[ale] researcher's linux worm infects 400 K + devices by TELNET
John Pilman
jcpilman at gmail.com
Thu Mar 21 22:47:58 EDT 2013
On Thu, Mar 21, 2013 at 7:09 PM, Jay Lozier <jslozier at gmail.com> wrote:
> On 03/21/2013 06:30 PM, Jim Kinney wrote:
>
>
> My question is who needs to manage this off site? Most sewage and water
> treatment plants do not need this; the control facility should be on site.
>
>
> Maybe in China, but here the direction is toward less manpower when
feasible. It is feasible, just not implemented with enough security in
mind. Many, many industrial control systems are connected through the
internet and have been for quite a while. Some security come from the fact
that older system weren't smart enough to support today's exploits. (They
don't have CPM, DOS, Windows, Linux, BSD, UNIX or OSX OS) (PolyForth,
OpenVMS, AmigaOS but I digress)
I do think the answers to most of these control system connectivity
problems are pretty simple. The first steps being:
1. turn off unused services
2. firewall
With the cost of devices where they are now, I don't see why a firewall
should be more than $50. However, any industrial facility, at least in
this country, should be able to install a $5000 firewall if that is all
they can find.
...John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130321/7ff337e6/attachment.html>
More information about the Ale
mailing list