[SCADASEC] Protect All Industrial Controllers, Stat!
Myrcurial
myrcurial at 100percentgeek.net
Thu Aug 28 08:56:05 CDT 2008
It's as public as it can be... Google's got it.
http://www.google.com/search?q=boreas%20vulnerability%20checklist
It appears that DHS leaks through the water isac. (wow, that was bad
even for me...)
The trick appears to be "do what?"
~M
On Thu, Aug 28, 2008 at 9:47 AM, Toecker, Michael <mtoecker at burnsmcd.com> wrote:
> Kevin,
>
> I've received this advisory as well. To answer your questions:
>
> 1. Yes, both advisories appear to be talking about the same
> vulnerability.
> 2. No, no discussion has taken place to my knowledge about this
> vulnerability on this listserve. The advisories were released as DHS
> "FOUO", which means that the information contained within the disclosure
> cannot be released to the public, media, or other personnel without
> valid need-to-know or DHS approval.
>
> Sincerely,
>
> Michael Toecker
> Control Systems Security Designer
> Compliance & Infrastructure Protection
> Burns & McDonnell Engineering
> 425 South Woods Mill Road
> Suite 300
> Chesterfield, MO 63017
>
> Office: 314-682-1545
> Cell: 615-948-6954
> www.burnsmcd.com
>
>
> -----Original Message-----
> From: scadasec-bounces at news.infracritical.com
> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Kevin
> McGrath
> Sent: Thursday, August 28, 2008 8:17 AM
> To: scadasec at news.infracritical.com
> Subject: [SCADASEC] Protect All Industrial Controllers, Stat!
>
> Howdy,
>
>> INDUSTRIAL CONTROLLER SYSTEM VULNERABILITY
>
> We received a 8/11/08 "Cyber Security Communique" from the AGA on 8/15
> and today I get forwarded a NERC advisory with the below heading dated
> 8/27/08:
>
>> INDUSTRY ADVISORY: ES-ISAC: "Boreas" Firmware Vulnerability
>
> 1) Are they talking about the same thing?
>
> 2) Has this been discussed here or elsewhere already & I may have missed
> it?
>
> INL testing results seem to have generated at least the NERC alert.
>
> IMHO, both alerts seemed to be of a very general nature as in "check all
>
> your controllers ASAP and do something".
>
> Thanks,
> Kevin
>
>
>
> ************************************************************************
> ********
> This e-mail and any files transmitted with it, are confidential to
> National Grid and are intended solely for the use of the individual or
> entity to whom they are addressed. If you have received this e-mail in
> error, please reply to this message and let the sender know.
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our usage policy, please visit:
> http://www.infracritical.com/usage-scadasec.html
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our usage policy, please visit:
> http://www.infracritical.com/usage-scadasec.html
>
More information about the scadasec
mailing list