Top Security News Storm Botnet Subsides Something new may be on tap to replace Storm as the big botnet pest, as its size decreased substantially in April. Efforts to clean up the Storm botnet drove it down to 5 percent of its original size in April. This puts... Trojan Plaguing File Sharing Networks A massive outbreak of malware began hitting media swappers hundreds of thousands of times nearly a week ago. The number of detections topped 500,000 for users of popular file sharing clients like eDonkey and... EFF Wonders About Digital Music Rights The disclosure by Microsoft that they will disable license servers and eliminate the ability for MSN Music customers to listen to music purchased from the service on... India Cites Ongoing Chinese Cyber Attacks A year and a half of electronic warfare against public and private network resources in India has been traced back to a variety of attacks and antagonists in China. Botnets, keyloggers, and network mapping all plague... McAfee Digests Spam Experiment The 30-day challenge to run an unprotected computer and surf the Internet while filling out every form and answering every spam ended with the reinforcement of a lesson: nothing comes for free. Participants in the... Thursday:05.08.08 Utilities' legacy systems receive updates to allow centralized management of their resources over a computer network. Convenient? Sure. Safe? Questionable. Why bother driving a car converted into a fuel bomb into a power substation when it's easier to grab control of an entire power grid? The bad guys may be thinking this way today. Not enough of the good guys may be devoting the resources needed to thwarting such attacks as they need to do. Paul Ferguson at security vendor Trend Micro said one potential threat to the integrity of Supervisory Control And Data Acquisition (SCADA) systems stems from a vulnerability in one Windows-based software suite. "This vulnerability "could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet," SANS said of the problem. "Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario." Core Security picked up on the problem, where the flaw rests with a Windows component in the Invensys Wonderware InTouch SuiteLink service. The National Vulnerability Database scored the threat as High. It's network-exploitable, with low complexity of access. Authentication is not required to reach the vulnerable component. The idea a denial of service could bring about another situation like the blackout suffered in the Northeast a few years ago should be unconscionable to utility companies and security professionals. Let's hope this and similar issues receive proactive detection and repair, before anyone can create an attack to exploit it. About the Author: David Utter is a business and technology writer for SecurityProNews and WebProNews. SecurityProNews is brought to you by: SecurityConfig.com NetworkingFiles.com ITmanagementNews.com NetworkNewz.com DatabaseProNews.com SQLProNews.com ITcertificationNews.com SysAdminNews.com LinuxProNews.com WirelessProNews.com About SecurityProNews SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security. Advertising Newsletters Corporate Info Site Map Support © 2008 SecurityProNews. An email newsletter. , Inc. 2549 Richmond Rd. Lexington KY, 40509 All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us. SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.