Gadgetell | Tech News, Reviews, and Interesting Things

You say you first thought that the plot of “Live Free or Die Hard” was simply the product of a screenwriter’s overheated imagination? That the idea of cyberterrorists taking over electric utility/natural gas/traffic/financial market computer systems was just too far-fetched to be believed, even though it was uber-cool to see Bruce Willis take down a fighter jet with his bare hands?

O ye of little faith in Hollywood. Remember, the 9/11 Commission faulted U.S. intelligence agencies for having “a failure of imagination.” And “Live Free or Die Hard’s” script was partially based on a non-fiction article in Wired Magazine that described the scenario for a so-called “fire sale” attack on America’s infrastructure.

Now Core Security Technologies, which makes security testing systems, says it’s discovered a flaw in industrial process control software that could allow real-life bad guys to “access and take over systems being run in the aerospace, food, manufacturing, oil and gas industries.” At least that’s the lapel-grabbing headline in the Core Security Technology press release, and that of course leads me into my usual caveat about security announcements coming from companies selling security products.

The AP says it was able to get a debrief from Core Security officials about the flaw before its security advisory went out. Its story stresses that no mischief has showed up so far, the flaw was patched last week (five months after notification from Core Security), and the exposed system must have access to the Internet, which most utility networks don’t allow. But the same type of flaw could show up in similar software, and someone working on the inside...(cue theme from “Live Free or Die Hard” here.)

Read [Associated Press via Yahoo!] Read [Core Security Technologies]