Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Cisco IOS often targeted by hackers

Filed under

IT professionals constantly worry about the next computer virus or worm, but there is a greater threat that is often ignored - Cisco routers. While many people think of the router as a hardware device, Cisco IOS, the software that powers the vast majority of routers is vulnerable to attack. Today, at the Black Hat computer security conference in Las Vegas, security expert Michael Lynn demonstrated just how easily a router can be taken over.

Routers are vital to the Internet as they route and prioritize traffic around the world. Using various techniques that we will explain in a later article, Lynn was able to move memory values within a Cisco router, thereby gaining the "enable" prompt or administrator access.

Full Article.

Cisco hits back at flaw researcher

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference.

Lynn alledgedly decompiled Cisco's software for his research and by doing so violated the company's rights. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," a Cisco spokesman said.

Full Story.

You talk the talk, but do you waddle the waddle?

Researcher Lost Job after Cisco presentation

The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.

Full Story.

You talk the talk, but do you waddle the waddle?

Flaw researcher settles dispute with Cisco

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organizers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.

Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.

Full Story.

You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Games Leftovers

  • Atari reboots Ataribox as Atari VCS, teases April pre-order date
    Legendary game company Atari set retro hearts aflutter last year when it launched an Indiegogo crowdfunding campaign for something called the Ataribox, a living room device running Linux and supposedly combining the features of a PC with a video game console -- complete with some Atari classic games. But the December 14 pre-order date Atari set was abruptly canceled after an unspecified technical issue, and it looked like the Ataribox would never reach any actual customers. This week, however, the company has emerged at the Game Developers Conference with some very similar hardware, albeit with a new name.
  • The Rocket League 'Spring Fever' event is live promising lots of flower power
    Ready to earn some more cosmetic items? The Spring Fever event in Rocket League [Steam] is now live and you can earn yourself some new items using Flowers you earn while playing like this:
  • Epic Games releases the assets from Paragon, for Unreal Engine developers
    In a move that's both surprising and rather welcome, Epic Games has decided to release the assets from their FPS MOBA Paragon for Unreal Engine developers, since they're shutting it down. This will include 20 AAA-quality characters, with their respective skins, animations, VFX and dialogue, along with over 1,500 environment components from Paragon. Here's where it's a bit insane, this all cost Epic Games around $12 million! It's pretty insane how much it costs to make AAA-like games now—eye watering.
  • Game engine Construct 3 adds a remote preview, new runtime is coming to improve game performance
    I'm a huge fan of drag and drop creation tools like Construct 3 [Official Site], that allow you to create games by building simple events sheets and it seems they've continued making Construct 3 more awesome to use.
  • Open-source re-implementation of RollerCoaster Tycoon 2 'OpenRCT2' has a fresh update
    Miss the days of playing RollerCoaster Tycoon 2? Miss them no more, as OpenRCT2 [GitHub, Official Site] is alive and well with a fresh update. Like many open source game engines, it allows you to play RollerCoaster Tycoon 2 on systems not designed for it—like Linux. Naturally, it comes with tons of improvements like user interface theming, fast-forwarding gameplay, multiplayer and so on.
  • Zombasite - Orc Schism, the expansion to the action RPG is out adding more content
    Here's one I sadly missed, released back in December (oh my!), Zombasite - Orc Schism [Steam, GOG] is an expansion to the dynamic zombie apocalypse action RPG.

GNOME: GitLab Migration and More

  • IMPORTANT: GitLab mass migration plan
    I know some fellows doesn’t read desktop-devel-list, so let me share here an email that it’s important for all to read: We have put in place the plan for the mass migration to GitLab and the steps maintainers needs to do.
  • ED Update – week 11
  • Reflections on Distractions in Work, Productivity and Time Usage
    For the past year or so I have mostly worked at home or remote in my daily life. Currently I’m engaged in my master thesis and need to manage my daily time and energy to work on it. It is no surprise to many of us that working using your internet-connected personal computer at home can make you prone to many distractions. However, managing your own time is not just about whipping and self-discipline. It is about setting yourself up in a structure which rewards you for hard work and gives your mind the breaks it needs. Based on reflections and experimentation with many scheduling systems and tools I finally felt I have achieved a set of principles I really like and that’s what I’ll be sharing with you today. [...] Minimizing shell notifications: While I don’t have the same big hammer to “block access to my e-mail” here, I decided to change the order of my e-mail inboxes in Geary so my more relevant (and far less activity prone) student e-mail inbox appears first. I also turned off the background e-mail daemon and turned off notification banners in GNOME Shell. [...] Lastly, I want to give two additional tips. If you like listening to music while working, consider whether it might affect your productivity. For example, I found music with vocals to be distracting me if I try to immerse myself in reading difficult litterature. I can really recommend Doctor Turtle’s acoustic instrumental music while working though (all free). Secondly, I find that different types of tasks requires different postures. For abstract, high-level or vaguely formulated tasks (fx formulating goals, reviewing something or reflecting), I find interacting with the computer whilst standing up and walking around to really help gather my thoughts. On the other hand with practical tasks or tasks which require immersion (fx programming tasks), I find sitting down to be much more comfortable.

OSS, Openwashing and FUD

Open Data (OD) for Research of Shootings