I hear that ICS-CERT has published a DLL hijacking advisory
for an industrial control system on the US-CERT Secure Server. Since I don’t
have access to that site I can’t confirm that, and if I did I wouldn’t be able
to talk about it anyway. If they have, they will get around to publishing it on
the ICS-CERT site in the near future.
In any case, if you are the owner operator of an industrial
control system at a critical infrastructure facility, you should already have
requested access to the Secure Server so that you would be up to date on these
types of vulnerabilities.
If you are not a critical infrastructure facility, you might
try contacting US-CERT to see if you can get access, I understand that they
have liberalized their rules about who they will give access. They are
certainly willing to talk to security researchers and system integrators.
Posts
No comments:
Post a Comment