I figure that to be 830,584 possible combinations. That's 26 lower case
letters, 26 more upper case, 10 numbers and the special characters I
counted on my keyboard. That's 94 possible characters for each of the
three in the password. 94*94*94=830,584. Of course there are the other
possible characters you can get by holding down the alt key and pressing
a number, or using the windows character map. Somehow I feel if they're
only bright enough to come up with a three character password, we can
dismiss those possibilities that aren't on the standard US keyboard. I
could be wrong, but I'm guessing a password cracking program wouldn't
take too long to try 830,584 possible combinations.
On 11/21/2011 0:33, Michael Butash wrote:
Hah.
"Hacker Says Texas Town Used Three Character Password To Secure
Internet Facing SCADA System"
http://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-character-password-secure-internet-facing-scada-system-11201
Good enough for government.
-mb
On 11/20/2011 03:27 PM, Sam Kreimeyer wrote:
I think that most operators generally take whatever data SCADA spits
out at face value. After all, how would they recognize what dangerous
behavior looks like if they don't understand how these systems work
anyway? Let the IT guy figure it out.
I think we are witnessing the nascence of an appreciation for just how
devastating a vulnerability to industrial control mechanisms can be.
The security of these systems has long relied on their own obscurity
and the hope that nobody will be particularly inclined to cause havoc
with no *obvious* potential for profit. That's why they have that
expensive firewall, right?
On 11/20/11, Derek Trotter<expat.arizo...@gmail.com> wrote:
Same here. When I first heard of this, I said to myself: "Bet these
systems run on windows."
On 11/20/2011 14:00, Lisa Kachold wrote:
On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash<mich...@butash.net
<mailto:mich...@butash.net>> wrote:
There was some idle chat here prior about Stuxnet and how it
almost single-handed stopped or at least delayed Iran's Nuclear
aspirations, and I'd commented on how there was a variant called
Duqu that was running rampant in our SCADA systems that run
municipal water.
Seems our environmentals that run cities have and are being
exploited more frequently with more disclosures in the past few
days of incidents in Springfield Illinois and Houston Texas. Not
only do I guarantee security on these systems and networks not up
to par, their embedded and obscure nature means they probably
aren't even regularly patched to take advantage. In the
Springfield incident they actually caused damage to a critical
pump, and it's only going to continue to get worse as it's now
being talked about more mainstream and word spreads.
http://www.theregister.co.uk/2011/11/17/water_utility_hacked/
http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/
I know I sleep better at night knowing all this software runs on
old windoze systems! Even better is how they're talking about in
here how they are often now internet connected systems so they
can
be managed remotely to save costs (i.e. outsource it). Maybe
letting the Chinese government run our city water systems isn't
quite what they had in mind, but anything to save a buck in these
trying times I suppose...
-mb
chortle! snort!
--
(602) 791-8002 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
"That income tax you know it's nothing more than legal robbery"
Sidney "Pa" Larkin
Please protect my address like I protect yours. When sending messages to
multiple recipients, always use the BCC: (Blind carbon copy) and not To: or
CC:. Also remove all of the addresses from the message body before forwarding
the message. These simple measures prevent spy programs from capturing the
addresses shown in the recipient list and the message body.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
