Re: Risk/Threat Assessments for Utility specific software/hardware

From: Kurt Seifried (bt@seifried.org)
Date: 01/22/03

Next message: marjan.rajabi@farmersinsurance.com: "Re: Risk/Threat Assessments for Utility specific software/hardware"

Previous message: Davi Ottenheimer: "RE: Risk/Threat Assessments for Utility specific software/hardwar e"
In reply to: David Barnett: "Risk/Threat Assessments for Utility specific software/hardware"
Next in thread: marjan.rajabi@farmersinsurance.com: "Re: Risk/Threat Assessments for Utility specific software/hardware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Kurt Seifried" <bt@seifried.org>
To: "David Barnett" <dbarn064@earthlink.net>, <pen-test@securityfocus.com>
Date: Wed, 22 Jan 2003 01:43:51 -0800

Go find a company that writes process control software (preferably the one
they plan to use) and talk to them. Ditto goes for SCADA systems, many of
which have tcp-ip capabilities, with many now having capabilities such as
emailing reports, directly from RTU's!. Generally speaking the security on
this stuff is bad, the primary method being to seperate it heavily, which
may or may not work (dialup, VPN's, etc.).

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: marjan.rajabi@farmersinsurance.com: "Re: Risk/Threat Assessments for Utility specific software/hardware"
Previous message: Davi Ottenheimer: "RE: Risk/Threat Assessments for Utility specific software/hardwar e"
In reply to: David Barnett: "Risk/Threat Assessments for Utility specific software/hardware"
Next in thread: marjan.rajabi@farmersinsurance.com: "Re: Risk/Threat Assessments for Utility specific software/hardware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: SQL
... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
RE: Insurance
... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
RE: Pen-Testing Lotus Notes/Domino
... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
R: Pen-Testing help (Compaq Insight & htsearch)
... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Application & Iplanet/Apache web server vulnerability and penetration testing
... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)