Friday, November 18, 2011


Apparently security breaches are so common we no longer pay much attention to them. Allowing access to your control devices over the Internet is a major security risk. In this case, it may have been done to facilitate sales demonstrations. Much more interesting was the theft of passwords, which unfortunately, users tend to re-use on other systems...
U.S. water utility reportedly hacked last week, expert says
It appears that hackers breached the network of a company that makes SCADA (supervisory control and data acquisition) and stole customer usernames and passwords, said Joe Weiss, managing partner of Applied Control Solutions. "There was damage--the SCADA system was powered on and off, burning out a water pump," he wrote in a brief blog post.
The report did not identify the water utility attacked or the SCADA software vendor compromised, Weiss said in an interview with CNET. He declined to say where the utility is based because the report, released by a state terrorism information center, is marked "For Official Use Only." However, a Department of Homeland Security representative indicated the facility was located in Springfield, Ill.
"It is unknown, at this time, the number of SCADA usernames and passwords acquired from the software company's database and if any additional SCADA systems have been attacked as a result of this theft," he said, reading from a report entitled "Public Water District Cyber Intrusion." It was released November 10, two days after the water utility attack was discovered, he said.
… "DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Ill.," DHS spokesman Peter Boogaard said in a statement. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."
Weiss disputed this statement.
"The statement is inconsistent with the report from the Illinois Statewide Terrorism and Intelligence Center Daily Intelligence Notes dated November 10, 2011, titled 'Public Water District Cyber Intrusion,'" he said.
The water utility had noticed minor glitches in the remote access [Interesting, if uninformative phrase Bob] to the SCADA system for two to three months before it was identified as a cyber attack, Weiss said.


I want to adapt this for the classroom! And the highway! And Congress!!!!
"GeekWire reports that a pending Microsoft patent for monitoring workplace behavior would do Dwight Schrute proud. Three Microsoft inventors propose curbing obnoxious workplace habits in an equally obnoxious fashion — using a computer device for monitoring and analyzing workers' interactions over video conferences, telephone, text messages and other forms of digital communication to look for patterns of negative and positive behavior, and assigning behavior scores to employees based on what the system finds. Bad behavior, Microsoft explains, might include wearing dark glasses in a video conference, wearing unacceptable clothing to a business meeting, cutting off others during conversation, prolonged monologues, and even how one nods one's head in agreement, shakes one's head indicating disagreement, and makes hand gestures."


Binary Law by Bob
The arg... ...u ments
go back and forth
be cause there is
no middle
HA! I bet you didn't expect to find epic poetry in a blog!
Judge Declares Law Governing Warrantless Cellphone Tracking Unconstitutional
November 17, 2011 by Dissent
Julia Angwin:
In a succinct one-page ruling, U.S. District Court Judge Lynn N. Hughes of the Southern District of Texas declared that the law authorizing the government to obtain cellphone records without a search warrant was unconstitutional.
“The records would show the date, time, called number, and location of the telephone when the call was made,” Judge Hughes wrote in the decision, dated Nov. 11. “These data are constitutionally protected from this intrusion.”
Read more on Wall Street Journal.


Q: Why would a good manager choose not to backup their data? A: A good manager wouldn't.
"Businesses are on average backing up to tape once a month, with one alarming statistic showing 10 percent were only backing up to tape once per year, according to a survey by Vanson Bourne. Although cloud backup solutions are becoming more common, still the majority of companies will do their backups in-house. Sometimes they will have dedicated IT staff to run them, but usually it's done in-house because they have always done it like that, and they have confidence in their own security and safekeeping of data."

No comments: