We can all live with outages at Yahoo Mail, Twitter, and CNN.com. But what about when there's an outage that affects our electrical power, heating systems, and gas supplies?
Boston-based security firm Core Security has discovered a serious hole in the Suitelink software that is used to automate operations at power stations, oil refineries and production lines, according to a report in New Scientist.
Attackers exploiting the vulnerability could crash the software by transmitting an outsize packet data to a certain port on the computer running Suitelink, the article says.
Fortunately, Wonderware, the company that makes Suitelink, has issued a software patch for the vulnerability. Now it's up to the plants to update their software.
Even without finding security holes in the SCADA control software, it's possible to break into power plants by downloading malware to employee computers through a socially engineered e-mail that directs them to a malicious server, a security expert said at RSA 2008.