DOS, Backdoor, and Easter Egg Found In Siemens S7
chicksdaddy writes with a post in Threat Post. From the article: "Dillon Beresford used a presentation at the Black Hat Briefings on Wednesday to detail more software vulnerabilities affecting industrial controllers from Siemens, including a serious remotely exploitable denial of service vulnerability, more hard-coded administrative passwords, and even an easter egg program buried in the code that runs industrial machinery around the globe. In an interview Tuesday evening, Beresford said he has reported 18 separate issues to Siemens and to officials at ICS CERT, the Computer Emergency Response Team for the Industrial Control Sector. Siemens said it is readying a patch for some of the holes, including one that would allow a remote attacker to gain administrative control over machinery controlled by certain models of its Step 7 industrial control software."
Adding more code to critical systems is NOT COOL. More bugs, more exploit. SCADA systems need to be developed by people who understand and enforce proper engineering and professionalism. This teenage hacker shot does NOT belong there.
IF the software industry would start enforcing engineering principles, most of these messes would even exist.
The Kruger Dunning explains most post on