Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Cisco IOS often targeted by hackers

Filed under
Security

IT professionals constantly worry about the next computer virus or worm, but there is a greater threat that is often ignored - Cisco routers. While many people think of the router as a hardware device, Cisco IOS, the software that powers the vast majority of routers is vulnerable to attack. Today, at the Black Hat computer security conference in Las Vegas, security expert Michael Lynn demonstrated just how easily a router can be taken over.

Routers are vital to the Internet as they route and prioritize traffic around the world. Using various techniques that we will explain in a later article, Lynn was able to move memory values within a Cisco router, thereby gaining the "enable" prompt or administrator access.

Full Article.

Cisco hits back at flaw researcher

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference.

Lynn alledgedly decompiled Cisco's software for his research and by doing so violated the company's rights. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," a Cisco spokesman said.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Researcher Lost Job after Cisco presentation

The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Flaw researcher settles dispute with Cisco

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organizers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.

Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux on Servers

Debian, Devuan, and Ubuntu

  • My Free Software Activities in April 2016
    I handled a new LTS sponsor that wanted to see wheezy keep supporting armel and armhf. This was not part of our initial plans (set during last Debconf) and I thus mailed all teams that were impacted if we were to collectively decide that it was OK to support those architectures. While I was hoping to get a clear answer rather quickly, it turns out that we never managed to get an answer to the question from all parties. Instead the discussion drifted on the more general topic of how we handle sponsorship/funding in the LTS project.
  • Initial Planning For Ubuntu 16.10 Today At UOS
    Beyond the announcement that Ubuntu 16.10 won't ship with Mir and Unity 8 by default, many other items were discussed for the Ubuntu 16.10 release due out in October.
  • Ubuntu 16.10 Isn't Going To Use Mir / Unity 8 By Default
    Well, another setback for Unity 8 and Mir. Kicking off the Ubuntu Online Summit for Ubuntu 16.10, it's been confirmed that the Unity 8 desktop and Mir display server will not be the default for the desktop spin. Similar to the current situation with existing Ubuntu releases, Unity 8 and Mir will be available as an opt-in feature for users wanting to upgrade their desktop, but Unity 7 and the faithful X.Org Server is planned to be the default for Ubuntu 16.10 Yakkety Yak.
  • Devuan Beta Release
    After two years in development, a beta release of the Devuan distro has made it into the world (Devuan is a registered trademark of the Dyne.org foundation). Devuan is a very Debian-ish distro. In fact, it basically is Debian, with one notable absence. Devuan doesn't use systemd. In fact, that's its main claim to fame. Devuan was created to offer an alternative to Debian fans who were alienated by the controversial switch to systemd.

Leftovers: OSS

today's howtos