tag:blogger.com,1999:blog-4088979.post113840096480843309..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Black Hat Federal 2006 Wrap-Up, Part 5Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4088979.post-1138903163192215542006-02-02T12:59:00.000-05:002006-02-02T12:59:00.000-05:00there has been active talk on dailydave about the ...there has been active talk on dailydave about the scada talk.<BR/><BR/>original mention: http://lists.immunitysec.com/pipermail/dailydave/2006-January/002867.html<BR/>new thread and pdf link (borken) : http://lists.immunitysec.com/pipermail/dailydave/2006-January/002861.html<BR/>latest message and link to a book on scada security: http://lists.immunitysec.com/pipermail/dailydave/2006-February/002885.htmlAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138887627379698122006-02-02T08:40:00.000-05:002006-02-02T08:40:00.000-05:00Halvar,Wow, I didn't even get that first part righ...Halvar,<BR/><BR/>Wow, I didn't even get that first part right. Thanks for the correction!Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138868153754908632006-02-02T03:15:00.000-05:002006-02-02T03:15:00.000-05:00A short correction: Non-initialized stack variable...A short correction: Non-initialized stack variables are regions on the stack that have not been initialized before being used. The trick is _not_ to insert code into these variables to be later executed, but to _control_ these values (as they might contain array indices or pointers). These can then be abused to gain control.<BR/><BR/>Cheers,<BR/>Halvarhalvar.flakehttps://www.blogger.com/profile/12486016980670992738noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138802674330230802006-02-01T09:04:00.000-05:002006-02-01T09:04:00.000-05:00In fact, mr. Dobbins is right - and I am, too :)Du...In fact, mr. Dobbins is right - and I am, too :)<BR/><BR/>During my talk, I specifically quoted Arbor - and Lancope, but I haven't seen their system at work - as examples of people really doing anomaly detection, or at least trying to.<BR/><BR/>Richard (btw: thanks for mentioning my talk :) has simply reported the short version: there's a lot of people claiming to do "zero-day" protection with MISUSE based systems, which is obviously false.<BR/><BR/>Hope this clears up the matter,<BR/>StefanoAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138747833295176142006-01-31T17:50:00.000-05:002006-01-31T17:50:00.000-05:00there was a talk about scada at toorcon this yearh...there was a talk about scada at toorcon this year<BR/><BR/>http://toorcon.org/2005/slides/mgrimes/<BR/>http://toorcon.org/2005/conference.html?id=16Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138564564921574972006-01-29T14:56:00.000-05:002006-01-29T14:56:00.000-05:00Sorry, I have neither.RichardSorry, I have neither.<BR/><BR/>RichardRichard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138561844752054062006-01-29T14:10:00.000-05:002006-01-29T14:10:00.000-05:00You don't happen to have contact information or a ...You don't happen to have contact information or a link to the presentation for Robert Graham do you? I'd love to find out more about his speach on SCADA security.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138427786563844742006-01-28T00:56:00.000-05:002006-01-28T00:56:00.000-05:00Mr. Zanero is 100% incorrect - for example, Arbor'...Mr. Zanero is 100% incorrect - for example, Arbor's Peakflow SP does in fact make use of NetFlow telemetry to perform statistical anomaly-detection based upon pps/bps/source-dest pairs, and so forth. Their Peakflow/X system performs behavioral anomaly-detection, modeling communications relationships and then spotting deviations from same (also using NetFlow telemetry).Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1138412382408761052006-01-27T20:39:00.000-05:002006-01-27T20:39:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.com