back to article Talos names eight deadly sins in widely used industrial software

A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system. The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the …

  1. Pascal Monett Silver badge

    "Malicious USB devices"

    Sorry, but I am less worried about that than I am worried about state-backed miscreants infiltrating and wreaking havoc from afar.

    The rule is always the same anyway : once local access is possible, all bets are off and the system can easily be compromised. A malicious USB means some traitor has decided to usurp his position and authority in order to do evil. There are safeguards against that, but the best safeguard is treating your personnel properly and paying them fairly. If they work in a serious branch of industry, they should know the importance of their position and that should be sufficient.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Malicious USB devices"

      > Sorry, but I am less worried about that than I am worried about state-backed miscreants infiltrating and wreaking havoc from afar.

      But what about a state backed miscreant wielding a USB stick, at a distance?

  2. OhForF'

    "A malicious USB means some traitor has decided to usurp his position and authority in order to do evil."

    Malware installed on a network that is air gapped from the internet is more likely to happen because someone finds an usb stick with the company logo in the parking lot and decides to connect it to his computer to check if the content allows him to figure out which of his colleagues lost that stick.

    Good intenentions can cause as much harm as malicious operators.

    Automatic installation of drivers transparent to the user when a new usb device is connected is so convenient - whatever could go wrong?

  3. Anonymous Coward
    Anonymous Coward

    I don't understand

    > A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.

    Why would Steven Seagal want to do that?

    1. Anonymous Coward
      Anonymous Coward

      Re: I don't understand

      Is it too soon to mention Bruce Willis?

  4. John Smith 19 Gold badge
    Unhappy

    So now they have been identified

    Perhaps somone will do something about them?

    Why do I have the smell of companies that are happy to download the SW and use it but not to contribute ANY meaningful amount of development effort?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022