Tuesday, February 17, 2015

Monday, February 16, 2015

Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes

New vulnerabilities from out team and new patches from Siemens

CVE-2015-1358 and CVE-2014-4686 are all abut VNC code reuse.

CVE-2015-1355 and CVE-2015-1356 we can’t name vulnerabilities. Local weaknesses, defects in security feature implementations… But it fixed, thanks Siemens.

Tuesday, December 30, 2014

31C3: Too Smart Grid in da Cloud ++

This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.  Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security.

Sunday, December 28, 2014

SOS! Secure Open SmartGrids!

Dear all,

After our 31C3 Too SmartGrid in da Cloud talk we get many questions about Solar and Wind plants vulnerabilities, Internet connected SmartGrid devices. Guys, sorry, but we don’t know yet.

There are dozens of platforms, hundreds of vendors, thousands of SmartGrid devices… Millions of them connected to Internet without any protection. But you can change the situation.
Join our SCADASOS project to make the world safer!

Tuesday, December 16, 2014

Wednesday, October 29, 2014

Different type of SCADA...

+Update http://blog.ptsecurity.com/2015/01/hacking-atm-with-raspberry-pi.html

Slides and demo from Olga and Alex report on ATM hacking at Black Hat. MS08-067 strikes again. Now ATM.
There are a lot of different kinds of SCADA...