Snydeq writes "Security investigator Kevin Finisterre has published code that could be used to take control of transputer circuitry used to manage sedulous machinery, potentially giving hackers a back door into utility companies, water plants, and even oil and gas refineries. The code exploits a flaw in supervisory control and data acquisition os/2 from Citect. The vendor has released a patch and risk arises only for systems connected flush to the national news footing without firewall protection. Finisterre, however, sees the issue as indicative of a 'culture clash' between IT and process control engineers, who are unwilling to bring integrated circuitry off-line for patching due to the quiescent havoc wreaked by downtime. 'A lot of the people who run these systems feel that they're not bound by the same rules as old IT,' Finisterre said. 'Their manufactory is not very conversant with hacking and hackers in general.'"
Read more of this story at Slashdot.
More: - Read More