[SCADASEC] Protect All Industrial Controllers, Stat!

Adriel Desautels adriel at netragard.com
Thu Aug 28 11:54:13 CDT 2008 

Your email did not selfdistruct, I am highly disappointed! ;]

Regards,
	Adriel T. Desautels
	Chief Technology Officer
	Netragard, LLC.
	Office : 617-934-0269
	Mobile : 617-633-3821
	http://www.linkedin.com/pub/1/118/a45

	Join the Netragard, LLC. Linked In Group:
	http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Bob Radvanovsky wrote:
> Actually, the discussion came from a blogging web site.  The checklist was identified there.
> 
> BTW, the document has been taken offline.  You now receive a "404 error message".
> 
> This email message will self-destruct in 5 se.........
> 
> ----- Original Message -----
> From: "Toecker, Michael" [mailto:mtoecker at burnsmcd.com]
> To: scadasec at news.infracritical.com
> Subject: Re: [SCADASEC] Protect All Industrial Controllers, Stat!
> 
> 
>> Myrc,
>>
>> Thanks.  I understand that the search works for both.  
>>
>> My question was 'why' those search terms ("Boreas Vulnerability
>> Checklist ") would be used.  Those terms are part of the advisory, which
>> a person who didn't have access to the advisory wouldn't use.  They
>> appear nowhere in Kevin's email.  If an uninformed person hadn't had
>> access to the original advisory, that person would have used the words
>> in Kevin's email ("Boreas Firmware Vulnerability ").  
>>
>> While both return the same results, it tells me that Myrc has access to
>> the ISACs (at least one of them), and access to the advisories that come
>> from those ISACs.  Otherwise, he would have been ignorant of the
>> advisories, and used the listserv (and "Boreas Firmware Vulnerability")
>> to find the information.
>>
>> It's a small tidbit, but important, since the ISACs (and ISAC members)
>> are pretty particular about whom they send advisories to.  
>>
>> Sincerely,
>>  
>> Michael Toecker
>> Control Systems Security Designer
>> Compliance & Infrastructure Protection
>> Burns & McDonnell Engineering
>> 425 South Woods Mill Road
>> Suite 300
>> Chesterfield, MO 63017
>>  
>> Office: 314-682-1545
>> Cell: 615-948-6954
>> www.burnsmcd.com 
>>
>>
>> -----Original Message-----
>> From: scadasec-bounces at news.infracritical.com
>> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Myrcurial
>> Sent: Thursday, August 28, 2008 9:09 AM
>> To: scadasec at news.infracritical.com
>> Subject: Re: [SCADASEC] Protect All Industrial Controllers, Stat!
>>
>> I had assumed that like all security professionals, members of this
>> list spent sufficient time in the seedier alleys of the internet so as
>> to be aware of as much as possible.
>>
>> Just because the bad guys and the hackers are focussed on the wrong
>> attack methodology doesn't mean that they can't do bad things or that
>> they fail to have interesting or useful information.
>>
>> Oh - and your search terms are as effective as mine, in fact, I was
>> just being sufficiently precise so as to ensure a perfect search
>> return. (Try it - you'd be surprised)
>>
>> ~M
>>
>> On Thu, Aug 28, 2008 at 10:04 AM, Toecker, Michael
>> <mtoecker at burnsmcd.com> wrote:
>>> Now why would you search for "Boreas Vulnerability Checklist"?  That
>>> wasn't in any of these emails....  "Boreas Firmware Vulnerability"
>> would
>>> have been my search term if all I had seen was Kevin's email.
>>>
>>> Mayhaps you have already seen the advisory?
>>>
>>> Sincerely,
>>>
>>> Michael Toecker
>>> Control Systems Security Designer
>>> Compliance & Infrastructure Protection
>>> Burns & McDonnell Engineering
>>> 425 South Woods Mill Road
>>> Suite 300
>>> Chesterfield, MO 63017
>>>
>>> Office: 314-682-1545
>>> Cell: 615-948-6954
>>> www.burnsmcd.com
>>>
>>>
>>> -----Original Message-----
>>> From: scadasec-bounces at news.infracritical.com
>>> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of
>> Myrcurial
>>> Sent: Thursday, August 28, 2008 8:56 AM
>>> To: scadasec at news.infracritical.com
>>> Subject: Re: [SCADASEC] Protect All Industrial Controllers, Stat!
>>>
>>> It's as public as it can be... Google's got it.
>>>
>>> http://www.google.com/search?q=boreas%20vulnerability%20checklist
>>>
>>> It appears that DHS leaks through the water isac. (wow, that was bad
>>> even for me...)
