Single Point of Weakness is in the Works.Thank you Major Tom.
On April 13, 2003, professor rat wrote:
Sparks over US power grid cybersecurity By Kevin Poulsen, SecurityFocus
Strike.
Posted: 11/04/2003 at 23:01 GMT
Strike. Learn to use STANDARD TIME FORMATS, you pathetic ex-con sellout journalist. DD/MM/YYYY is an antiquated european format.
The draft guideline offer a much more detailed prescription for curing the power grid's security ills: "Set dial-out modems to not auto-answer," reads one pointer. "Automatically lock accounts or access paths after a preset number of consecutive invalid password attempts," suggests another.
Assuming Mr. Poulsen is fixating on the aspects of the draft he's most familiar with, it becomes readily apparent that he is still living in 1995.
But Norton also describes the power grid's fractal network of interdependent systems. "There's incredibly variety of equipment, generationally, vendor-wise, because it's kind of been cobbled together as neighborhoods get bigger," he says. "You've got increasingly sophisticated control centers and increasingly sophisticated microprocessor-controlled equipment, and linking them are unencrypted 1200-baud lines."
Someone teach this child about fractals.
Strike. Learn to use STANDARD TIME FORMATS, you pathetic ex-con sellout journalist. DD/MM/YYYY is an antiquated european format.
...and MM/DD/YYYY is an antiquitated American format. STANDARD time format is ISO-8601 compliant, YYYY-MM-DD. Another acceptable way is DD MMM YYYY in any order, where the format of the fields automatically and unambiguously determines meaning. Peddlers of other formats should be slowly tortured on public TV as the warning for the others. I'd be delighted to watch.
Assuming Mr. Poulsen is fixating on the aspects of the draft he's most familiar with, it becomes readily apparent that he is still living in 1995.
You won't believe how many people who should know what IT security is about still live somewhere between 1900 and 1950.
But Norton also describes the power grid's fractal network of interdependent systems. "There's incredibly variety of equipment, generationally, vendor-wise, because it's kind of been cobbled together as neighborhoods get bigger," he says.
And because the vendors aren't required to disclose the documentation nor at least the interfaces, half[1] of the technology is a proprietary piece of shit that nobody knows how it works, and - worse - nobody can expect how it will fail.
"You've got increasingly sophisticated control centers and increasingly sophisticated microprocessor-controlled equipment, and linking them are unencrypted 1200-baud lines."
True. And the cables are accessible to everyone who knows how to crawl into a manhole. Not even talking about the atrocious security of wireless links.
Someone teach this child about fractals.
Why fractals? One comment I would have is that the growing intelligence of equipment should mandate fail-safe operation, refusal to perform commands that would put the node and its surrounding area to dangerous situation. Eg, it's better to cause traffic jam by setting all lights to red (or, even better, blinking yellow, which means here that the traffic lights aren't controlled) when a command comes to set greens in unsafe combination, than to obey the command. This way, the growing CPU power will be at least used to maintain sane behavior of the equipment in unpredictable cases and even in case of an active hostile attack. [1] I am a closet optimist.
On Sunday, April 13, 2003, at 05:23 PM, Thomas Shaddack wrote:
Strike. Learn to use STANDARD TIME FORMATS, you pathetic ex-con sellout journalist. DD/MM/YYYY is an antiquated european format.
...and MM/DD/YYYY is an antiquitated American format.
STANDARD time format is ISO-8601 compliant, YYYY-MM-DD.
YYYYMMDD is also an option if (in the judgment of the writer) space is scarce. Everyone reading this thread should know that already.
Another acceptable way is DD MMM YYYY in any order, where the format of the fields automatically and unambiguously determines meaning.
Acceptable? Maybe to a few Europeans. That's a waste - requires computing the order of fields, and adds a character in its written representation.
Peddlers of other formats should be slowly tortured on public TV as the warning for the others. I'd be delighted to watch.
Me too.
Assuming Mr. Poulsen is fixating on the aspects of the draft he's most familiar with, it becomes readily apparent that he is still living in 1995.
You won't believe how many people who should know what IT security is about still live somewhere between 1900 and 1950.
I believe almost anything nowadays.
But Norton also describes the power grid's fractal network of interdependent systems. "There's incredibly variety of equipment, generationally, vendor-wise, because it's kind of been cobbled together as neighborhoods get bigger," he says.
And because the vendors aren't required to disclose the documentation nor at least the interfaces, half[1] of the technology is a proprietary piece of shit that nobody knows how it works, and - worse - nobody can expect how it will fail.
As shitty as those systems are, you have to wonder whether it's cost effective to use federal, state, or industry money to fix them when an M82A1 and some jerk in a Hummer could cause just as much trouble.
"You've got increasingly sophisticated control centers and increasingly sophisticated microprocessor-controlled equipment, and linking them are unencrypted 1200-baud lines."
True. And the cables are accessible to everyone who knows how to crawl into a manhole. Not even talking about the atrocious security of wireless links.
Someone teach this child about fractals.
Why fractals?
Simply because Sir Poulsen used that term to describe a cobbled-together network. (two Poulsen |Ps up)
One comment I would have is that the growing intelligence of equipment
Insert dissent based on microsoft jab here.
participants (2)
-
Anonymous -
Thomas Shaddack