UPDATE: Looking For a ‘FireSheep’ Moment, Researchers Lay Bare Woeful SCADA Security

Miami, Florida – A no-holds barred presentation at the S4 Conference laid bare the woeful state of security for many industrial control systems that power the world’s critical infrastructure. Organizers have also cooperated with security scanning firms Rapid7 and Tenable to release modules for the Metasploit and Nessus products that can test for the discovered security holes.

Researcher Alleges Siemens Cover-up Over Security Holes In Simatic Product

A month after an unknown gray hat hacker calling himself “pr0f” used a three character password to hack his way onto computers used to manage water treatment equipment in South Houston, Texas, a security researcher is accusing the company that makes the industrial control system (ICS) software, Siemens, of trying to cover up the existence of other, more serious vulnerabilities.

Siemens Patches SCADA Holes, Downplays Threat

In the wake of a report about vulnerabilities in its products, Siemens issued a patch for its Simatic S7 industrial controllers on Monday. ICS CERT, the Cyber Emergency Response Team for Industrial Control Systems, issued an alert advising Siemens customers to apply the patch.

Security researcher Dillon Beresford decided not to present a talk at the TakedownCon in Dallas on Thursday, citing concerns about mayhem that could have resulted. But in an e-mail, he told Threatpost that the vulnerabilities could allow remote attackers to start or stop Siemens Programmable Logic Controllers (PLCs) and harvest information from the devices.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.