|
Vital US institutions left wide open to terror attack
Holey protocols
WHILE THE US Department of Homeland Security has been making life miserable for those who have the misfortune of being tourists to its country, they seem to have missed a huge software security hole which could bring down their nuclear power stations.
The flaw, found in Protocol Handling Vital National Infrastructure Systems which control dams, oil refineries, railroads and nuclear power plants have a vulnerability that could mean that hackers could take them over.
Security boffins Neutralbit say that the flaw is remotely exploitable and can be found in SCADA which is short for supervisory control and data acquisition.
The hole is in the NETxAutomation NETxEIB OPC Server which is Microsoft software designed to write GUI applications for SCADA. Neutralbit has also published five vulnerabilities having to do with OPC.
Apparently NETxAutomation has addressed the flaw by releasing version 3.0.1300 of the NETxEIB OPC Server. The company has also released a patch for NETxEIB OPC Server version 3.0. US-Cert recommends restricting remote access to the server to only trusted hosts by using firewalls or only connecting them to private networks, until a fixed version of the server can be deployed. Either way it is a bit more important than bringing a bottle of water on a plane.
The INQuirer
|
Linear Mode
