TFA has lots of security related buzzwords, but for me the meat in TFA is buried down in
Custom exploits are not hard to create for PLCs due to the ease of programming them by simplistic programming languages like Ladder Logic. For example, everyone on this research team was able to put together a PLC exploit in only a few hours. While we created the exploits for research purposes, there are many exploits that are publicly available and can be found online such as on Exploit-DB.com.
There are multiple attack vectors that could lead to a compromise of the PLCs. If the machine controlling, monitoring, or programming is misused by personnel and connected to the internet, then the usual client side attack vectors are in scope. When it is connected to the Internet, it is also subject to conventional attacks such as, man-in- the-middle, network based attacks exploits, and forced updates – perhaps some with improper SSL certificates as was the case with Stuxnet
So there are lots of scary buzzwords all over the place, but when it comes to saying what they actually achieved in their "research" they are extremely light on details. Sure don't tell the world what techniques you actually employed, but do tell us that you remotely snuck into a network and managed to flip some I/O signals etc. If anything the biggest joke in the paper is
By accessing the loaded libraries of the software that control, monitor, or program the PLCs, we believe we have found an attack vector that is not vendor-specific.
Thats like saying that hacking into the ECU of a car is a vulnerability that is present across all car manufactures. Yep it sure is, but then you need to step back and admit that every car manufacturer has a bespoke implementation of their control units and the real world is not like Independence Day.
I have been using PLCs for longer that some/.'s have been alive and one thing I can say is that the only thing each manufacture's PLC has in common with each other is that they run off electrical power. And given the way PLC code is typically written, every prison control system is going to be a custom job, so there is not going to be any implementation consistency across the board. Stuxnet only worked through a sophisticated and well researched plan to directly target Iran's nuclear program. Regardless of who you blame as the originator, you have to admit that it was not the job of a script kiddy, but someone with immense resources behind them. If you think that someone is going to direct an equal amount of resources towards unlocking a prison, then you have more issues to consider than a bunch of dope dealers running around free.
Finally the biggest laugh for me in TFA was
The communications port is typically 9-pin RS-232 or EIA-485;
That shows that the authors have no idea about how a modern PLC system is put together. Serial comms may be the rage for shoebox PLCs (and given that they spent only $2500 on hardware/software, they were NOT dealing with a big name PLC manufacturer, or anything larger than a "toy" PLC), but on a modern mid sized PC system we have upgraded to Ethernet, Proifbus and even fibre for comms. A colleague recently had a "small" PLC system on his desk - two PLC racks in a redundant setup and just the CPU and system cards, with no I/O racks. The list price of this hardware was $100,000 and it was nothing special. (Claims of Apple being over priced are nothing compared to PLC manufacturers).
Did I just write a hollywood movie? Or a series of movies????
Depends.. Isn't that the plot of Batman Begins?
You know, it probably was.. but I didn't have that movie in mind when I wrote my comments as I had totally forgotten about it - not to mention that I never saw it either
This is you do it. You just break into the warden's office, find his PC, go to a command line and enter:
UNLOCK ALL INMATE DOORS
DEACTIVATE SECURITY SYSTEM
Then you smash the screen with a hammer so that no one can override the commands. It's simple.
What?.
Totally wrong. Wrong I tell you. You have to Deactivate the alarm system first, then open the doors. That way you you don't announce to the rest of the world that you have engineered the breakout. Just make sure not to overlook the hidden alarm that the was secretly put in by the super crime fighter to let him know when his nemesis has escaped.
Unless of course you engineered the breakout to cover for the fact that you are committing a crime in another part of the city. In which case you only open some of the outside doors in order to prolong the escape and provide the longest coverage for you plans - which might include luring your nemesis to the escape location in order to punish/frame him.
Did I just write a hollywood movie? Or a series of movies????
I come to/. to read stories. This is the first one in a long while where I can genuinely say "Wow.. I'm impressed", both with the topic itself, and TFA that was clear, concise and not someones link spam blog.
Besides, the 'nice' thing about SSNs is... If you know where the person was born, and what year (not hard to find), you can predict 6 out of the 10 digits with a high degree of accuracy, thus aiding substantially in the cryptanalysis.
