Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, the issue has existed for years and is widely documented in the security community. There are a few reasons why we haven't seen more widespread chaos:

1. Lack of network visibility by the owners of ICS

2. Availability > Forensics

3. VNC interfaces don't always provide full access

And keep in mind that there aren't a huge number of these anonymous VNC instances to begin with. We're talking less than 10,000 instances of servers that don't have any authentication and only a fraction of them are ICS-related.

I've written/ presented on the topic a few times, see:

https://blog.shodan.io/taking-things-offline-is-hard/

https://blog.shodan.io/why-control-systems-are-on-the-intern...

https://blog.shodan.io/state-of-control-systems-in-the-usa-2...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: