Paul Roberts at threatpost on a Texas SCADA hack:
“This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this,” he wrote in an e-mail to Threatpost.
“I’m sorry this ain’t a tale of advanced persistent threats and stuff, but frankly most compromises I’ve seen have been have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint.”
When the security people are not involved in a project you end up with stupidity like this. There should have been auditing controls in place to prevent a live system relying on a three-character password from being placed online. (via Brooks Review)