How will Russia kept their oil and gas products running in the face of Rossi's E-Cat challenge? Here's how.
SCADA Strangelove: Zero-days & hacking for full remote control Speaking of critical SCADA systems online and the risks to them…after finding more than 60,000 exposed control systems online, two Russian security researchers found vulnerabilities that could be exploited to take “full control of systems running energy, chemical and transportation systems.” At the Chaos Communication Congress, 30C3, Positive Research chief technology officer Sergey Gordeychik and consultant Gleb Gritsai said they demonstrated “how to get full control of industrial infrastructure” to the energy, oil and gas, chemical and transportation sectors. “The vulnerabilities,” according to the Australian IT News, “existed in the way passwords were encrypted and stored in the software's Project database and allowed attackers to gain full access to Programmable Logic Controllers (PLCs) using attacks described as dangerous and easy to launch.” They probed and found holes in “popular and high-end ICS and supervisory control and data acquisition (SCADA) systems used to control everything from home solar panel installations to critical national infrastructure.” There are also numerous vulnerabilities in “home systems -- exposed to the public internet and at risk of attack.” In one case, the researchers responsibly disclosed a “vulnerability in the cloud SCADA platform Daq Connect which allowed attackers running a demonstration kiosk to access other customer installations." The vendor's totally unhelpful response was to tell the researchers “to simply 'not do' the attacks.” The SCADA Strangelove project has identified more than 150 zero-day vulnerabilities in SCADA, ICS and PLCs, with five percent of those being “dangerous remote code execution holes.” At 30C3, they released an updated version of THC-Hydra, “a password-cracking tool that targeted the vulnerability in Siemens PLC S-300 devices,” and a “Pretty Shiny Sparkly ICS/SCADA/PLC Cheat Sheet,” identifying almost 600 ICS, PLC and SCADA systems, so you too can “become a real SCADA Hacker.” On Tue, Dec 9, 2014 at 3:05 PM, Axil Axil <janap...@gmail.com> wrote: > Rossi has publicly stated that he is using over 100 computers to implement > his latest control stratagem. From this meager bit of information we can > deduce fairly much what is going on with the 1 megawatt cluster E-Cat > reactor. That number of computers means he is using a SCADA system to do > the command and control function to keep his creation in line. > > The term SCADA (supervisory control and data acquisition) usually refers > to a centralized system which monitors and controls the industrial > infrastructure of entire sites, or complexes of systems spread out over > large areas (anything from an industrial plant to a nation). Most localized > control actions are performed automatically by Remote Terminal Unit (RTU)s > or by Programmable Logic Controller (PLC)s. These are computer boards which > are controlled by a low level microcomputer usually housed in a rack > mounted enclosure using a full duplex bus structure to communicate with a > master control station(MCS). The MCS is a custom coded PC that hosts the > bus network and provides a graphical user interface to depict the > operational parameters and status of all the E-Cats. In a high availability > application, the MCD runs in a ghosted mode with a hot backup PC. > > > The cost of such a system(a high quality implementation) is substantial. > This digital Command and Control(C&C) will comprise a large fraction of the > cost of Rossi's 1 megawatt plant. Even the best of such systems is prone > to bugs, out of profile behavior and hacking attacks. Usually industrial > customers will want to integrate the E-Cat cluster reactor into their > factory wide SCADA C&C system. > > > In my opinion, Rossi and Industrial heat have made a mistake in judgment > on this reactor design decision. A simplified fail safe (as in a nuclear > reactor) analog based control system is best suited to the 1 MW E-Cat > cluster reactor. > > > > > On Tue, Dec 9, 2014 at 12:36 PM, Peter Gluck <peter.gl...@gmail.com> > wrote: > >> Dear Friends, >> >> when the New Paradigm of LENR will >> arrive, remember me for this too: >> >> >> http://egooutpeters.blogspot.ro/2014/12/daily-shared-lenr-discoveries-december_9.html >> >> It is the daily info here...more daily than info this time. >> Peter >> >> -- >> Dr. Peter Gluck >> Cluj, Romania >> http://egooutpeters.blogspot.com >> > >
