Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Cisco IOS often targeted by hackers

Filed under
Security

IT professionals constantly worry about the next computer virus or worm, but there is a greater threat that is often ignored - Cisco routers. While many people think of the router as a hardware device, Cisco IOS, the software that powers the vast majority of routers is vulnerable to attack. Today, at the Black Hat computer security conference in Las Vegas, security expert Michael Lynn demonstrated just how easily a router can be taken over.

Routers are vital to the Internet as they route and prioritize traffic around the world. Using various techniques that we will explain in a later article, Lynn was able to move memory values within a Cisco router, thereby gaining the "enable" prompt or administrator access.

Full Article.

Cisco hits back at flaw researcher

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference.

Lynn alledgedly decompiled Cisco's software for his research and by doing so violated the company's rights. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," a Cisco spokesman said.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Researcher Lost Job after Cisco presentation

The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Flaw researcher settles dispute with Cisco

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organizers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.

Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Ubuntu Budgie 17.10 Releases with Budgie Desktop 10.4, Night Light, and More

Ubuntu Budgie is a more recent officially recognized flavor of the popular and free Ubuntu operating system, and today it has been updated to version 17.10 as part of the Ubuntu 17.10 (Artful Aardvark) release. Read more

BeagleBone based 3D printer focuses on ease of use

The “Voladd 3D Printer” features a Linux-driven BeagleBone SBC that connects to a cloud-based sharing site, plus a unique cartridge and cooling system. San Sebastián, Spain based Voladd has won Kickstarter funding for a Voladd 3D printer that runs Debian Linux on a BeagleBone Black single board computer. Like several other Linux-based printers we’ve seen (see farther below) the Voladd connects to a cloud service, and does not require an attached computer. The printer stands out with its mobile app remote control, as well as a streamlined cloud interface that lets you download one of thousands of free designs in 25 categories and share designs and printer access with others. Kickstarter pricing starts with early bird packages of 499 Euros ($591), with shipments due in December. Read more

Ubuntu 17.10 Released! See What's New in Ubuntu 17.10

Ubunt 17.10 has been released. Check out the new features in Ubuntu 17.10 and see how to upgrade to Ubuntu 17.10. Read more

OSS: Open Source Initiative, Open Xchange, OpenOffice, MakerBot

  • Open Source Initiative Welcomes Cumulus Networks As Premium Sponsor
    The Open Source Initiative® (OSI), the internationally recognized home of the open source software movement working to raise awareness and adoption of open source software, announced today the generous sponsorship of Cumulus Networks. Cumulus joins OSI's growing community of corporations that recognize the importance of not only investing in open source software projects and development, but also building a diverse ecosystem that promotes collaboration, enables innovation, and ensures quality. Cumulus Networks has a strong tradition of internally-driven development of original open source software, including most notably, contributions to the Linux kernel that complete the data center feature set for Linux such as Virtual Routing and Forwarding (VRF), MPLS, MLAG infrastructure, multicast routing features, etc. Cumulus' most recent open source effort is FRRouting, co-developed by a group of contributing companies in the open networking space, to enhance routing protocols. Cumulus Networks has also been a key driving member of the Open Network Install Environment (ONIE) with contributions to the Open Compute Project, Prescriptive Topology Manager--which simplifies the deployment of large L3 networks--and ifupdown2, a rewrite of Debian's tool for configuring networks that greatly simplifies large, complicated networking configurations.
  • Let's dig into how open source could KO the Silicon Valley chat silos
    There's never been a better opportunity for the world to start untangling itself from the giant Silicon Valley data harvesters than now. Last week, we revealed a plan to embed open-source chat into three quarters of the world's IMAP servers. And this may be an important development. Maybe. Google, Yahoo!, Apple and Microsoft handle around half the world's email, some 2.5 billion users, while open-source IMAP servers handle the rest, around 2.5-3 billion. Of these the Dovecot open-source server, part of the German business Open Xchange, is installed on 75 per cent of boxes. Quietly drop IM into the mix, and you've given the world a reason to leave WhatsApp.
  • Open source, agility powering enterprise IT
    Looking back over the past decade, history has certainly demonstrated that trying to predict the pace and nature of technology development is a near impossible task, writes Quentin Barnard, lead architect at redPanda Software. While analysts, business leaders and policymakers have certainly made wise predictions, businesses and individuals have to remain agile, responsive and open-minded to a wide possibility of outcomes and developments. It is also helpful, however, to reflect on key trends that have emerged in recent times — and to use this information to prepare for the years ahead. For software developers and development houses, several prominent themes emerged in 2017.
  • The Apache Software Foundation Announces Five Years of Apache® OpenOffice™ as a Top-Level Project
    The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the five-year anniversary of Apache® OpenOfficeTM, the leading Open Source office document productivity suite.
  • MakerBot Labs: new experimental 3D printing platform is MakerBot's olive branch to open source community
    New York 3D printing company MakerBot has launched MakerBot Labs, an experimental platform with open APIs, custom print modes, and an online resource-sharing site. The platform purportedly allows users to “push the limits” of 3D printing.
  • MakerBot attempts to embrace the open-source community with its new Labs platform
    The topic of open source has been a touchy one for MakerBot over the past decade. The one-time 3D-printing darling was the subject of some serious smack talk among the maker community when it stopped disclosing machine design in 2012 — a departure from the company’s roots as in the open-source Rep-Rap community. Announced this week, MakerBot Labs doesn’t mark a full return to those roots, but it does find the company carving out a niche for the DIY community that was once a driving force in its rapid growth. “I understand the history,” CEO Nadav Goshen told TechCrunch during a phone call this week, “This is one step in the direction. It’s a step to understand that there are limitations to openness. Openness for us doesn’t mean we have to compromise on quality or ease of use. We’re trying to take responsibility for both.”