Month: December 2017

Exposing SCADA to the Internet: Nobody expects the shodan inquisition!
There’s an industrial standard called Supervisory control and data acquisition (SCADA). Its used in factory control environments, running programmable logic controllers etc. In these environments, you often make certain assumptions. First, all the software is custom, and usually done by a single system integrator who has tested it all. Second, security is partly physical, you…
2017-12-02
Spear-Phishing defence, the US census, punycode, and certstream
Want to try something fun? Head here and click on ‘open the firehose’. This is certstream, a real-time-stream (from the transparency logs). In real time you can see all the SSL certificates granted. OK, i’ll let you you ooh and aah over that for a second. Now, lets talk about spear-phishing. In essence, I entice…
2017-12-02

Exposing SCADA to the Internet: Nobody expects the shodan inquisition!