I got an interesting email from Essobi (pronounced SOB)
otherwise known as Kyle Stone about his claim to have discovered the Sixnet
vulnerability and the failure of his attempt to execute a coordinated
disclosure with the vendor and ICS-CERT last year; before Mehdi Sabraoui’s
disclosure reported by ICS-CERT. I have no way of verifying this claim, but
would refer readers to a
video of Kyle’s presentation at DerbyCon last week. Beware, Kyle doesn’t
like the way his situation was handled and has complaints about how vendors and
ICS-CERT handle attempted coordinated disclosures; an interesting discussion.
By the way the discussion also includes a wide variety of exploits that Kyle
executed on the Sixnet device; Sixnet will not like the discussion.
Kyle does make a couple of interesting points in his email
and video. First his reported disclosure also included undocumented TCP/UDP and
serial ports on specific Suxnet RTUs and the fact that these vulnerabilities
exist in remarketed RTUs, including the Honeywell RC500.
BTW: Kyle also points out that the ICS-CERT link to the
original release of the Sixnet advisory is dead. Well that’s not exactly true,
it’s live but it links to an empty page on
the ICS-CERT site.
Posts
No comments:
Post a Comment