Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Cisco IOS often targeted by hackers

Filed under
Security

IT professionals constantly worry about the next computer virus or worm, but there is a greater threat that is often ignored - Cisco routers. While many people think of the router as a hardware device, Cisco IOS, the software that powers the vast majority of routers is vulnerable to attack. Today, at the Black Hat computer security conference in Las Vegas, security expert Michael Lynn demonstrated just how easily a router can be taken over.

Routers are vital to the Internet as they route and prioritize traffic around the world. Using various techniques that we will explain in a later article, Lynn was able to move memory values within a Cisco router, thereby gaining the "enable" prompt or administrator access.

Full Article.

Cisco hits back at flaw researcher

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference.

Lynn alledgedly decompiled Cisco's software for his research and by doing so violated the company's rights. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," a Cisco spokesman said.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Researcher Lost Job after Cisco presentation

The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Flaw researcher settles dispute with Cisco

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organizers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.

Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Leftovers: Software

Emulation or WINE

Fedora: The Latest

  • New "remi-php71" repository
  • PHP on the road to the 7.1.0 release
  • First round of Fedora 24 Updated Lives now available. (torrents expected later this week)
    As noted by my colleague on his blog the first round of F24 Updated Lives are now available and carry the date 20160720, Also as mentioned last week on his blog F23 Respins are not going to be actively made, however we and the rest of the volunteer team will field off-off requests as time and resources permit. We are considering a new/second tracker for the Updated Spins but as of today there are only .ISO files available at https://alt.fedoraproject.org/pub/alt/live-respins [shortlink] F24 Live-Respins . The F24 respins carry the 4.6.4-200 Kernel and roughly ~500M of updates since the Gold ISOs were released just 5 weeks ago. (some ISOs have more updates, some less)

Leftovers: Ubuntu

  • Snappy Packaging Happenings In The Fedora, Arch Space
    This week Canonical hosted a Snappy Sprint in Heidelberg, Germany where they worked to further their new package management solution originally spearheaded for Ubuntu Touch. This wasn't an Ubuntu-only event, but Canonical did invite other distribution stakeholders. Coming out of this week's event were at least positive moments to share for both Arch and Fedora developers. The Arch snaps package guy made progress on snap confinement on Arch. Currently when using Snaps on Arch, there isn't any confinement support, which defeats some of the purpose. There isn't any confinement support since it relies upon some functionality in the Ubuntu-patched AppArmor with that code not yet being mainlined. Arch's Timothy Redaelli has got those AppArmor patches now running via some AUR packages. Thus it's possible to get snap confinement working on Arch, but it's not yet too pleasant of an experience.
  • PhantomJS 2.1.1 in Ubuntu different from upstream
    At the moment of this writing Vitaly's qtwebkit fork is 28 commits ahead and 39 commits behind qt:dev. I'm surprised Ubuntu's PhantomJS even works.
  • Ubuntu 16.04.1 LTS released
    Ubuntu 16.04 is a LTS version of Ubuntu.Now Ubuntu team has announced the release of it's first point release,Ubuntu 16.04.1.This first point release includes many updates containing bug fixes and fixing security issues as well and as always what most of users want from a distribution and most of distributions tries to perform,Stability.This release is also well focoused on stabilty as Ubuntu 16.04.