"WOW" indeed, Scott.
Have you come across any AUTHORITATIVE information yet that indicates that wireless had
ANYTHING to do with the blackout? If so, please share....
Thanks,
jack
[EMAIL PROTECTED] wrote:
> WOW
>
>
>
> Sincerely,
> Scott
>
> [EMAIL PROTECTED]
> www.scottsmarineservices.com
> www.boat-parts.net
> www.boatparts.us
> www.LaWirelessWeb.com
>
> Scotts Marine Services
> 4105 Lincoln ave.
> Culver City, California 90232
> Phone & Fax 310-559-5353
>
>
>
>
> -----Original Message-----
> From: Geoff Shively [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 15, 2003 6:12 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [SOCALWUG] Power outages related to DCOM Worm, WiFi
> accessible?
>
> Jack,
>
> Before reading any of your own text, you may want
> to view this PBS documentary. It is only 10 minutes long
> and even if you aren't a PBS fan it has good data and support
> everything I am saying.
>
> http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/
>
> I would hope most review presented data before forming an
> argument against it.
>
> > But your logic is so well...
> > it's so uh... uh...
> > it's uh... it's so lacking, dude.
>
> My logic or my data, or both? Please clarify.
>
> > Are you asking the question or making an assertion?
> > The answer is no, in most cases, they're not WiFi accessible.
>
> I was attempting to keep the subject short and concise.
>
> > Some have said, huh. Who are these authoritative folks?
>
> If they were as authoritative as your argument precedes,
> then I wouldn't have bothered asking the list about WiFi.
>
> Bernie, CTA [mailto:[EMAIL PROTECTED] had some good data
> from his days working with these systems, if you would like
> to contact him feel free. I have CC'd Bernie on this thread.
>
> Attached is the original email to the full-disclosure list.
>
> > Lots of talk, eh?? Gosh, I guess that makes it true, No?
>
> No but at the very least I have some data backing my logic,
> I see nothing but cynical comments and lacking data to support
> your theory that mine is false. Present some and then we can
> talk in what I hope is a tactful fashion.
>
> > The changes that you assert "could" have taken place?
>
> I would love to see one bit of evidence that isn't speculative
> at this point. Yes, this could have taken place, and to present
> it I used research data to form my verbiage. Is this not how
> you come about finding an answer?
>
> > "Very well penetrate" - what a convincing argument.
>
> In security, do we not asses risk and mitigate it as necessary?
> well before we can mitigate the risk here we have to present
> the case for how probable it is to get into one of these systems.
>
> > Thanks for your expert analysis and opinion, oops, you're not really
> > an expert are you?
>
> I don't claim to be and never have. This does not take a power expert
> to understand. Example, most know how a car works, but could they
> ever build one, no. I am simply putting pieces of a puzzle together
> based on experts I do speak with, as the members of our national
> media are not practicing responsible reporting, and listening to
> uneducated guesses about the system's architecture.
>
> > Oh, the industry may be pretty well prepared, Geoff. They may in fact
> > have created the problem themselves to get the government
> > (Oopps... I mean the taxpayers) to give them 50 or 60 billion dollars
> > to "upgrade" the grid (continuing to artificially reduce the supply of
> power and
> > then trade power at inflated rates at a huge profit) and make it
> easier
> for them
> > to rip off the nation like they have already ripped-off California. Oh
> my
> God,
> > maybe now I'm the crackpot who's gone "over the edge". Well, at least
> that
> will
> > lend YOU some credibility and make your marketing efforts
> > suddenly look legitimate. Don't say I never gave you anything!
>
> I have not made one reference to assumed information as I said before my
> information is based upon facts.
>
> Please, do describe what you mean by this marketing?
>
> > "could be"
>
> Could be anything, but facts will lead us to an answer. It really is
> that
> simple.
>
> > Holy crap!!! With a pile of documents as high as the sky,
> > how can you possibly be wrong?
>
> Facts are facts, I don't know what else to say. I could be wrong, and
> that
> is
> my biggest asset. I don't assert that this is definitely what happened.
>
> With that said, I would have preferred that such a tactless and cynical
> reply
> to what was intending as an informative and inquisitive post be handled
> off
> of the list. Oh well, live and learn.
>
> Cheers,
>
> Geoff Shively, CHO
> PivX Solutions, LLC
>
> Are You Secure?
> http://www.pivx.com
>
> ----- Original Message -----
> From: "Jack Unger" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, August 15, 2003 5:04 PM
> Subject: Re: [SOCALWUG] Power outages related to DCOM Worm, WiFi
> accessible?
>
> > Nice marketing piece, Geoff...
> >
> > Hey - don't take this personally - I have no arguement
> > with you. But your logic is so well...
> > it's so uh... uh...
> > it's uh... it's so lacking, dude.
> >
> > Geoff Shively wrote:
> >
> > > Power outages related to DCOM Worm, are SCADA and DCS WiFi
> Accessible?
> >
> > Are you asking the question or making an assertion?
> > The answer is no, in most cases, they're not WiFi accessible.
> >
> > > Some
> > > have said that they are accessible via WiFi and a potential attacker
> could
> > > break protection mechanisms thus gaining access to control and
> acquired
> > > data.
> >
> > Some have said, huh. Who are these authoritative folks?
> >
> > > Is there any truth to this, any SCADA, DCS, or HMI experts on the
> > > list?
> >
> > Probably not. This is a wireless list.
> >
> > >
> > > Furthermore, there has been allot of talk on bugtraq, full
> disclosure,
> and
> > > dsheild about the latest American power crisis being caused by
> malicious
> > > computer activities or worm.
> >
> > Lots of talk, eh?? Gosh, I guess that makes it true, No?
> >
> > >
> > > A bit of background on the systems that control power facilities.
> > > Distributed control systems (DCS) and supervisory control and data
> > > acquisition (SCADA) systems are the key elements of facility
> control.
> remote
> > > terminal units "RTU". SCADA runs under Win2000 / XP and the
> telemetry
> to
> > > the RTU is accessible via the Internet.
> >
> > So these control systems are Internet accessible, huh? Got any
> convincing
> > proof of that?
> >
> > >
> > > SCADA (Supervisory Control And Data Acquisition) and DCS
> (Distributed
> > > Control Systems) are highly vulnerable to attack.
> >
> > Oh really, can't you be more specific? But wait, your just throwing a
> bunch of
> > acronyms around, huh? No real facts there...
> >
> > > An attacker could very
> > > well penetrate these systems to make changes or implement simple
> scripts
> to
> > > cause a legitimate operator to make unnecessary changes to a large
> scale
> > > power grid.
> >
> > "Very well penetrate" - what a convincing argument.
> >
> > > These changes could result in massive failure causing an
> > > international power crisis.
> >
> > The changes that you assert "could" have taken place?
> >
> > >
> > > Be it from a worm or home grown hack, these latest power failures
> were
> > > unlikely to have been caused by a physical failure that would have
> surfaced
> > > by now.
> >
> > Thanks for your expert analysis and opinion, oops, you're not really
> > an expert are you?
> >
> > > Power failures from the years past have brought about legislation
> > > and system changes that deal with most large scale issues as they
> arise
> to
> > > mitigate risk of large scale failure, whatever happened this time
> was a
> new
> > > problem the industry was not prepared for.
> >
> > Oh, the industry may be pretty well prepared, Geoff. They may in fact
> > have created the problem themselves to get the government
> > (Oopps... I mean the taxpayers) to give them 50 or 60 billion dollars
> > to "upgrade" the grid (continuing to artificially reduce the supply of
> power and
> > then trade power at inflated rates at a huge profit) and make it
> easier
> for them
> > to rip off the nation like they have already ripped-off California. Oh
> my
> God,
> > maybe now I'm the crackpot who's gone "over the edge". Well, at least
> that
> will
> > lend YOU some credibility and make your marketing efforts
> > suddenly look legitimate. Don't say I never gave you anything!
> >
> > >
> > > We know that SCADA and DCS systems are supplied by one of 5 major
> vendors
> > > and these system are advertised on the vendors websites to run
> Microsoft
> > > Windows versions 95, 2000 and NT. Also advertised is DCOM and RPC
> support
> > > within these systems, RPC/DCOM recently became famous as the
> Lovsan/Blaster
> > > worm exploited this protocol to spread across the internet. With
> this
> said
> > > it is likely
> >
> > It's very truly "likely", Geoff - because you said that it's
> likely....
> > that makes it true, No?
> >
> > > that an infected system infected a SCADA or DCS, and could be
> >
> > "could be"
> >
> > >
> > > why we are seeing large scale outages across the country. This is
> not a
> > > Microsoft problem as many would like to say, though it is a problem
> with
> > > patch management.
> > >
> > > Below is documentation on the problem, the first one sums up the
> problem
> > > nicely (DCOM
> > > and SCADA white papers):
> >
> > Holy crap!!! With a pile of documents as high as the sky,
> > how can you possibly be wrong?
> >
> > >
> > > http://www.automationtechies.com/sitepages/pid641.php
> > >
> > > http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/
> > >
> > > http://www.scada-system.com/scada-software-windows.htm
> > >
> > > http://www.data-acquisition-software.com/index.htm
> > >
> > > Cheers,
> >
> > Cheers, Geoff.... and thank you again for such a well-planted
> > marketing piece - opps I mean such an accurate, informative,
> > scientific and enlightening post. I'll look forward to your next
> > post where you'll tell us how to use WiFi to take over control
> > of cruise missiles.
> > jack
> >
> > > Geoff Shively, CHO
> > > PivX Solutions, LLC
> > >
> > > Are You Secure?
> > > http://www.pivx.com
> >
> > --
> > Jack Unger - President, Wireless InfoNet Inc.
> > Author of the WISP Handbook - "Deploying License-Free Wireless WANs"
> > http://www.ask-wi.com/book.html
> > True Vendor-Neutral WISP Training-Troubleshooting-Consulting
> > http://www.ask-wi.com/services.html
> > Email: [EMAIL PROTECTED] Phone: (818)227-4220
> >
> >
> >
--
Jack Unger - President, Wireless InfoNet Inc.
Author of the WISP Handbook - "Deploying License-Free Wireless WANs"
http://www.ask-wi.com/book.html
True Vendor-Neutral WISP Training-Troubleshooting-Consulting
http://www.ask-wi.com/services.html
Email: [EMAIL PROTECTED] Phone: (818)227-4220