That's assuming that South Korean SSNs are issued using similar procedures as US SSNs.
No one in the wider world knows about advanced Australian research, because they keeps asking to see our napkin archives, whereupon they should be asking to see our serviette archives. And boy do they think things are really screwed up in Oz when they do see napkins.
OK.. so I can trust g.co links, 'cause Google tells me that they are un-hackable (and I trust Google implicitly - more so than FB;-) ) But what happens when those glyphs are rendered in different charsets (or what ever the correct terminology is) that look like g.co, but aren't what Google says are g.co? This just seems like a spoofing attack just waiting to happen.
What's the point of naming it Telex? Are they trying to make it hard for end-users to find information about it or do they want the end-users searches to look anonymous with a known term?
I think that this answers your question (from TFS)
a scheme that hides the fact that the users is even trying to communicate at all.
Look at your biggest expenditure and start shaving it off bit by bit. That gives you the best return for the least amount of pain - And in the US that would be 1% off the militaries budget equating to many more % off someone else's budget. However the US is very conflicted about its military and how it uses it, and how much is actually needed ("we aren't the worlds police, but we can't not play that role"). But the population in general seems to equate military spending with greatness ("we can't let those god damned commies/terrists/gays/foreigners sneak up on us, like they did last time") so I can't see then ever agreeing to cut military spending.
I disagree. I definitely remember seeing an animated line drawn porn movie being rendered on an EGA display in either '87 or '88. Granted this was the late '80s, but it was still the '80s. The scary thing is how well I can remember the images, including the blue colour palette.
From the guy who thought Sarah Palin would make a good vice president.
I remember hearing that Sarah was forced onto him and he was not happy with that choice at all. I listened to McCains campaign, and while I disagreed with his viewpoint I did respect his intelligence and how he went about doing things.
If you've ever watch the crab captains on Deadliest Catch, you would know that there never existed in the universe a more greedy, money-obsessed group of cold sonofabitches than those guys
You do know that its just a TV show don't you? That is edited by other people in order to create drama that is intended to get people to watch the adverts so that the advertisers can make money? You do know that don't you?
In general TV is not about truth, it is about being a vehicle that places Ads in front of eyeballs. You just have to follow the money and see who pays who.
If the Terrafugia gets off the ground, what happens when you get in a minor fender-bender on the road? Will the FAA have to send an inspector to validate the airworthiness of the plane? Or will you get pilots saying - "yeah it looks OK to fly".
I had a bit of an epiphany today about date formats. Any other day of the year and this would be known as July 4th, 2011 (ie Sept 11th), and any attempt by other people to say "why are you using such a dumb arsed date format?" would be met by jeers of "It's our date format and we'll do what we like with it". However, today, on what is probably the most venerable US national holiday its known as "4th of July".. just like it would be known in pretty well every other country in the world. I can't say that I know the history of why this is, but I do find it curious.
Roundabouts are easy to deal with. When you start getting fancy hook turns, turning right from the left lane, that's when traffic has truly evolved into something else.
Gotta love hook turns. I remember doing my Learners and having to memorize all of the hook turn intersections in Melbourne. They certainly are crazy arsed, but make complete sense when its that or block the tram behind you. Still, every time I have made one I always get a small unshakeble feeling that some idiot is going to run a red light and t-bone me.
I don't see why it would be any longer than a four-way stop.
If you are at an intersection of a road that has traffic going primarily along one road, and you are on the other - then yes you can wait a fair bit of time at a roundabout for a break in the traffic in order to proceed. Roundabouts, work best when traffic approaches the intersection from all directions at a similar rate.
Has anyone seen any details on the actual connection between the phones and the devices or is it "just magic"? I perused a few other articles and all I got was "low cost radio link that is not a current standard, but we aren't telling you what"
Custom exploits are not hard to create for PLCs due to the ease of programming them by simplistic programming languages like Ladder Logic. For example, everyone on this research team was able to put together a PLC exploit in only a few hours. While we created the exploits for research purposes, there are many exploits that are publicly available and can be found online such as on Exploit-DB.com.
