[Dailydave] Managing that Dam from behind a VPN is best practices!

[Dave Aitel]

This is the release notes from the latest VulnDisco pack:
"""
New modules in this release:

vd_cdatahub - [0day] Cogent DataHub DoS
vd_cdatahub2 - [0day] Cogent DataHub DoS
vd_cdatahub3 -  [0day] Cogent DataHub file overwrite
vd_cdatahub_ver - [Tool] Get version of Cogent DataHub
vd_cdatahub_clstat - [Tool] Get status of Cogent DataHub clients

Also available our old exploit from Vulndisco Step-Ahead program,
available since 2011:
vd_adobe_fp_osx - Flash Player < 11.7.700.169 exploit (OSX)

"""

Generally with SCADA software finding bugs is a matter of simply typing. That's actually something you hear at Immunity a lot, when a problem is known to be trivial to do, but still require work, we just call it "typing". That said, the hard part with random SCADA software is usually getting it, installing it, and trying to make it work like it should work. The easy part is owning it. 

Luckily for most users of SCADA software, they've followed best practices and hidden their SCADA management stuff behind VPNs so nobody can get to it from the Internet. . . .Wait a minute <http://torrentfreak.com/nsa-can-spy-on-vpn-traffic-and-other-encrypted-communication-130906/>.... :>

-dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130909/36f7c72e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130909/36f7c72e/attachment.sig>