Again, a huge leaky computer security flaw in a system widely deployed around the world has US authorities playing catch-up.
Russ Imrie – July 14, 2012 from the Washington Post
Breaches of important computer systems are commonplace and dangerous. Newly discovered vulnerabilities need to be promptly recoded and repaired and all users need to have that software patch deployed immediately. This before malignant code or unauthorized users gain administrative privileges in and control of a computer system.There is no excuse, other than saving face, for a systems vendor to delay alerting users their software and thus their safe and profitable operations are at risk.
The STUXNET malware that attacked Iran‘s centrifuges exploited a vulnerability in Windows systems and infected machine controls. Now, another system, the Niagara Framework by Tridium has security types scrambling to patch security holes and unsecured critical control systems worldwide and to find out why Tridium (a Honeywell subsidiary) did not alert users a year ago when it [security hole] was brought to their attention by a user who discovered anomolies.
Niagra literature touts applications that can…
Remotely monitor your equipment and analyze performance. Operators can respond to alarms, schedule maintenance, adjust control parameters and alter operating schedules using a PC web browser or handheld wireless device. Managing a remote customer site has never been easier.
Test attacks have proven that Niagara systems can be broken into and control taken over. At last users are being alerted about some quick fixes to reduce vulnerability but is it too late?
As you can see in this partial screen capture of the Washington Post’s graphic listing of affected systems, a comprehensive range of critical devices are at risk if the vulnerabilities are used to gain control with malicious intent.
- If You Use Tridium’s Niagara, You Could Get Hacked! (forbes.com)
- Defects leave critical military, industrial infrastructure open to hacks (arstechnica.com)
- Researcher Identifies Critical Vulnerability in Chrome 20 (Video) (news.softpedia.com)
- Microsoft to fix dangerous IE, Windows security holes (zdnet.com)
- Tridium Recognizes LOBOS Product Launch at IBcon 2012 (sys-con.com)
- Persistent XSS Vulnerability Found on Tumblr (news.softpedia.com)
- Yahoo Says It Has Closed Security Hole Exploited in Breach (eweek.com)
- DHS: Hackers targeting popular software (EndtheLie.com)