Aegis ICS Fuzzing Framework

https://twitter.com/bloerwald/status/448415935926255618 As you may or may not know, Adam Crain @jadamcrain and I have been working on an ICS/SCADA procotol fuzzing framework -Aegis- for a year now.  It is a generational type fuzzer that tests both the server/slave and client/master side of industrial protocols.  Adam originally wrote Aegis to test his openDNP3 protocol stack.  It turned out to be very effective in finding ...

Continue reading

“Cyber”: Critical to security nutrition

A few weeks ago, I sat down next to a friend who happened to be in the middle of a conversation between a lawyer, a hacker, and philosopher and I was just in time for the “I hate the word ‘cyber’. FamousHacker#2138123 and I are trying to get people to stop using it.” Sigh.  At this stage the anti-“cyber” routine is really starting to sound a little bit high ...

Continue reading

Nuggets from S4x14

Digital Bond's S4x14 is the first ICS/SCADA security conference of the year which means it gets the juices flowing again after the holidays.  This year was a little different than previous years as Dale Peterson chose the speakers based upon "New People, New Techniques, and New Process Impact."  Bringing new people and new ideas to tackle the problem of "insecure by design" ICS components.  There were about 50 more ...

Continue reading

Thank you from the Arlen family

Dear friends and strangers who have yet to become friends, When we arrived at R00tz Asylum, the kids’ electronic badges which we had volunteered to design and assemble were not complete. We needed to produce about 50 more badges. We knew we had some to make but we did not anticipate so many to be damaged or broken beyond repair in transit. With help, we pulled together people to pick ...

Continue reading

No security without maturity

Security vulnerabilities are the symptom, lack of IT maturity is the disease; information security is not the cure to security vulnerabilities, IT maturity is. It’s not unusual to see a company with hundreds if not thousands of known security defects, commonly called vulnerabilities, presents in their network, on servers and in applications. The tools to detect these defects are easy to purchase and run, the tools to deploy patches ...

Continue reading

Condoms and castles

We are spending billions on protecting the enterprise from hackers and malware, but we're letting the rest of the world burn around us. Most of what matters on the Internet isn't giant corporations or social networks, it's the average user, the person that doesn't know between a trojan and a sniffer. Whether you call them average joes, consumers, citizens or the unwashed masses, these are people that cannot defend themselves. ...

Continue reading

Vote For YOUR ISC2 Board of Directors

The election for the ISC2 Board of Directors is underway! The election runs from Nov 16 until Nov 30th. I need your votes! For those of you who have already voted, thank you so very much! When you're voting I should point out that there are THREE write in spots on that ballot as well. Oddly enough, there are three other "Horsemen" who didn't make it onto the ballot originally. Coincidence? ...

Continue reading

Skype Password Reset, Queue Zombie Apolocalypse

This morning I awoke to find the news feeds churning on a Skype password reset story. On first glance this seems like a troublesome one. If headlines were to be believed all you would need is the intended targets email address associated with their Skype account and they could reset your password. Um, yeah, see that's bad. M'kay. What would be REALLY bad is that if some political figure had ...

Continue reading

The Strange Tale of a Virus Called SQL Injection. Wait What?

Today was odd. I woke to a wonderfully unseasonably warm day that eventually spiraled into a dreary rainy one. Much in the same vein as the oddity that developed online today. This morning while perusing my Twitter feed and reading email I received an email from a reader. The email made my brain cramp almost instantly. I give you a passage from the strange tale of a virus called SQL ...

Continue reading

ISC2 BoD Election Opens Nov 16, 2012

Here we are four days from the beginning of voting for the ISC2 Board of Directors and, well, I'm in the running and I want YOUR VOTE! From The Register: "Wim Remes made it to the board last year from a write-on candidacy, let’s see if we can get more - at least on the ballot." Well, you folks got me on the ISC2 ballot and I really thank ...

Continue reading