Comments on: Security hole found in software used by power plants

New Scientist reports that security firm has found serious security vulnerability in software used to automate power stations, oil refineries, and production lines.

[AppleSuxLeo]

Doh !

[timber2005]

Glad they've patched it before some company went public with it.
It's funny though, I've got a neighbor who works for Progress Energy in the carolinas, and as I've heard you'd be surprised that if a major computer failure were to occur, we CAN overide it. Even if we think the computers are wrong *cough* three mile island *cough* humans remain in full control.
Yes, some systems might begin automatic shutdown procedures, but after a few hours everything could be back online. Like the recent Flordia blackout.

[Boid]

i have worked with this software for over 10 years. Systems such as these are behind firewalls and are not exposed directly to the Internet. Hackers would first have to penetrate a perimeter firewall to even try to find the SCADA systems.

If they can do this, they can exploit any of the well known Windows flaws. They will probably be totally unaware that Suitelink is running and that there is a specific exploit for it.

This article is trying to build hype but is short on facts and reality.

[jollyruss]

It's scary to know that mission-critical systems such as electrical power plants, heating systems, gas plants, etc. are being managed and controlled with software that runs on Windows...

[amigabill]

Why are these things even on the public net?

[amigabill]

Why are these things even on the public net?

[Kgaines]

Amazing... I work Tech Support for Wonderware. This vulnerability was discovered in February, and a patch released in March. This "Core Security" group are a little late to the game. I sincerely hope large companies don't rely on them for important security bulletins. Needless to say, as Boid has stated, any IT/Network manager worth their salt would not have a critical production environment exposed to the internet...