Niagra Framework Leaves Government, Private Infrastructure Open To Hacks

benfrog writes "Tridium's Niagra framework is a 'marvel of connectivity,' allowing everything from power plants to gas pumps to be monitored online. Many installations are frighteningly insecure, though, according to an investigation by the Washington Post, leaving both public and private infrastructure potentially open to simple hacks (as simple as a directory traversal attack)."

I'm certified in this

[schitso]

As someone certified and experienced in the Niagara framework, I can this with some authority:
Most of the contractors who install this know absolutely nothing about security. NOTHING. Like, leaving the platform password (OS-level access) at its default. If anyone has the link to the actual exploit used, I'd be interested to read it, but it almost certainly comes down to bad security practice.