Newsletter Subscriptions
Newsletter Archives
Magazine
White Papers
Webcasts
Podcasts
IT Jobs
Community
Slideshows
New Data Center

Network World

News
Blogs
Newsletters
Videos
Events
Resources
Insider
More
Twitter
Facebook
Linked In

Security
LAN & WAN
Unified Communications
Cloud
Infrastructure Management
Wireless
Software
Data Center
SMB Networking
IT Careers
Gearhead
Tech Debate
Tests
Community

Anti-malware
Compliance
Cybercrime
Firewall & UTM
IDS/IPS
Endpoint Security
SIEM
White Papers
Webcasts
Tests

SDN
Ethernet Switch
Router
IPv6
Service Providers
Metro Ethernet
MPLS
VPN
WAN Optimization
White Papers
Webcasts
Tests

VoIP
E-mail services
Videoconferencing
Collaboration / Web 2.0
White Papers
Webcasts
Tests

SaaS
White Papers
Webcasts
Tests

Network Management
System Management
Identity Management
Patch Management
Application Management
Asset Management
White Papers
Webcasts
Tests

3G & 4G
Smartphones
Mobile Apps
Wi-Fi
WiMAX & LTE
Wireless Management
Wi-Fi Security
MDM
BYOD
White Papers
Webcasts
Tests

Windows
Linux
Applications
CRM
ERP
Business Intelligence
White Papers
Webcasts
Tests

Virtualization
Disaster Recovery
Server
PC
Network Storage
Storage Management
Green IT
White Papers
Webcasts
Tests

Broadband
Collaboration
Equipment
Mobile
Networks
Security
Storage
White Papers
Webcasts
Tests

White Papers
Webcasts
Tests

Cool Tools
IT Asked & Answered
White Papers
Webcasts
Tests

White Papers
Webcasts
Tests

White Papers
Webcasts
Solution Centers

You are previewing premium content. Become an Insider to read the full article.

You are viewing Insider content. Browse other Insider articles

News

Security firm showcases vulnerabilities in SCADA software, won't report them to vendors

The vulnerability information will be sold to private buyers as part of a commercial service, the company says

By Lucian Constantin, IDG News Service
November 20, 2012 10:00 PM ET

Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors.

In a video released Monday, ReVuln showcased nine "zero-day" (previously unknown) vulnerabilities which, according to the company, affect SCADA (supervisory control and data acquisition) software from General Electric, Schneider Electric, Kaskad, Rockwell Automation, Eaton and Siemens. ReVuln declined to disclose the name of the affected software products.

SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and control industrial processes.

To continue reading, register here to become an Insider

It's FREE to join

Learn More

Already an Insider? Sign in

Page 3 of 3

"I can't say I feel comfortable with this, but it may be that legitimized and monetized research will work out better for the online world than multitudes of individuals and unofficial groups working semi-covertly," the ESET researcher said. "If so, let's hope too much damage isn't done while that market stabilizes."

As far ReVuln's customer selection process goes, Auriemma said the company "accepts trusted customers from reputable countries only."

< Prev
1
2
3

The IDG News Service is a Network World affiliate.

From CIO.com

From CSO Online

The 20 Best iPhone/iPad Games of 2013 So Far
9 Steps to Build Your Personal Brand (and Your Career)
7 Consumer Technologies Coming to an Enterprise Near You
11 Signs Your IT Project is Doomed

A walking tour: 33 questions to ask about your company's security
15 social media scams
The 7 elements of a successful security awareness program
Rogue's gallery: 9 infamous social engineers

Latest News

Rss Feed

iPhone 6 rumor rollup for the week ending May 24
Is Google trying to swipe Waze from under Facebook's nose?
U.S. urged to let companies 'hack-back' at IP cyber thieves
iPad 5 rumor rollup for the week ending May 23
Public cloud shakeup: VMware in, Dell out, and OpenStack in limbo?

Google to lengthen SSL encryption keys from August
Windows 8 Update: Microsoft sacks iPad in Windows 8 ad, join forces with NFL
Google's latest Penguin update lets you squeal on spammy websites -- as well as anyone else
DHS warns employees that years-old database hole puts their privacy at risk
Researchers find more versions of digitally signed Mac OS X spyware
9 super useful subreddits network pros should follow
Java developer says he built, launched basic open source office suite in 30 days
Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day
Twitter aims to become safer with two-step sign-in
Hybrid public-private cloud usage more widespread than you think
T-Mobile spurns Google Wallet, in a decidedly 'un-un-carrier' decision
CIOs need to rethink their roles, MIT symposium panelists say
Smartphones take center stage in two-factor authentication schemes
Ericsson makes bus windows part of a Wi-Fi network
French police end missing persons searches, suggest using Facebook instead
HP profit falls 32 percent as PC and server sales decline
IT on the fly: The art of quickly building, then dismantling
Nvidia, Citrix crank up virtual desktop delivery
Ethernet filters out porn, plus 9 other facts (?) we learned from Bob Metcalfe’s Reddit Q&A
Blue Coat Systems to acquire security analytics firm Solera Networks