criticism

Over the past decade, we've heard a lot about the coming consumerization of information technology. Well, it's here. The Web, e-mail, mobile phones, automated teller machines, GPS navigators, supermarket self-checkouts, online banking, digital cameras, instant messaging, chat rooms, online shopping, airline e-tickets, iTunes, YouTube, Facebook--you name it. Every one of them puts large swaths of the population in direct, frequent contact with sophisticated IT systems and interfaces. And this is just the short list.

It's an overstatement to say "everyone's on Facebook" or "everyone has a smartphone"--but not by much. Something like 50 percent of the U.S. population is on Facebook … Read more

The U.S. government is warning critical-infrastructure operators of a serious hole in software used in oil and gas; water; electric utilities; and manufacturing plants around the world.

The stack overflow vulnerability affects the Genesis32 supervisory control and data acquisition (SCADA) and BizViz software sold by ICONICS, according to an advisory (PDF) released yesterday by the Department of Homeland Security's ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). ICONICS has issued a patch to close the hole, which could allow an attacker to remotely execute code and take control of the computer.

Meanwhile, an exploit targeting the vulnerability was … Read more

Cyber attacks on critical infrastructure companies are on the rise, with a jump in extortion attempts and malware designed to sabotage systems, like Stuxnet, according to a new report.

While attacks are increasing, many companies aren't doing enough to protect their systems and are instead rushing to adopt new technologies--such as Smart Grid--without ensuring they adequately secure against cyber attacks, concludes "In the Dark: Crucial Industries Confront Cyberattacks."

The report, due to be released on Tuesday, was commissioned by McAfee and written by the Center for Strategic and International Studies (CSIS). It includes results from an electronic … Read more

Flaws in SCADA software, used to monitor and control sensors and operations at utilities and other critical infrastructure facilities, seem to keep coming out of the woodwork:

• Last week, the U.S. ICS-CERT (Industrial Control System Computer Emergency Response Team) issued several advisories about vulnerabilities exposed in SCADA (supervisory control and data acquisition) software. One was in an ActiveXcontrol in WellinTech KingView V6.53 human machine interface (HMI) software used in power, water, and aerospace industries, mostly in China. The researcher publicly released exploit code for the hole and the vendor released an update that resolves the problem. The second … Read more

The U.S. government is warning that critical infrastructure systems are at risk of being compromised or attacked in response to the public release of exploits for dozens of holes in four different supervisory control and data acquisition, or SCADA software products.

Saying he had no previous knowledge of SCADA systems before beginning his analysis "some months ago," Italian researcher Luigi Auriemma yesterday posted proof-of-concept software targeting Siemens Tecnomatix FactoryLink, Iconics GENESIS32 and GENESIS64, 7-Technologies IGSS (Interactive Graphical SCADA System) and DATAC RealWin products to the BugTraq security e-mail list.

SCADA systems allow employees at utilities and other … Read more

eBay said yesterday that it has bought Critical Path Software, a mobile-app developer that had already been working with the auction site for the past couple of years.

Helping to design several eBay mobile apps, Portland, Ore.-based Critical Path has partnered with eBay's mobile group to create eBay for the iPhone and eBay Classifieds. Critical Path and eBay also teamed up to develop StubHub, a ticket-buying app, and Shopping.com, a shopping comparison app.

The acquisition is part of eBay's move to focus even further on the growing mobile market. The auction site has also been busy … Read more

I recently discussed techniques for reviewing projects to improve their likelihood of success. Underlying this is the reality that projects do fail often, at a greater rate than we'd like to admit.

Some failures are spectacular. After spending tens or hundreds of millions of dollars over a period of years, nothing ever really works. The entire investment of time, money, energy, effort, and focus has to be completely written off. Those are the legends. The laughing stocks.

But it's a mistake to conflate failures and catastrophes. Most failures are mundane and much smaller scale. They result from changing … Read more

The Stuxnet worm is a "wake-up call" because of its complexity and its aim at critical infrastructure systems, a Symantec director told a U.S. congressional committee today.

The malware is a milestone in many ways, Dean Turner, director of Symantec Security Response's Global Intelligence Network, said in testimony before the U.S. Senate Committee on Homeland Security and Governmental Affairs.

It is the first known threat to: spy on and reprogram industrial control systems and grant hackers control of critical infrastructures; use four zero-day vulnerabilities; compromise two digital certificates; inject code into industrial control systems and … Read more

Once again, Adobe is urging its users to update their software, this time to plug 23 security vulnerabilities found in Adobe Reader and Acrobat. Though Adobe generally releases security updates on a quarterly cycle, this particular update was rushed because at least one of these vulnerabilities was actively exploited by hackers.… Read more