Interview on An Information Security Place Podcast
Last week, Michael Farnum, of the excellent An Information Security Place podcast asked me if I would like to be interviewed for the show. Michael’s one of my favorite folks to follow on twitter (@m1a1vet) and a really nice guy, so I agreed and we recorded on Monday afternoon. Prior to this, I hadn’t used [...]
Slides for CSE4243 GhostExodus lecture
Tommorow morning, I will be giving a lecture to the CS4243/6243 Information and Computer Security class at Mississippi State University. It will cover the events that led up to, and followed from, the arrest of Jesse “GhostExodus” McGraw on charges of installing malicious code onto hospital computer systems, including a system that was the HMI [...]
Cisco weighs in on the GhostExodus control systems incident
Nicholas Leali at the Cisco Security Community blog has posted an excellent summary of the security lessons that can be learned from the control systems incident at Carrell Clinic:
Lessons From an Insider Attack on SCADA Systems
Nicholas was kind enough to contact me for comments in the process of writing this article, as well as link [...]
GhostExodus indicted for control system incident
Just found out via the Dallas Observer’s blog that Jesse “GhostExodus” McGraw has been indicted by a federal grand jury, and has been charged with two counts of “transmitting a malicious code”, in reference to the malicious code he allegedly installed on computer systems at a hospital in the Dallas area:
Hacked! Dallas Federal Grand Jury [...]
GhostExodus, the ETA, and a Control Systems Incident at Carrell Clinic (part 3)
Previous parts (Pre-requisite information. There will be a pop quiz at the end.):
Part 1 – Definitely read the criminal complaint.
Part 2 – Watch some videos
In this post I will be displaying and discussing some screenshots that Jesse “GhostExodus” McGraw posted online. These screenshots were taken on the PC controlling Carrell Clinic’s HVAC system, uploaded to [...]
GhostExodus, the ETA, and a Control-Systems Incident at Carrell Clinic (Part 2)
If you haven’t read Part 1 of this story, then you really ought to take a look at it first. It serves as a good overview, and the criminal complaint filed by the FBI is a good read.
Yesterday afternoon was GhostExodus’ detention hearing. I’m not very familiar with the process one goes through after being [...]
GhostExodus, the ETA, and a Control-Systems Incident at Carrell Clinic (Part 1)
My phone has been blowing up most of the day about this. To sum it up: On the evening of the 18th, a script kiddie that was involved in a previous post on this site (“Perl Hacking is Dead”), XXxxImmortalxxXX, contacted me and began to brag about hacking a hospital’s HVAC system. Upon [...]
More links on the GE Fanuc iFIX vulnerabilities
Yesterday, I posted a link to the advisory in GE Fanuc’s knowledge base. For today, here’s some more links of interest regarding these vulnerabilities:
NERC (North American Electric Reliability Corporation) Advisory (Direct link to PDF)
CVE-2009-0216 (No information here yet, but presumably it will be updated soon)
US-CERT Vulnerability Note VU# 310355
SecurityFocus : GE Fanuc iFIX Insecure Authentication Multiple Unauthorized Access [...]
GE Fanuc releases info on iFIX vulnerabilities VU# 310355
If you’ve been looking for my slides from the SCADA Summit that included information on the GE Fanuc iFIX vulnerabilities that I discovered and reported, then you’re still out of luck, but this is just as good, really. If you’re an end-user of iFIX, or a penetration tester/red-team member testing installations of iFIX products, this [...]
SCADA/HMI Security: Vulnerabilities in GE Fanuc iFIX
I’m all settled in at the Walt Disney Dolphin resort hotel, registered for the SANS SCADA Summit, and just finished up going over my slides one more time.
I’m going to go ahead and make the slides available now, so anyone interested in attending the talk tomorrow can go ahead and get them. If you’re not at the [...]