mailing list archives
Re: Vulnerabilities in some SCADA server softwares
From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 21 Mar 2011 13:11:32 -0400
On 3/21/2011 12:16 PM, Luigi Auriemma wrote:
The following are almost all the vulnerabilities I found for a quick
experiment some months ago in certain well known server-side SCADA
softwares still vulnerable in this moment.
At what point in time did you try contacting any of the vendors for
Analogy: Car owner has his car speed up ending up in almost near
catastrophe. Car owner goes to media outlets condemning the
manufacturer: "How could you be so reckless! Thousand of lives..."
Reality: Car manufacturer was never made aware of the issue. How do you
propose a manufacturer fix an issue?
Where in any of your advisories did you take the time to let a company
know: "hey you guys have some potential issues, here they are!!!"
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF