Sorry that you all could not comment, I have fixed it now so comment. Enjoy
=== Irey ===
Apr 10, 2008
"I will tell (you) how to break into a nuclear reactor," Ira Winkler, president of security firm ISAG said as he launched into his presentation on "How to Take Down the Power Grid" at RSA 2008 on Tuesday night.
"Frankly, it's really easy to break into the power grid," he said. "It happens all the time."
First, you set up a Web server that downloads spyware onto the computers that visit.
Second, you send an e-mail to people who work inside a power station that entices them to click on a hyperlink to the Web server with the spyware. Warning them that their human resources benefits are going to be cut and sending them to a Web site with "hr.com" in the domain would work, according to Winkler, who said he has done this several times in company-approved penetration tests.
Third, you wait as the recipients--and everyone else they forwarded the e-mail to--visit the server and get infected.
"Then we had full system control," he said. "Once the malware was downloaded onto their systems...we could see the screens and manipulate the cursors."
It took about a day to set up the attack and was effective within minutes, according to Winkler.
"It had to be shut down after a couple of hours because it was working too well," he said.
This is akin to social engineering attacks that happen all the time, but this attack has more far-reaching consequences than most such attacks.
Power stations running special SCADA control software have the perception that they are more secure than other networked systems. However, they are just as vulnerable because they are connected to the Internet and run on computers that also run Windows NT, he said.
"Things are really this bad," Winkler said. "I'm not exaggerating.
"Frankly, it's really easy to break into the power grid," he said. "It happens all the time."
First, you set up a Web server that downloads spyware onto the computers that visit.
Second, you send an e-mail to people who work inside a power station that entices them to click on a hyperlink to the Web server with the spyware. Warning them that their human resources benefits are going to be cut and sending them to a Web site with "hr.com" in the domain would work, according to Winkler, who said he has done this several times in company-approved penetration tests.
Third, you wait as the recipients--and everyone else they forwarded the e-mail to--visit the server and get infected.
"Then we had full system control," he said. "Once the malware was downloaded onto their systems...we could see the screens and manipulate the cursors."
It took about a day to set up the attack and was effective within minutes, according to Winkler.
"It had to be shut down after a couple of hours because it was working too well," he said.
This is akin to social engineering attacks that happen all the time, but this attack has more far-reaching consequences than most such attacks.
Power stations running special SCADA control software have the perception that they are more secure than other networked systems. However, they are just as vulnerable because they are connected to the Internet and run on computers that also run Windows NT, he said.
"Things are really this bad," Winkler said. "I'm not exaggerating.
Facebook fans are getting a new toy this week. With the launch of Facebook Chat, users will be able to communicate in real time with friends on the site.
The new Facebook Chat interface allows users to see which friends are online. The social networking giant, which boasts more than 69 million active users, has always had a built-in message system that resembles e-mail.
But for the first time, the site will release a chat system so friends can type back and forth instantly.
Because Facebook users already have lists of friends, they won't need to build buddy lists. At the bottom right of any Facebook page, users can click an "Online Friends" button that will indicate which friends are available to chat.
Facebook Chat only allows for one-to-one conversations. Users will be able to view recent conversations, but the chats won't be logged permanently, and users will be able to clear that chat history any time.
Facebook users will also have the option of keeping the conversation on the bottom of the screen or creating a pop-up window they can move. A chat window will also display Mini-Feed stories, which are notices concerning other friends' Facebook activities. Kool dhoo
The new Facebook Chat interface allows users to see which friends are online. The social networking giant, which boasts more than 69 million active users, has always had a built-in message system that resembles e-mail.
But for the first time, the site will release a chat system so friends can type back and forth instantly.
Because Facebook users already have lists of friends, they won't need to build buddy lists. At the bottom right of any Facebook page, users can click an "Online Friends" button that will indicate which friends are available to chat.
Facebook Chat only allows for one-to-one conversations. Users will be able to view recent conversations, but the chats won't be logged permanently, and users will be able to clear that chat history any time.
Facebook users will also have the option of keeping the conversation on the bottom of the screen or creating a pop-up window they can move. A chat window will also display Mini-Feed stories, which are notices concerning other friends' Facebook activities. Kool dhoo
Subscribe to:
Comments (Atom)
