Homeland Security warns: Hackers targeting popular Niagara software

July 14, 2012

Millions of machines and devices over the Internet are managed through Niagara Framework. Now, the Department of Homeland Security is alerting organizations around the world that the software is vulnerable to hacker attacks.

Whether you are a business, a military organization or healthcare provider using Niagara to remotely control or monitor your medical devices, elevators, video cameras and security systems, you should immediately prohibit guest users, bolster passwords and cut off direct access to the Internet. These steps may prevent hackers from exploiting your configuration and software flaws, cybersecurity officials warned on Friday, according to the Washington Post.

The alert comes hot on the heels of Thursday’s report by the same newspaper describing the vulnerabilities of the Niagara software that were discovered by two security specialists, Billy Rios and Terry McCorkle. According to the report, potential intruders could access files containing user names and passwords using a common hacker technique known as “directory traversal attack.”

In a private alert, Niagara’s maker, the Richmond-based company Tridium, warned its customers last week about these potential security issues. It was only last Thursday that it first came up with a public alert – months after it was first notified of the potential problem.

Tridium’s parent company, Honeywell, issued its own statement on Friday in response to the alert.

“We’ve released a security alert guiding our customers how to verify that their system is properly configured to protect against directory traversal. In addition, we will soon be providing a software update that hardens those settings against inadvertent user changes,” says the statement.

In a blog post cited in the department’s cyberalert, Rios praised the DHS for its efforts but criticized Tridium for the delay. DHS officials explained, however, that they had delayed the warning to allow Tridium to work on fixing the problems.

http://rt.com/usa/news/dhs-software-attack-niagara-168/print/

Comment

You need to be a member of United Truth Seekers to add comments!

Join United Truth Seekers

Welcome to
United Truth Seekers

Sign Up
or Sign In

Or sign in with:

Rocks2Rings

Help Pay The Rent. "United Truth Seekers" Is an informative Social Network exposing the truth that the mainstream media ignores. The truth will set you free!

This website is brought to you exclusively by member donations. Click Above, Thank you.

About

Pam Vredenburg created this Ning Network.

Eastern Standard Time

We’re “mining” cryptocurrency with our phones! I’m looking for people who want to join me and my friends and figured this would be a good way to get the word out. 🚀 I am sending you 1π! Pi is a new digital currency developed by Stanford PhDs, with over 10 million members worldwide. To claim your Pi, follow this link https://minepi.com/PAMUTS and use my username PAMUTS as your invitation code.

Download this and you will get cryptocurrency mining on your phone, and remember every 24 hours to open the app and touch the Pi button that way it automatically starts mining for you, you basically have to do nothing after that just let it Stay in the background mining cryptocurrency for you until one day it’s worth money for enough to cash it out!

~~~~~~~~~~~~~~~~~~

DEMAND THE TRUTH!

 "It was the poverty caused by the bad influence of the  English Bankers on the Parliament which has caused in the colonies hatred of the English and...the Revolutionary War."
– Benjamin Franklin 

"Guard with jealous attention the public liberty. Suspect every one who approaches that jewel. Unfortunately, nothing will preserve it but downright force. Whenever you give up that force, you are ruined."

Patrick Henry
June 26, 1788

Badges | Report an Issue | Terms of Service