Update on digital certificates
The discussion early in August is back in the headlines as hackers gain stolen documents to pose as Google.
The Ask Control Engineering posting of August 4 talked about how a hacker can pose as something else using fraudulent or stolen digital certificates. A recent article in Computer World discusses how hackers obtained “a digital certificate good for any Google website.” Using this, a hacker can pose as any of Google’s services and use this to pull off a man in the middle attack on anyone trying to access his or her accounts using the same network as the hacker.
The article goes into greater depth on how it all happened, but there are still many gaps as investigators try to piece together events.
This type of attack strategy is a favorite for cyber criminals trying to break into industrial networks, and is effectively what happened with Stuxnet. The attacker places himself between the HMI and the plant equipment, sending bogus and possibly harmful orders to the equipment while making the HMI tell operators that nothing is wrong.
--Peter Welander, pwelander(at)cfemedia.com
|Search the online Automation Integrator Guide|
Case Study Database
Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.