July 31, 2010

Even security conferences suffer from vulnerabilities

Whoops, it looks like the folks who developed the registration website for the Blackhat security conference have a little security issue themselves. As Michael Coates reported, the website that is used to register for access to some of the live talks from the conference is vulnerable to a hack where an attacker could obtain free access to paid content.

For a fee the conference offers access to select talks that are streamed live. Well Micheal found a vulnerability where he was able to access the stream without providing his credit card. Oops.

The good news out of all of this is the response from the company who developed the website responded quickly to Michael's call and within 4 hours had a fix installed. Further Michael followed responsible disclosure and did not disclose the issue until after the site was fixed.

July 15, 2010

Rootkit targeting embedded devices in SCADA systems?

A recent malware discovery has many of us security pros very concerned: rootkits targeting embedded devices. The discovery is a rootkit called Rootkit.TmpHider that came with a trojan that infects systems via USB drives. This in itself is not all that concerning, what *is* very concernful is that the driver files that make up the rookit have a legitimate digital signature from....wait for it...an embedded device maker Realtek. Worse it appears to targeted at SCADA control systems. Not good.

Several are discussing this new trojan that has rootkit technologies built into it: Wilders Security, The H-Security site, The Elder Geek.

Why are we concerned you ask? These embedded devices are everywhere controlling everything including critical systems such as water system, power grids, etc. AND in a scary finding made by malware analyst Frank Boldewin of www.reconstructer.org, this rootkit has database queries that target WinCC SCADA systems by Siemens. That's bad news.

To add to this concern is the fact that these devices rarely get updated, if at all, so all bugs and vulnerabilities that existed when they were designed still exist. Furthermore, the trust model in these devices is usually quit open, making it very easy for worms to propagate.

Here's hoping that new embedded systems have stronger security built into them.