There are multiple attack vectors that could lead to a compromise of the PLCs. If the machine controlling, monitoring, or programming is misused by personnel and connected to the internet, then the usual client side attack vectors are in scope. When it is connected to the Internet, it is also subject to conventional attacks such as, man-in- the-middle, network based attacks exploits, and forced updates – perhaps some with improper SSL certificates as was the case with Stuxnet
So there are lots of scary buzzwords all over the place, but when it comes to saying what they actually achieved in their "research" they are extremely light on details. Sure don't tell the world what techniques you actually employed, but do tell us that you remotely snuck into a network and managed to flip some I/O signals etc. If anything the biggest joke in the paper is
By accessing the loaded libraries of the software that control, monitor, or program the PLCs, we believe we have found an attack vector that is not vendor-specific.
Thats like saying that hacking into the ECU of a car is a vulnerability that is present across all car manufactures. Yep it sure is, but then you need to step back and admit that every car manufacturer has a bespoke implementation of their control units and the real world is not like Independence Day.
/.'s have been alive and one thing I can say is that the only thing each manufacture's PLC has in common with each other is that they run off electrical power. And given the way PLC code is typically written, every prison control system is going to be a custom job, so there is not going to be any implementation consistency across the board. Stuxnet only worked through a sophisticated and well researched plan to directly target Iran's nuclear program. Regardless of who you blame as the originator, you have to admit that it was not the job of a script kiddy, but someone with immense resources behind them. If you think that someone is going to direct an equal amount of resources towards unlocking a prison, then you have more issues to consider than a bunch of dope dealers running around free.
I have been using PLCs for longer that some
Finally the biggest laugh for me in TFA was
The communications port is typically 9-pin RS-232 or EIA-485;
That shows that the authors have no idea about how a modern PLC system is put together. Serial comms may be the rage for shoebox PLCs (and given that they spent only $2500 on hardware/software, they were NOT dealing with a big name PLC manufacturer, or anything larger than a "toy" PLC), but on a modern mid sized PC system we have upgraded to Ethernet, Proifbus and even fibre for comms. A colleague recently had a "small" PLC system on his desk - two PLC racks in a redundant setup and just the CPU and system cards, with no I/O racks. The list price of this hardware was $100,000 and it was nothing special. (Claims of Apple being over priced are nothing compared to PLC manufacturers).
Did I just write a hollywood movie? Or a series of movies????
Depends.. Isn't that the plot of Batman Begins?
You know, it probably was .. but I didn't have that movie in mind when I wrote my comments as I had totally forgotten about it - not to mention that I never saw it either
This is you do it. You just break into the warden's office, find his PC, go to a command line and enter: UNLOCK ALL INMATE DOORS DEACTIVATE SECURITY SYSTEM Then you smash the screen with a hammer so that no one can override the commands. It's simple. What? .
Totally wrong. Wrong I tell you. You have to Deactivate the alarm system first, then open the doors. That way you you don't announce to the rest of the world that you have engineered the breakout. Just make sure not to overlook the hidden alarm that the was secretly put in by the super crime fighter to let him know when his nemesis has escaped.
Unless of course you engineered the breakout to cover for the fact that you are committing a crime in another part of the city. In which case you only open some of the outside doors in order to prolong the escape and provide the longest coverage for you plans - which might include luring your nemesis to the escape location in order to punish/frame him.
Did I just write a hollywood movie? Or a series of movies????
I come to /. to read stories. This is the first one in a long while where I can genuinely say "Wow .. I'm impressed", both with the topic itself, and TFA that was clear, concise and not someones link spam blog.
That's assuming that South Korean SSNs are issued using similar procedures as US SSNs.
Assuming that SK actually even has SSNs
And those limits can be overwhelmed by a large response.
Or is the real news story that Americans are expressing something about their political parties for once?
So somebody discovered cogeneration (again). Isn't this the second story of this type on /. in the last week?
useless, uninformative and not even funny.
And tacky.
Feel free to add your own adjectives
I'm in Montreal, go ETS! Yay!
--
LOAD"FEMA RESPONSE PLAN",8,1
SEARCHING FOR FEMA RESPONSE PLAN
?FILE NOT FOUND
ERROR
Shouldn't that be?
Je suis à Montréal, allez ETS! Yay!
