Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Cisco IOS often targeted by hackers

Filed under

IT professionals constantly worry about the next computer virus or worm, but there is a greater threat that is often ignored - Cisco routers. While many people think of the router as a hardware device, Cisco IOS, the software that powers the vast majority of routers is vulnerable to attack. Today, at the Black Hat computer security conference in Las Vegas, security expert Michael Lynn demonstrated just how easily a router can be taken over.

Routers are vital to the Internet as they route and prioritize traffic around the world. Using various techniques that we will explain in a later article, Lynn was able to move memory values within a Cisco router, thereby gaining the "enable" prompt or administrator access.

Full Article.

Cisco hits back at flaw researcher

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference.

Lynn alledgedly decompiled Cisco's software for his research and by doing so violated the company's rights. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," a Cisco spokesman said.

Full Story.

You talk the talk, but do you waddle the waddle?

Researcher Lost Job after Cisco presentation

The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.

Full Story.

You talk the talk, but do you waddle the waddle?

Flaw researcher settles dispute with Cisco

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organizers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.

Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.

Full Story.

You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security News

Red Hat and Fedora

  • Diamanti and Red Hat Announce OpenShift Commons Webinar Revealing CI/CD DevOps Breakthroughs With Container Converged Infrastructure
  • UKCloud Creates an Open Source Alternative for UK Public Sector with Red Hat OpenStack Platform
    Red Hat, Inc. (NYSE:RHT), the world’s leading provider of open source solutions, today announced that UKCloud, the foremost public cloud provider for UK government, has standardized on Red Hat OpenStack Platform with Red Hat Ceph Storage to lead its public sector customers through their digital transformation journey. The Infrastructure-as-a-Service cloud platform is designed to enable UKCloud’s customers to deliver digital services directly to citizens by providing the required levels of scalability, performance and assurance.
  • Rackspace Enhances Private Cloud with Red Hat CloudForms
    Rackspace (NYSE: RAX) today announced support for Red Hat CloudForms, an enterprise management platform. With this new capability, enterprise customers can now use the power of Red Hat CloudForms in conjunction with Rackspace Private Cloud powered by Red Hat, which is managed and supported by two leading OpenStack vendors in the industry. This is an important milestone for Rackspace customers who want to deliver a complete private cloud solution to their users across multiple cloud platforms. For Rackspace and Red Hat, it is a continuation of the companies' commitment to empowering customers by enhancing capabilities in the core OpenStack project, while also integrating value-added software when appropriate.
  • Pay Close Attention To These Analyst Ratings: Red Hat, Inc. (NYSE:RHT), Facebook, Inc. (NASDAQ:FB)
  • The perils of long development cycles
    As for today, latest version of systemd is v231, released in July 2016. This is the version that will be in Fedora 25 (to be GA in three weeks). That's quite a long time between releases for systemd – we used to have a new version every two weeks. During the hackfest at systemd.conf 2016, I've tried to tackle three issues biting me with Fedora 24 (v229, released in February this year) and F25. The outcome was… unexpected.
  • Switchable / Hybrid Graphics support in Fedora 25
    Recently I've been working on improving hybrid graphics support for the upcoming Fedora 25 release. Although Fedora 25 Workstation will use Wayland by default for its GNOME 3 desktop, my work has been on hybrid gfx support under X11 (Xorg) as GNOME 3 on Wayland does not yet support hybrid gfx,

Android Leftovers

Tizen News

  • Samsung’s Quantum Dot SUHD named ‘TV of the Year’ in UK
    It is evident that Samsung has been having a hard time to gain back customers’ trust after the Note 7 disaster. However, not everything’s going wrong for the South Korean Electronics giant. The company’s Tizen Based Quantum DOT SUHD (2016) TV was named as the “2016 TV of the year” by some of the top IT magazines in the UK. Samsung’s Quantum DOT SUHD TVs bagged 5 out 5 points from “WHAT HI-FI” internet tech magazine which also obviously had to be the top score.
  • FootLOL – Crazy Football game for Tizen
    Last week lots of games were added to the Tizen store. Zombie Derby 2 is one of them by Herocraft Ltd. Today they added another game in the Tizen Store named FootLOL – Crazy Football.
  • Putin’s standard for IoT is the new 1984
    As the Internet of Things gets more popular new questions arise: which protocol will become the open standard for supporting IoT networks across a huge array of devices around the world? Today we start hearing some answers from Russia. Igor Shchyogolev, former Minister of Telecommunications between 2008 and 2012, is thinking about a service that involves both an Internet card and a City card for citizen to use the Internet, hence named “Internet + City card” or just “Internet + City”. Long story short, Russia is contemplating the hypothesis of domestic regulation, rather than an intergovernmental agreement between major countries involved. Testament to this intent are Russian focus towards cryptographic protection and the plan of the country to substain such autarchics drives with national production of chips and direct control of both analog and digital TV frequencies.
  • App: ASMR Sounds by Dreamroad Production is available on Tizen Store
  • Samsung’s Announces its First 8GB LPDDR4 DRAM Package