Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Cisco IOS often targeted by hackers

Filed under
Security

IT professionals constantly worry about the next computer virus or worm, but there is a greater threat that is often ignored - Cisco routers. While many people think of the router as a hardware device, Cisco IOS, the software that powers the vast majority of routers is vulnerable to attack. Today, at the Black Hat computer security conference in Las Vegas, security expert Michael Lynn demonstrated just how easily a router can be taken over.

Routers are vital to the Internet as they route and prioritize traffic around the world. Using various techniques that we will explain in a later article, Lynn was able to move memory values within a Cisco router, thereby gaining the "enable" prompt or administrator access.

Full Article.

Cisco hits back at flaw researcher

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference.

Lynn alledgedly decompiled Cisco's software for his research and by doing so violated the company's rights. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," a Cisco spokesman said.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Researcher Lost Job after Cisco presentation

The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Flaw researcher settles dispute with Cisco

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organizers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.

Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Ubuntu 16.10 Final Beta Officially Released with Linux Kernel 4.8, Download Now

Delayed six days, the Final Beta release of the upcoming Ubuntu 16.10 (Yakkety Yak) operating system launched today, September 28, 2016, as the final development snapshot in the series. Today's Final Beta is in fact the first Beta pre-release version of Ubuntu 16.10, and the only development milestone that you'll be able to test if you want to see what's coming to the next major release of Ubuntu Linux. However, we can tell you that it is powered by Linux kernel 4.8, contains up-to-date applications, and still uses the Unity 7 UI. "The Ubuntu team is pleased to announce the final beta release of Ubuntu 16.10 Desktop, Server, and Cloud products. Codenamed "Yakkety Yak", 16.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," reads the announcement. Read more

Parsix GNU/Linux 8.5 "Atticus" to Reach End of Life on September 30, 2016

The Parsix GNU/Linux developers announced that the end-of-life status is approaching fast for the Parsix GNU/Linux 8.5 "Atticus" operating system, urging users to upgrade to the latest release immediately. Dubbed Atticus and based on the Debian GNU/Linux 8.5 "Jessie" operating system, Parsix GNU/Linux 8.5 was unveiled seven months ago, on February 14, 2016. Running the long-term supported Linux 4.1.17 kernel injected with TuxOnIce 3.3 and BFS patches, it was built around the GNOME 3.18 desktop environment with the GNOME Shell 3.18.3 user interface. The end of life (EOL) will be officially reached on September 30, 2016, which means that users of the Parsix GNU/Linux 8.5 "Atticus" operating system will no longer receive security and software updates. Therefore, they are urged today to upgrade to the latest, most recent version of the Debian-based distribution, Parsix GNU/Linux 8.10 "Erik." Read more

SteamOS 2.93 Brewmaster Beta Adds New Security Fixes from Debian GNU/Linux 8.6

Valve's SteamOS 2 gaming operating system is still getting goodies, and it looks like a new Beta update has been pushed on September 26, 2016, to the brewmaster_beta channel for public beta testers. That's right, SteamOS 2.93 Brewmaster Beta is here to replace the previous build announced earlier this month, SteamOS 2.91 Brewmaster Beta, and add the latest security fixes and updates from upstream. This means that SteamOS is now officially based on the recently released Debian GNU/Linux 8.6 "Jessie" operating system. "SteamOS brewmaster update 2.93 pushed to brewmaster_beta. Corrects a build issue where the last kernel updates were not actually included. Also updates from the Debian 8.6 release[www.debian.org] and the usual security fixes," says John Vert, Valve engineer, in the release announcement. Read more