Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Viral infection via Serial Cable

from [Über GuidoZ] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Viral infection via Serial Cable
Date: Mon, 30 Aug 2004 14:54:14 -0400 
Very interesting situation. To be honest I've never tried to
experiment with such a setting in a virus lab, however I do know that
viruses can travel via any electronic means of communication. Back
before RJ-45 jacks were used much, NICs had serial or BNC plugs
instead. Viruses traversed through them just like they do today.

It completely depends on the communication setup I suppose. Granted, I
doubt your everyday worm would be able to make the jump via
specialized instructions to the serial outlet, however if something
was programed to do such a thing, I'm sure it's possible.

If it's just connected to the LAN as a PC, then you have a lot more to
worry about obviously. (Depending on the network protocol, there may
be little limitations at all.) Are you able to update this Windows
2000 install? Is it extremely customized for this laser, or does the
laser software just work on Windows?

~G

On Mon, 30 Aug 2004 19:35:25 +0200, Jean Gruneberg
<gruneberg@absamail.co.za> wrote:

Hi all

OK - here is a basic question - sorry if this is totally clueless.

I have a client who runs a heavy engineering shop.  To date all his
computerised punches and bend breaks etc. have been driven via a windows CAD
workstation talking to them on a serial cable - basically a data dump to the
machine which runs a modified dos based OS.

So he buys a new sheet metal laser cutter and they bring the system online
whilst I'm busy throwing shielded cabling for serial comms to the new
machine - lo and behold the system boots to windows 2000 (the concept of a
high powered laser metal cutting device driven by windows is another
conversation entirely...)

So I have a closer look at the beast and it is basically a pc built into a
very large machine - has all the usual LAN / USB etc.  The system even comes
pre-installed with Norton AV.  We (read me) make a management decision not
to park said machine on the LAN (concept of disgruntled employee and said
laser)  also the data suite that talks to the laser is now windows based and
not an old dos prompt data suite to the older machines.

So the question is, is a pc / machine connected to another pc via serial
cable only using specialised windows software to move data to the machine at
all vulnerable to viruses?  Can they transmit themselves across a serial
cable?

Jean

---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




-- 
Peace. ~G

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] RealVNC server 4.0 remote ddos vulnerability with exploit, Orhan BAYRAK
Next by Date:  Fwd: [Full-Disclosure] mailing error, Über GuidoZ
Previous by Thread:  [Full-Disclosure] Viral infection via Serial Cable, Jean Gruneberg
Next by Thread:  RE: [Full-Disclosure] Viral infection via Serial Cable, Jean Gruneberg
Indexes:  [Date] [Thread] [Top] [All Lists]