>>>
>>> The trick appears to be "do what?"
>>>
>>> ~M
>>>
>>> On Thu, Aug 28, 2008 at 9:47 AM, Toecker, Michael
>>> <mtoecker at burnsmcd.com> wrote:
>>>> Kevin,
>>>>
>>>> I've received this advisory as well.  To answer your questions:
>>>>
>>>> 1.  Yes, both advisories appear to be talking about the same
>>>> vulnerability.
>>>> 2.  No, no discussion has taken place to my knowledge about this
>>>> vulnerability on this listserve.  The advisories were released as DHS
>>>> "FOUO", which means that the information contained within the
>>> disclosure
>>>> cannot be released to the public, media, or other personnel without
>>>> valid need-to-know or DHS approval.
>>>>
>>>> Sincerely,
>>>>
>>>> Michael Toecker
>>>> Control Systems Security Designer
>>>> Compliance & Infrastructure Protection
>>>> Burns & McDonnell Engineering
>>>> 425 South Woods Mill Road
>>>> Suite 300
>>>> Chesterfield, MO 63017
>>>>
>>>> Office: 314-682-1545
>>>> Cell: 615-948-6954
>>>> www.burnsmcd.com
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: scadasec-bounces at news.infracritical.com
>>>> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Kevin
>>>> McGrath
>>>> Sent: Thursday, August 28, 2008 8:17 AM
>>>> To: scadasec at news.infracritical.com
>>>> Subject: [SCADASEC] Protect All Industrial Controllers, Stat!
>>>>
>>>> Howdy,
>>>>
>>>>> INDUSTRIAL CONTROLLER SYSTEM VULNERABILITY
>>>> We received a 8/11/08 "Cyber Security Communique" from the AGA on
>> 8/15
>>>> and today I get forwarded a NERC advisory with the below heading
>> dated
>>>> 8/27/08:
>>>>
>>>>> INDUSTRY ADVISORY: ES-ISAC: "Boreas" Firmware Vulnerability
>>>> 1) Are they talking about the same thing?
>>>>
>>>> 2) Has this been discussed here or elsewhere already & I may have
>>> missed
>>>> it?
>>>>
>>>> INL testing results seem to have generated at least the NERC alert.
>>>>
>>>> IMHO, both alerts seemed to be of a very general nature as in "check
>>> all
>>>> your controllers ASAP and do something".
>>>>
>>>> Thanks,
>>>> Kevin
>>>>
>>>>
>>>>
>>>>
>> ************************************************************************
>>>> ********
>>>> This e-mail and any files transmitted with it, are confidential to
>>>> National Grid and are intended solely for the use of the individual
>> or
>>>> entity to whom they are addressed.  If you have received this e-mail
>>> in
>>>> error, please reply to this message and let the sender know.
>>>>
>>>> _______________________________________________
>>>> To unsubscribe from this mailing list, please visit:
>>>> http://news.infracritical.com/mailman/listinfo/scadasec
>>>>
>>>> To review our usage policy, please visit:
>>>> http://www.infracritical.com/usage-scadasec.html
>>>> _______________________________________________
>>>> To unsubscribe from this mailing list, please visit:
>>>> http://news.infracritical.com/mailman/listinfo/scadasec
>>>>
>>>> To review our usage policy, please visit:
>>>> http://www.infracritical.com/usage-scadasec.html
>>>>
>>> _______________________________________________
>>> To unsubscribe from this mailing list, please visit:
>>> http://news.infracritical.com/mailman/listinfo/scadasec
>>>
>>> To review our usage policy, please visit:
>>> http://www.infracritical.com/usage-scadasec.html
>>> _______________________________________________
>>> To unsubscribe from this mailing list, please visit:
>>> http://news.infracritical.com/mailman/listinfo/scadasec
>>>
>>> To review our usage policy, please visit:
>>> http://www.infracritical.com/usage-scadasec.html
>>>
>> _______________________________________________
>> To unsubscribe from this mailing list, please visit:
>> http://news.infracritical.com/mailman/listinfo/scadasec
>>
>> To review our usage policy, please visit:
>> http://www.infracritical.com/usage-scadasec.html
>> _______________________________________________
>> To unsubscribe from this mailing list, please visit:
>> http://news.infracritical.com/mailman/listinfo/scadasec
>>
>> To review our usage policy, please visit:
>> http://www.infracritical.com/usage-scadasec.html
>>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
> 
> To review our usage policy, please visit:
> http://www.infracritical.com/usage-scadasec.html

More information about the scadasec mailing list