Chinese SCADA Has Critical Vulnerability: Investigator
According to an investigator at security company NSS Labs, there's a serious security flaw inside well-known SCADA software that is widely utilized within China, along with some others that signals of one more potential attack from Stuxnet. EWeek published this on January 12, 2011.
Notably, the most common use of SCADA is in running vital machineries that are installed at factories, gas and oil refineries, power plants and industrial facilities.
Information obtained discloses that the said vulnerability within SCADA (Supervisory Control and Data Acquisition) systems that Chinese users utilize hints of another probable assault from Stuxnet.
In a personal blog dated January 9, 2011, Security Researcher Dillon Boresford of NSS Labs writes that SCADA isn't any long-time known software and that importantly, the security flaw has affected a highly-trusted as also widely-utilized supervisory control and data acquisition program inside China.
Actually, Boresford was interfering with the Chinese SCADA when he discovered a flaw of heap overflow type within an application, which takes command from the interface software of human machine about inbound log events and then treats them. Evidently, the buffer stack overflow flaw that's within the KingSoft application, which runs on the majority of MS Windows' supported editions, helps hackers to remotely gain total control over weakened computers having the application.
Remarking about the vulnerability of SCADA, security specialists had said that it was extremely disturbing since Stuxnet, the worm, which hijacked different SCADA computers globally during 2010 as also brought down Iran's nuclear scheme, was the creation of many people with highly professional knowledge and skills, stated director of technical education Randy Adams for ESET.
Asserts the investigator, who found the flaw inside the Chinese SCADA that it isn't uncommon to find bugs within SCADA computers in China, while according to him, this is because of opaqueness for the flaws.
And when the associated department didn't respond, the investigator remarked through a personal blog dated January 9, 2011 that he wasn't certain whether a zero-day flaw for an extremely well-known Chinese SCADA application circulating out there was worse or whether a security professionals' team belonging to CHINA-CERT remaining unresponsive was worse.
Related article: Chinese Hackers Threatening Korean Game Sites
» SPAMfighter News - 24-01-2011