Web links for Spring 2015
From SANS
TOP OF THE NEWS
--Cyber Attack on Oil Pipeline in Turkey Predates Stuxnet
(December 10, 2014)
In 2008, an oil pipeline running through Turkey was attacked, causing
an explosion. The incident was kept largely secret. The pipeline had
sensors and cameras monitoring its entire 1,099 length. The attackers
gained access in the systems through the vulnerabilities in the
surveillance cameras' communications software, made their way to the
larger network, found a computer that was used to manage the alarm
management network, and put malware on it. From there, they managed to
disable alarms and alter the pressure of the oil to cause the explosion.
The incident is significant because of its timing - predating Stuxnet
by two years.
http://www.bloomberg.com/news/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar.html
http://www.bloomberg.com/news/2014-12-10/the-map-that-shows-why-a-pipeline-explosion-in-turkey-matters-to-the-u-s-.html
From SANS
TOP OF THE NEWS --Cyber Attack Caused Damage at German Steel Mill (January 8, 2015) A report released in mid-December disclosed that a cyber attack on a German steel mill caused damage to the facility. The attackers disrupted the plant's control system to make it impossible to shut down a blast furnace properly. The damage was described as "massive," but no details were provided. This is the second documented case of a cyber attack causing physical damage - the first, of course, was Stuxnet. The date of the German attack was not provided. But the report said that the attackers gained initial foothold in the system through the corporate network and worked their way from there to the production networks. http://www.wired.com/2015/01/german-steel-mill-hack-destruction/ HD Malware
WEB Security
Web single sign on authentication
https://shibboleth.net/
http://en.wikipedia.org/wiki/Shibboleth_%28Internet2%29
OWASP
https://www.owasp.org/index.php/Main_Page
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project