What the industry should do with the upcoming Aegis release

Automatak will be releasing the Aegis fuzzing tool publicly and for free for the first time in a few days. Like I said yesterday:

to which Adam replied:

I don’t think the industry is ready — and here’s why.

Continue reading

Posted in Industrial Automation, Smart Grid | Comments Off

Optimizing with type lists

In this post, I will take a brief look at how using type lists can help optimize certain applications.
Continue reading

Posted in C & C++ | Comments Off

A functional version of the KMP algorithm

For one of the projects I’m working on, I needed a compile-time version of the KMP algorithm in C++. I started by making the algorithm functional.

Continue reading

Posted in C & C++, Software Development | Comments Off

ICS security and regulatory requirements

In North America, ICS security, as regards the electricity grid, is regulated by NERC, which provides and enforces, among other things, the Critical Infrastructure Protection (CIP) standards.

In this post, I’ll provide a quick overview of those standards, provisions slightly more in-depth information than in my previous post.

Continue reading

Posted in Industrial Automation, Software Engineering | Comments Off

The Crain-Sistrunk vulnerabilities

In the two previous posts, I’ve shown that industrial control systems — ICSs — are becoming more pervasive, and that they rely on security through obscurity.

Now, let’s make the link with current events.

Continue reading

Posted in Industrial Automation, Software Engineering | Comments Off

The importance of ICS security: ICS communications

For an ICS, having communications abilities generally means implementing some machine-to-machine communications protocol, such as DNP3 or Modbus. These protocols, which allow the device to report data to a “master” device and take their cue from those devices w.r.t. things they should be doing, are generally not designed with security in mind: most of them do not require, or expect, user authentication for any commands you might send them, and don’t implement anything approaching what you’d expect from, e.g., a bank (confidentiality, integrity, authentication, authorization, non-repudiation).

Continue reading

Posted in Industrial Automation, Software Engineering | Comments Off

The importance of ICS security: pervasiveness of ICSs

Industrial Control Systems (ICSs) are becoming pervasive throughout all branches of industry and all parts of our infrastructure: they are a part of every part of the electricity grid, from the nuclear power station to your home; they’re found in the traffic lights of virtually every crossing; they regulate train traffic; they run the cookie factory that makes your favorite cookies and pack the pills your doctor prescribed.

Continue reading

Posted in Industrial Automation, Software Engineering | 1 Comment

Perl: Practical or Pathologically Eclectic? Both?

There are two canonical acronyms for Perl: “Practical Extraction and Report Language” and “Pathologically Eclectic Rubbish Lister”. Arguably, Perl can be both.

Continue reading

Posted in Opinions | Tagged | Comments Off

A few thoughts on BitCoin

Mindmap of a few thoughts on BitCoin I’d meant to turn into prose (still might)

Continue reading

Posted in Computers and Society, Interesting stuff, Opinions | Comments Off

Vlinder Software announces Arachnida version 2.2

Vlinder Software is announcing the release of version 2.2 of Arachnida, our HTTP server framework for embedded devices. This version introduces two important features: a hardened, more versatile OpenSSL plug-in: we’ve scrapped the plug-in that was originally created for version … Continue reading
Posted in Vlinder Software | Tagged , , | Comments Off