Netragard Blog

Netragard Blog2020-04-24T15:31:19-04:00

Utility Companies and Food for Thought

Something that I keep on hearing from engineers (power, water, etc) on the SCADASEC mailing list is that they are more concerned about human error causing an outage than an attack over the internet. Most of the incidents that I hear about are operator error and they involve accidentally shutting down a computer system or perhaps configuring one improperly (The utility guys like to call these "cyber" incidents). When that [...]

Fradulent Security Experts

So I've been participating in the penetration testing mailing list that is hosted by securityfocus and I can't say that I am impressed. In fact, I might even go so far as to say that I am concerned about the caliber of the people that are offering paid services, here's why.When a customer hires a security professional to perform a Penetration Test, Web Application Security Assessment, or any other service [...]

Conference with Green Hills Software

I recently gave a speech with Green Hills Software, Inc. in California. The presentation covered the real threat that businesses face as opposed to the theoretical threat that most people seem to worry more about. I also made it a point to uncover some of the more unorthodox attack methods that hackers use like the spreading of infected USB Sticks in parking lots or the use of rapid Distributed Metastasis.Here [...]

Die Hard 3 – Our Infrastructural Systems

Society has one very critical technological underpinning that goes un-noticed by most people, but not hackers. If you’ve ever seen the most recent die hard movie then you’ll have an idea of what I am talking about. That is, the world’s critical infrastructures are vulnerable to attack by hackers (scary but true). These infrastructures include but are not limited to Water, Power, Communications, Transportation, Chemical Plants, etc.Critical Infrastructure existed well [...]

CitectSCADA Exploit Release

SNOsoft/Netragard's Kevin Finisterre recently released an Exploit, not Attack Code, to demonstrate that a critical vulnerability does exist in Citect's CitectSCADA product. This code was released so that users of the product could accurately determine their own level of risk and exposure as well as determine the seriousness of the risk it creates as it relates to their infrastructure. This code was released after the vendor, Citect, had created a [...]

Hackers?

Hackers: Amaturs, non profit. Netragard, LLC. -- The Specialist in Anti Hacking.

More Apple Bugs

I realize that it has been a while since I've written anything to our blog and I assure you its because our team has been busy. With that said, we've been sitting on a few vulnerabilities that were discovered a while ago waiting for the vendor to release patches. Those vulnerabilities are going to be released very shortly on Netragard's website and to the mailing lists, but here's a sneak [...]

HackerSafe pwned

Back in early 2000, Kevin Finisterre and I were talking about HackerSafe and the risks that it posed to its customers. Primarly, if hackers monitor all HackerSafe websites they will know when to attack a site based on the presence of the HackerSafe logo. Another issue that we have with HackerSafe like services is that we feel that people are getting a false sense of security. Automated tools like the [...]

Hackers attack power companies

For quite some time I've been giving speeches and talking about the physical damages that malicious hackers could cause with a well crafted cyber attack. I've discussed how vulnerable our (the world's) core infrastructure is and how easily it could be disabled. As a result many people have called me a conspiracy theorist, or accused me of exaggerating. Well, unfortunately now I can say "I told you so." This isn't [...]

ZDNet Australia

Netragard's CTO was quoted in the following article titled "2007: How was it for Apple". Here's the article and here's the quote:Adriel Desautels, chief technology officer for security company Netragard and founder of the SNOSoft research team, said: "If OS X had the same installed base as Windows, Linux and other systems, it would be less secure or at the very most, as secure as the other systems ... It's [...]

OpenBase 10.0.5 (All Platforms)

Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise.The first vulnerability discovered is a command injection vulnerability that affects several of the default Stored Procedures. Specifically, it is possible to execute system commands as the root user by inserting a series of backticks into the pre-defined Stored Procedures.The second vulnerability discovered in Buffer Overflow that causes heap corruption. [...]

Load More Posts