Archive for August, 2012

ICS-CERT has released an ALERT "ICS-ALERT-12-234-01B – (UPDATE) Key Management Errors in RuggedCom’s Rugged Operating System" (PDF)

This ALERT warns warns of a vulnerability that can be used to decrypt SSL traffic between an end user and a RuggedCom network device.

ICS-CERT has released an ALERT "ICS-ALERT-12-234-01B – (UPDATE) Key Management Errors in RuggedCom’s Rugged Operating System" (PDF)

This ALERT warns warns of a vulnerability that can be used to decrypt SSL traffic between an end user and a RuggedCom network device.

ICS-CERT has released an Advisory titled "ICSA-12-243-01 – GarrettCom – Use of Hard-Coded Password" (PDF)

This Advisory details a privilege-escalation vulnerability in the GarrettCom Magnum MNS-6K Management Software application via the use of a hard-coded password.

Three riffs on resilience: “rolling between & through itself”

From Wednesday’s  New Orleans Times-Picayune editorial page: Not that anybody here in August 2005 could forget, but Isaac’s approach near the seventh anniversary of Hurricane Katrina was a sobering reminder of our city and region’s…

Lessons learned from Aurora

On the SCADSec blog site, Ed Beroset stated the following: I’ve attended a number of security conferences at which speakers would gravely intone that "we have not yet learned the lessons of Aurora." When I’ve probed a bit deeper, I’ve found t…

ICS-CERT/US-CERT has released a JSAR titled "JSAR-12-241-01 – Shamoon/DistTrack Malware" (PDF)

This JSAR details "Shamoon," an information-stealing malware that also includes a destructive module.

Managing the Insider Threat: a book review

Today’s post was written by Nadav Morag. Morag is a faculty member at the Naval Postgraduate School’s Center for Homeland Defense and Security. Managing the Insider Threat: No Dark Corners — a book by Nick Catrantzos (who sometimes wr…

Legacy Control System Cybersecurity/Reliability Test Bed

There has long been a strong desire to find solutions for securing industrial control systems that go beyond "simply" exposing problems and risks. So what is so difficult about finding solutions? The answer is technology, use and compliance. …

A nuclear glossary (with an Iranian connection)

Just for the information of those readers interested in nuclear topics. A former former deputy director-general of the International Atomic Energy Agency and a nonproliferation expert have published an online glossary to help sort out many of the terms…

Cybersecurity Wiki

For those with an interest in a wide range of cyber-related security topics, there is a new wiki just for you.  Via the Belfer Center for Science and International Affair’s website: Harvard’s Berkman Center for Internet & Society—wit…