Tag: critical infrastructure

Update: New 25 GPU Monster Devours Passwords In Seconds

Editor’s note: I’ve updated the article with some new (and in some cases) clarifying detail from Jeremi. I’ve left changes in where they were made. The biggest changes: 1) an updated link to slides 2) clarifying that VCL refers to Virtual OpenCL and 3) ¬†that the quote regarding 14char passwords falling in 6 minutes was for LM encrypted – not NTLM encrypted passwords. Long (8 char) NTLM passwords would take much longer…around 5.5 hours. ūüėČ ¬†– Paul There needs to be some kind of Moore’s law analog to capture the tremendous advances in the speed of password cracking operations. Just within the last five years, there’s been an explosion in innovation in this ancient art, as researchers have realized that they can harness specialized silicon and cloud based computing pools to quickly and efficiently break passwords. A presentation at the Passwords^12 Conference in Oslo, Norway (slides available here¬†– PDF), has […]

Support Forums Reveal Soft Underbelly of Critical Infrastructure

We hear a lot about vulnerabilities in industrial control system (ICS) software. In fact, that’s all we seem to hear about these days. The truth is: there’s a lot to write about. In just the last month, the Department of Homeland Security’s ICS-CERT warned its members about the ability of ¬†sophisticated – and even unskilled – attackers to use tools like the Shodan and ERIPP search engines to locate and attack vulnerable industrial control systems¬†(PDF) that are accessible from the public Internet. In the meantime, every couple of weeks brings revelations about serious and remotely exploitable software holes. Most recently, ICS-CERT warned about a critical vulnerability EOScada¬†(PDF), a Windows-based Energy Management System that is used to configure and manage intelligent electronic devices (IEDs) used in electrical, water, sewage and gas applications. But what about real evidence of compromised SCADA and industrial control systems? That’s a taller order. After all: most […]

Medical Pumps Recall: Bug Causes Inaccurate Readings on Touchscreen

Mobile phones aren’t the only products to benefit from nifty touch screen displays. A whole range of medical devices now sport them, also – as any trip to your local emergency department (or dentist’s office) will reveal. Unfortunately, many of those devices are just as balky and bug ridden as your average mobile phone -despite the fact that patients’ lives can rely on them. And this week, there’s more evidence of the lurking epidemic of shoddy, IP enabled medical devices. The medical device maker Hospira issued a voluntary, nationwide recall of its Symbiq brand infusion systems after discovering a software error that caused the touch screen interfaces on the devices to respond incorrectly to user input. The problem could result in “a delayed response and or the screen registering a different value from the value selected by the user,” the company said in a statement. Symbiq is a drug infusion […]