----- Original Message ----- From: "Geoff Shively" <[EMAIL PROTECTED]> To: "Stephen Clowater" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, August 16, 2003 3:55 PM Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> > > > I'd read thru the bugtraq archives on securityfocus.com so you can really > > get a sense of the kinda long standing trouble rpc has been causeing over > > the years, RPC has been a long standing issue, in fact, For the last few > > years, Most places have just started blocking rpc out to the internet and > > given up on securing the protocol. Its caused many a headache to samaba > > (were you can now guess passwords curtosy of rpc) and Windows. With all > the > > vunerabilities that windows goes through, alot of the particulars get lost > > in the grand river of crapulance that is windows security. Ths is the > first > > worm to spread Exclusivly on a RPC exploit. And this Is the worst rpc > > Exploit yet (hell probably the worst windows exploit yet) But by just the > > sheer numbers of Exploits that show up in windows, if the systems doing > > critical monitoring were open to all on the internet, shurly we would > heave > > been seeing outages like this before hand, there have been thousands of > > exploits agianst windows since the monitoring systems went into place. > > > > Correct. We have been working on RPC stuff for as long as I can remember. > even > had a hand in the latest stuff before it became blaster. I was curious if > there was > any other small or medium scale worm that used this in the past few years. I > don't > think there has been, it would have had to been pretty far 'under the > radar'. Well its not so much that they wernt as major as that no one made a worm that would spread so quickly, and then screwed it up so badly. There have been hundreds of RPC problems that I have personally found myself cleaning up because some CFO wanted to be able to get to his Email from outhouse (outlook) express (no one read the mail headers on this email I'm on my windows box with a imap connection `/me starts crying in shame`) when he found were windows puts the folders for storage, and how to make it point somewere else, then of COURSE, MOUNTING the mailboxes at work and then mounting the share at home and pointing outhouse to that network drive was the solution he wanted. > > Point being its a new beast with new consequences. Slammer and 13k BoFA > ATMS, > flight control systems, etc etc. As these new machines come about new > consequences > are going to appear. > True, but flight control systems are on a VPN for instructions to aircraft, and internet for desktop uses. For the most part, regulated things like power, water, and other critical systems have learned not to use windows for what they are doing. But windows does remain in place at these same places for desktop use. But things like ATM's and some long distance trunks can be disrupted with things like slammer. > > Well my l33t hax0r ski11z lead me to watch CNN and draw on experience :) > > Did u 0wnz0r1z3 yur TeeVee yet? =) 0h ya....and th3n 1 hax0r3d 1t 1nt0 showing p0rn a11 th3 t1m3 4 fr33. :) hehe > > > Cheers, > > Geoff Shively, CHO > PivX Solutions, LLC > > http://www.pivx.com > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