-
LOAD "PLAN D'INTERVENTION FEMA", 8,1
RECHERCHE DE PLAN D'INTERVENTION FEMA
? FICHIER INTROUVABLE
ERREUR
1000m high and 2 miles long - now everybody can complain about the units of measurement!
23 year old mechanical engineer here, where do I sign out of Social Security?
Start here: http://www.immigrationindia.nic.in/
as a protectorate of India!
No one in the wider world knows about advanced Australian research, because they keeps asking to see our napkin archives, whereupon they should be asking to see our serviette archives. And boy do they think things are really screwed up in Oz when they do see napkins.
OK .. so I can trust g.co links, 'cause Google tells me that they are un-hackable (and I trust Google implicitly - more so than FB ;-) ) But what happens when those glyphs are rendered in different charsets (or what ever the correct terminology is) that look like g.co, but aren't what Google says are g.co? This just seems like a spoofing attack just waiting to happen.
What's the point of naming it Telex? Are they trying to make it hard for end-users to find information about it or do they want the end-users searches to look anonymous with a known term?
I think that this answers your question (from TFS)
a scheme that hides the fact that the users is even trying to communicate at all.
Look at your biggest expenditure and start shaving it off bit by bit. That gives you the best return for the least amount of pain - And in the US that would be 1% off the militaries budget equating to many more % off someone else's budget. However the US is very conflicted about its military and how it uses it, and how much is actually needed ("we aren't the worlds police, but we can't not play that role"). But the population in general seems to equate military spending with greatness ("we can't let those god damned commies/terrists/gays/foreigners sneak up on us, like they did last time") so I can't see then ever agreeing to cut military spending.
.... was the loading of a still image.
I disagree. I definitely remember seeing an animated line drawn porn movie being rendered on an EGA display in either '87 or '88. Granted this was the late '80s, but it was still the '80s. The scary thing is how well I can remember the images, including the blue colour palette.
From the guy who thought Sarah Palin would make a good vice president.
I remember hearing that Sarah was forced onto him and he was not happy with that choice at all. I listened to McCains campaign, and while I disagreed with his viewpoint I did respect his intelligence and how he went about doing things.
If you've ever watch the crab captains on Deadliest Catch, you would know that there never existed in the universe a more greedy, money-obsessed group of cold sonofabitches than those guys
You do know that its just a TV show don't you? That is edited by other people in order to create drama that is intended to get people to watch the adverts so that the advertisers can make money? You do know that don't you?
In general TV is not about truth, it is about being a vehicle that places Ads in front of eyeballs. You just have to follow the money and see who pays who.
I'd more go with http://www.davidlouisedelman.com/book-reviews/the-evolution-man/
If the Terrafugia gets off the ground, what happens when you get in a minor fender-bender on the road? Will the FAA have to send an inspector to validate the airworthiness of the plane? Or will you get pilots saying - "yeah it looks OK to fly".
I had a bit of an epiphany today about date formats. Any other day of the year and this would be known as July 4th, 2011 (ie Sept 11th), and any attempt by other people to say "why are you using such a dumb arsed date format?" would be met by jeers of "It's our date format and we'll do what we like with it". However, today, on what is probably the most venerable US national holiday its known as "4th of July" .. just like it would be known in pretty well every other country in the world. I can't say that I know the history of why this is, but I do find it curious.
Roundabouts are easy to deal with. When you start getting fancy hook turns, turning right from the left lane, that's when traffic has truly evolved into something else.
Gotta love hook turns. I remember doing my Learners and having to memorize all of the hook turn intersections in Melbourne. They certainly are crazy arsed, but make complete sense when its that or block the tram behind you. Still, every time I have made one I always get a small unshakeble feeling that some idiot is going to run a red light and t-bone me.
I don't see why it would be any longer than a four-way stop.
If you are at an intersection of a road that has traffic going primarily along one road, and you are on the other - then yes you can wait a fair bit of time at a roundabout for a break in the traffic in order to proceed. Roundabouts, work best when traffic approaches the intersection from all directions at a similar rate.
Has anyone seen any details on the actual connection between the phones and the devices or is it "just magic"? I perused a few other articles and all I got was "low cost radio link that is not a current standard, but we aren't telling you what"