Core Technologies outs Citect to Associated Press-- is this ethical?

, Core Technologies "reported exclusively" to the Associated Press about a buffer overflow vulnerability they found in CitectSCADA. The flaw is repaired, although, once again Core insists that it was "five months" before Citect responded to their notification.

Commenting on this blog...

You may have noticed that, unless you sign in, the comment box doesn't appear. In part that's a last ditch effort against blogspam. Yes, there's such a thing. What happens is that people write scripts to post to blogs, with phishing schemes, and other nonsense.

Fun and Games with Security

The kids are all right. They're getting down and dirty with the realities of cybersecurity down in San Antonio. See the news release below. It looks like the focus of this competition is standard, enterprise level security (not that there's anything wrong with that).

Cyber Security Gets Serious

Well, it always was, of course, but now it seems we have the first fatalities related directly to a control system cyber failure. See the story from Wired here. Note that our own Joe Weiss is one of the key sources for the story. Nice to see a home boy making the big time.

Wurldtech launches cyber database

Over on Unfettered, I posted a note from Bryan Singer of Wurldtech, announcing a new cybersecurity database project called Delphi. Here's what Bryan said:  Wurldtech is launching an applied research project which I think would appeal to folks like yourself. ...

Who's in charge of nuclear power? Maybe nobody...

Over on Unfettered, Joe Weiss just stunned me with a post about the Turkey Point incident in Florida this week. In his post, Joe tells us that while the NRC is in charge of nuclear plants, and FERC and NERC are in charge of the grid, NOBODY is ...

Wurldtech expands product offerings

From the press release: Industrial Cyber-Security Leader Introduces New Achilles™ Health Check Program for Operators of Global Critical Infrastructure Wurldtech™ Expands Security Service Portfolio; Offering Industrial Organizations a Simple, Cost-Effective Solution to Protect the Integrity and Availability of SCADA and Process Control Systems Worldwide VANCOUVER, BC – February 27, 2008...

So you think Bob Adamski's nightmare is wrong? Read on!

Bob Adamski, Invensys' SIS guru, has been talking about the hacking of process safety systems for several years now. I think he's right, but we appear to be in a minority. Bob gave me his nightmare about how this could be done several years ago, and I've had it for a...

CIA says cyber attacks are it FUD or not?

Several people, including a thread on the A-List at have taken notice of the CIA disclosure at SANS last week and have been asking about the veracity of the report. I posted the following, earlier today, on the A-List.

Joe Weiss on the FERC "approval" of the NERC CIPs

Over on "Unfettered" Joe Weiss reports that FERC has played Solomon with the NERC CIPs and the recommendations from people like the SP99 committee. Solomon, you will recall, determined who the mother of a baby was by threatening to cut it in half.