SCADA industry debates flaw disclosure

This story caught my eye, not because it was yet another vulnerability article, but because it deals with systems that power the critical infrastructure behind industries like power plants and hospitals. The problem it seems is that the industry has been slow to adapt to the changing security environment because they feel they are apart from it. While most of these systems are isolated from the internet, that doesn’t mean they can’t be attacked. Hopefully the dialog between security researchers and the industry will help to foster a better effort from these vendors. Imagine a hacker taking out power for an entire city, or even a region. The consequenses could be quite severe.

It seems like every time I turn around there’s another bluetooth enabled gadget. We’ve got bluetooth on laptops, cellphones, headsets, cars and probably household pets. The one problem with all this cool wireless technology is the short-sightedness of the vendors. Take my Motorola E815 cellphone from Verizon as an example. It’s one cool phone with bluetooth, a 1.2MP camera, a large bright screen for playing games and online video and on top of all that it’s got a mini-SD (transflash) memory slot and plays MP3s as good as any iPod. The phone is capapble of being used with all of these features via bluetooth, but the vendor (Verizon) disables all of those features with the exception of the internet access and audio (headset). While there are tons of bluetooth devices out there, many of them are hobbled to the point that they are only a replacement for older proprietary wireless devices.