Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Vulns Exploited By Stuxnet Worm Remain Unpatched

Posted by timothy on from the leaping-into-the-mortar-crater dept.

chicksdaddy writes with this excerpt from ThreatPost: "The media storm over the Stuxnet worm may have passed, but many of the software holes that were used by the worm remain unpatched and leave Siemens customers open to a wide range of potentially damaging cyber attacks, according to industrial control system expert Ralph Langner. Writing on his personal blog, Langner said that critical vulnerabilities remain in Windows-based management applications and software used to directly manage industrial controllers by Siemens Inc., whose products were targeted by the Stuxnet worm, Threatpost reports."

10 of 44 comments (clear)

  1. Vulns? by Enderandrew · · Score: 4, Interesting

    When did vulns become a word?

    And is it really a new story that many companies don't patch immediately for every vulnerability out there?

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    1. Re:Vulns? by ArhcAngel · · Score: 2, Insightful

      First 23,000 filesharing Does and now Vulns...WTF? Did /. hire someone from gizmodo or engadget?

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    2. Re:Vulns? by Lunix+Nutcase · · Score: 2

      The first one is correct. It is 'Does' as in plural "John Doe".

    3. Re:Vulns? by chemicaldave · · Score: 2

      When did vulns become a word?

      Apparently, some years ago. Here's a vulnerability information site created in 2006.

      And is it really a new story that many companies don't patch immediately for every vulnerability out there?

      It is when we're talking about a high-profile vulnerability.

    4. Re:Vulns? by bberens · · Score: 2

      The plural of doe is doe. The plural of Doe is Does. Capitalization matters.

      --
      Check out my lame java blog at www.javachopshop.com
  2. Let's be hype and use stupid abbreviations. by pep939 · · Score: 2

    Vulns sounds much cooler than Vulnerabilities anyway. Lulz.

  3. Not quite. Uranium enrichment plants. by mmell · · Score: 2

    A place which makes fuel for a nuclear power plant - in this instance, a nuclear power plant designed to release terawatts of power over the course of a few milliseconds.

  4. If you're firewalled the vuln is not a worry. by grink · · Score: 3, Informative

    In the electric utility industry if you are considered bulk power and have critical assets your firewalls must be configured with DENY (http://www.nerc.com/files/CIP-005-3.pdf) as the default rule and only allow defined connections. All the big players in the US and Canada have their control networked segmented off and they don't have access to the Internet.

    1. Re:If you're firewalled the vuln is not a worry. by grassy_knoll · · Score: 2

      Firewall won't help you against a infected laptop connecting directly to a PLC.

      See this article or, even better, Ralph Langner's TED talk.

      --
      A Human Right
  5. Blackhat by Anonymous Coward · · Score: 2, Interesting

    The blackhat presentation that supposedly will happen, though i believe the presentation will be killed at the last minute if not sooner, will shed light on a system that NO ONE at the top wants people to know about.

    These systems are EVERYWHERE. They are ALL broken.

    This isn't "chicken little", the DHS has already put an end to full disclosure of SCADA vulnerabilities and that only happens when they're REALLY scared.

    People deserve to know the truth about these systems. If they are attacked it's the direct responsibility of the people who implemented the systems which will turn out to be lowest bidder contracted help with little to no dedication to security.

    WE DESERVE EVERYTHING WE GET!