a social network for Oklahoma's technology community
KF's SCADA Metasploit Modules
Polling the audience: What's your feeling about the new CitecSCADA metasploit module? Irresponsible or about time that SCADA vendors are called out.
milw0rm
Infoworld
theRegister
milw0rm
Infoworld
theRegister
Replies to This Discussion
-
Permalink Reply by Mike Douglas on -
Im always against public release of exploit code. SCADA vendors may be 20 years behind the curve, but thats equivalent to printing "nukes for dummies" because your favorite country hasnt been spending enough on a missile defense program. The bad guys share exploits with each other when they find them, the last thing we need is the good guys finding the issues and sharing with the bad guys. Once the bad guys have put an exploit "in the wild" then we're talking a different story. If you're the one who puts it out first, you're the bad guy.
I believe in publishing detection tools so individual companies can find their weaknesses, but an actual exploit is very irresponsible. Imagine being a SCADA-reliant company, not a SCADA vendor, just one of their customers; the exploit gets in the wild you get hacked and there's little you can do about it until the vendor makes a patch...game over.
© 2009 Created by Andrea Lowery on Ning. Create a Ning Network!
