My most recent post over at LiquidMatrix Security Digest

Royal Bank of Scottland Group might be feeling a bit exposed this afternoon…

RBS WordPay, a system that processes millions of payments daily has been compromised. It looks like the database is just dying to give up names, credit card numbers, email addresses, and all sorts of juicy information to whoever asks for it. Unu has a great write up of the vulnerability with plenty of juicy screenshots on his blog.

Here is a real kicker for you:

The next picture is awesome, but really what we see. In the picture appear user, host and password in mysql database, user table. But look well to the first user webphp, surrounded me. We have % to host and NOTHING in the password !!! I mean we have a user password NULL and % to host, that means that we can log on his account, the MySQL server without password, from any IP.

There is also some fun poked at Bill Gates which never hurts.

Article Link

So in an utter disregard for buzzwords, CNN Homeland Security Correspondent Jeanne Meserve has dwelled into James’ land of cyberdouchery. The article entitled “Smart Grid may be vulnerable to hackers” briefly discusses the United States and it’s respective power companies anxiously deploying a high-tech power grid while simultaneously raping the words “cyber” and “smart”.

Power companies are installing new automated meters at an astonishing rate which seems to be the first step in the roll out. The eventual goal is to improve electricity efficiency and reliability using sensors on your home meters that talk back to the power grid. President Obama is on board dishing out $4.5 billion towards all this.

So where does the problem lie?

Well some interesting quotes throughout the article define the issue very clearly. One of our friends at InGuardians, Ed Skoudis chimed in stating,

“I think we are putting the cart before the horse here to get this stuff rolled out very fast.”

Also, Matt Spaur, a product marketing analyst added my favorite tidbit,

“Any network can be hacked.”

All in all, this is obviously a huge security issue and if you even remotely (no pun intended) glanced at Live Free or Die Hard you’d get the picture. Electric grids are all ready “hackable” you just have to not be afraid of heights and be a huge fan of rubber. The automation wouldn’t necessarily create many new vulnerabilities, it would most definitely increase the risk by increasing the likelihood and severity of exploitation.

With this system in place there really is no room for “roll it out and patch it later.” We can all hope that the money makers take their time on this one and do it right.

Article Link