Niagara Falls Flat on warning ubiquitous US network clients

Again, a huge leaky computer security flaw in a system widely deployed around the world has US authorities playing catch-up.

Russ Imrie – July 14, 2012 from the Washington Post

Breaches of important computer systems are commonplace and dangerous. Newly discovered vulnerabilities need to be promptly recoded and repaired and all users need to have that software patch deployed immediately. This before malignant code or unauthorized users gain administrative privileges in and control of a computer system.There is no excuse, other than saving face, for a systems vendor to delay alerting users their software and thus their safe and profitable operations are at risk.

The STUXNET malware that attacked Iran‘s centrifuges exploited a vulnerability in Windows systems and infected machine controls. Now, another system, the Niagara Framework by Tridium has security types scrambling to patch security holes and unsecured critical control systems worldwide and to find out why Tridium (a Honeywell subsidiary) did not alert users a year ago when it [security hole] was brought to their attention by a user who discovered anomolies.

Niagra literature touts applications that can…

Remotely monitor your equipment and analyze performance. Operators can respond to alarms, schedule maintenance, adjust control parameters and alter operating schedules using a PC web browser or handheld wireless device. Managing a remote customer site has never been easier.

Test attacks have proven that Niagara systems can be broken into and control taken over. At last users are being alerted about some quick fixes to reduce vulnerability but is it too late?

Affected systems – from WAPO

As you can see in this partial screen capture of the Washington Post’s graphic listing of affected systems, a comprehensive range of critical devices are at risk if the vulnerabilities are used to gain control with malicious intent.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s