-2015-1172
Risk Level: Medium
CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Solution Status: Solution Unavailable, Product EOL
Discovered and Provided: Alexander Borg ( http://www.servernet.se
Simple Nomad wrote:
2. Ensure that these systems, if they exist, are not accessible from
either the Internet or even the local network where most of the users
are.
Much easier said than done.
The really scary SCADA systems are small cogs in large facilities that
have been been built up over
J. Oquendo wrote:
At what point in time did you try contacting any of the vendors for
these issues?
SCADA systems are infamous for being terribly insecure. (You can search
the internet for demonstration video of equipment catching fire because
of such bugs.) SCADA manufacturers seem to have
How so? I can't see why it's anyones responsibility's to fix a
corporations code, Especially if they don't have you on their payroll.
Tomasz Kojm wrote:
On Wed, 06 Dec 2006 15:24:25 +0100
Hendrik Weimer <[EMAIL PROTECTED]> wrote:
Several e-mail virus scanners can be tricked into passing a
It has been pointed out that the Linux random driver will block if it
computes there is no entropy available, and this is correct.
However, last August there were bugs discovered in entropy accounting
that caused it to overestimate current entropy, and the Red Hat
2.4.20-19.9 kernel still doesn't
I recently installed Red Hat Linux 9 and noticed on the first boot a
message about generating ssh host keys. Isn't that a dangerous thing
to do on the first boot? Where is the installation going to get
enough good entropy so early in its life?
Maybe the paranoid thing to do is, as part of config
Rogier Wolff <[EMAIL PROTECTED]> wrote (or possibly quoted
someone else):
>The use of double and triple encryption does not always provide the
>additional security that might be expected.
Yes, but an additional step of independent encryption (using a
completely unrelated key) should not weaken a
