Another systematic SCADA vuln

Found on The Register on Sunday, 28 October 2012

Because the runtime needs access to /dev (if the target system is Linux) and an output bus, Wightman says the runtime is often given root or (in the case of Windows-based targets) administrator access.

“The TCP listener service allows for file transfer as well as a command-line interface,” the post states. “Neither the command-line interface nor the file transfer functionality requires authentication.

One would think that over the past years, developers have larned the basics of security, even if it's something as simple as passwords.

Browse all articles« Previous « » Next »