control systems.

– Jonathan

xplico – web based packet analyzer

If you are like me and spend lots of time disecting and parsing PCAP (Packet Capture) files you are always on the lookout for great ways to visualize, massage and interpret that data. Let me turn your attention then to a great tool that has just become one of the most incredible additions to my toolkit.

XPLICO is a web-based program that allows for the collection and importing of .PCAP files for analysis. It offers great graphs and an overview of the capture for a more in-depth look at protocols and frames.

This is a must have for any Forensic, Reverse Engineering, or Network Security operator in the wild.

Check it out here

Cheers, J

Leave a Reply