Again the industrial world has been shaken up. After the vulnerabilities spoken of in former posts now the cisco of the process automationworld is lying under fire.

A canadian company that has been required by siemens has planted hardcoded a backdoor login account on their operating system according to an independent researcher Justin W. Clarke, who works in the energy sector.

This will allow potentially allowing attackers to access devices online.

These devices are used by divers customers that span the utility, transportation, industrial, and military markets.

Some of the customers use it to build their hardware upon:

OEM Customers

ABB

AREVA

Cooper Power Systems

General Electric

Schweitzer Engineering Laboratories

Siemens

Utility Customers

Bonneville Power (BPA)

City of Lakeland, Florida

ConEdison

Hydro One

Hydro Québec

KEPCO

National Grid

NSTAR

Pepco

Powerlink Queensland

TVA

Transportation Customers

City of Houston, Texas

City of Lakeland, Florida

Econolite Control Products

METRO Metropolitan Transit Authority

of Harris County, Texas

Palm Beach County, Florida

Washington State DOT

Wisconsin DOT

Industrial Customers

Alcoa

Chevron

City of Lakeland, Florida

Eurotherm

Falconbridges

Johnson Controls

SNC-Lavalin Group

Military Customers

Boeing

DRS Technologies

Lockheed Martin

L-3 Communications

US Navy

“The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom.The login credentials for the backdoor include a static username, “factory,” that was assigned by the vendor and can’t be changed by customers, and a dynamically generated password that is based on the individual MAC address, or media access control address, for any specific device. ”

This will need a firm handling on access and telnet sessions from any source in the process automation enverionment.

RuggedCom, which is based in Canada, was recently purchased by the German conglomerate Siemens. Siemens, itself, has been highly criticized for having a backdoor and hard-coded passwords in some of its industrial control system components. The Siemens vulnerabilities, in the company’s programmable logic controllers, would let attackers reprogram the systems with malicious commands to sabotage critical infrastructures or lock out legitimate administrators.

A hardcoded password in a Siemens database was used by the authors of the Stuxnet worm to attack industrial control systems used by Iran in its uranium enrichment program.

Hardcoded passwords and backdoor accounts are just two of numerous security vulnerabilities and security design flaws that have existed for years in industrial control systems made by multiple manufacturers. The security of the devices came under closer scrutiny in 2010 after the Stuxnet worm was discovered on systems in Iran and elsewhere.

Numerous researchers have been warning about the vulnerabilities for years. But vendors have largely ignored the warnings and criticism because customers so far haven’t demanded that the vendors secure their products.

This is now changing seeing the effort of the International Instrument User`s Associations.

This body which exists of major players in the industrial world have made a document which consists of recommodations , best procedures and working methods to improve security within the Process Control Domains ( PCD ) The document concerning Security Requirements for Vendors . This is at the moment of writing at version WIB 2.0 and can be obtained here

With the influx of the demand remote connectivity more and more systems are exposed to the outside networks. Vendors , contractors and Bring Your Own ( BYO) devices are asking for more connectivity which adds to the already complex situation of roles and tasks.

Where vulnerabilities are there you can be sure hackers are looking into ways to exploit these. The ingredients are there : the attack doesn’t require autenthication and is used by remote helpdesks, IT-administrators to manage critical servers and plants. Microsoft has issued a patch against the vulnerability and has rated the patch number 1.

MS12-020 patches a pair of bugs in Windows’ Remote Desktop Protocol (RDP), a component that lets users remotely access a PC or server. RDP is frequently used by corporate help desks, off-site users and IT administrators to manage servers at company data centers and those the enterprise farms out to cloud-based service providers like Amazon and Microsoft.

This means that the patch sould be prioritized and installed first and before all others.The problem is that this patch requires a reboot to become operational.So installing the patch alone is not sufficient. You need to reboot to be protected against any of these .

There is something you can do to substantially reduce the risk on Windows Vista and later systems where RDP is enabled: You can enable Remote Desktop’s Network Level Authentication (NLA) to require authentication before a remote desktop session is established to the remote desktop server. On systems with NLA enabled, the vulnerable code is still present and could potentially be exploited for code execution. However, NLA would require an attacker to first authenticate to the server before attempting to exploit the vulnerability .The fix has been issued but this only will work on windows XP Service Pack 3, Windows 7, windows 2008. For windows 2003 and Windows XP SP 2 this “force to autenthicate ” fix is not available and will stop them to connect remotely to any machine that has this fix applied.

In our dutch IT landscape we had phrase that now ironically becomes true: Rebooten Moet !

Companies are on their own concerning their process automation safety according to the Dutch Goverment.

As we see an influx of scada related breaches on process automation systems we can conclude one thing that the current methods of protecting the assets are not enough.

Its like putting a traffic sign out which will direct the cars into certain streets and prevents them from driving into another. Granted one way streets will give a traffic control , but do we know where the car stops , lets passengers in drop luggage or even exchange the current luggage for other luggage?

No we do not know and backtracing this activity can become very cumbersome. Thats why you should not only demand safetybelts ( windows xp vs windows 7 ) but also a safe passage through these streets.

My point is that without proper application distribution,trackin of suspicious traffic ( ghostriders) and autorisation ( driverlicense) and authentication ( car registration ) a city can become a cart track racing environment were no boundaries are given untill you crash.

Today I found the link to the manual of the ipad .

Features have changed but most is unchanged and gives you a better oversight wat is possible.
Some features have changed like the lock on the rotating screen.In some versions ago apple decided that this became the mute button. Now you have to press the home button twice.
And swipe to the end untill you see a grey arrow and a cirkel.

After you have done that a cirkel with a padlok will show up and your ipad will not turn your landscape versus letter model

Oh and the link is here for the ipad manual

i have been searching for a solution on getting beyond the POP
settings since they only showed my inbox

and i have several maps that are in my opinion structured.
The normal settings for just getting inbox are described :

Hotmail on iPad

Microsoft has enabled POP access for all Hotmail accounts, so accessing Hotmail on your iPad is very easy. Trying to set up hotmail.

If you are having problems setting it up, here is the manual settings.

Use @hotmail.com, @hotmail.co.uk or @live.com as part of your username

Incoming Mail Server
Host Name: pop3.live.com
User Name: ***@hotmail.com

Outgoing Mail Server
SMTP: smtp.live.com

The advanced settings

Delete Messages
Remove: After one week

Incoming Setting
Use SSL: ON
Authentication: Password
Delete from server: Never
Server Port: 995

But as said this didnt fit the bill since i only could see my inbox. So how could i access to all my folders from my ipad? And get push mail as an extra bonus ?
This will be shown in the next steps

First you select the mail contact agenda and choose microsoft exchange.

Fill in the server name m.hotmail.com , this will unlock imap features so you will have your contacts agenda and dustbin available.

After verifying your newly made account will show up and will even have pushmail!

Anyone who has an account on Linked In and dont want to see his/her face in advertisement make sure you opt out.
So instead of being a promotor of shoes/tires/underwear/ etc make sure that the permission is not given. Being part of a busines  network is different then being part of their business:-)

Then after selecting ‘Account”‘ got to the bottom and see:

After selecting this make sure you deselect the choice Manage Social Advertising  and click on the blue button SAVE :

deselect

So no more change of finding your head promoting cereal

Since not being an virtuosa on coding this should become handy. After reading up on the free word press app and the negative comments on some of the apps  the question was what app should  be fitting my wishes ? After searching the web i ended up with blogsy.

After paying and downloading the app it was time to post my first blog..Before  i had to connect blogsy to my webblog .I  got the error : Add site failed . Please try again.

The workaround given was to see if the xml-rpc was enabled.

Remote Publishing

To post to WordPress from a desktop blogging client or remote website that uses the Atom Publishing Protocol or one of the XML-RPC publishing interfaces you must enable them below.

Of course this was enabled . I then got in contact with the developers and they sugested that i should use the default theme of word press .Most of the problems were related to faulty xml and it seems that the operating system of apple is very keen on clean code..

Got it working with the default template so now its on to blogsy!

starting with blogsy

gracht

As the introduction of the cannon made safe castles obsolete so is the firewall if thought out in terms of moats and perimeters.
Most of the intruders come in by ways that are not protected.

Do you realy think that companies like 500 of the US Fortune 1,000 companies and more than 40 major banks didnt have had any firewalls in place? Still they were the victim of the botnet that was called the “Mariposa” botnet, which had infected and controlled up to 12.7m PCs.

Didnt these companies have virusscanners ? Yes , they probally would have had virus scanners but these werent sophisticated enough to pick up on those attacks.
What we see is that the tradional methods that are used to keep the “bad guys”out are not enough anymore . Like we dont dig moats around our houses to keep bad guys of our premisses.
We need to rethink security as security 2.0 , in tune with the web 2.0 and cloud possibilities. A nice artikel about this written by John Vigouroux, CEO of M86 Security claims that ‘Security firms doing a miserable job’

First step for creating a WordPress is to log in into WordPress admin (http://www.serverbeheersupport.nl/wp-admin). After successful log in navigate to Posts –> Add New. New Add New Post screen will be displayed as below.

Enter the title that you want to be displayed for your post and than enter the Post content.
For the post content there is option to use HTML code or Visual Editor. You can use your preferred.

For the Post content use grammatical rules, use signs, paragraphs and try to insert images to better describe your post.

Use more separator right after the first image that will show up on the main page.

From the right side go to Publish menu and update info according to your needs. Click the Save Draft button to save your post. Than click Preview button in order to check the post on the public site. By clicking the Publish button post will be published on the selected date.

Be sure to select appropriate category as described above.

At the end enter already predefined tags in Posts –> Post tags or enter your own tag.

Those are some short steps for creating your first WordPress post.

GOOD LUCK!