Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Cisco IOS often targeted by hackers

Filed under
Security

IT professionals constantly worry about the next computer virus or worm, but there is a greater threat that is often ignored - Cisco routers. While many people think of the router as a hardware device, Cisco IOS, the software that powers the vast majority of routers is vulnerable to attack. Today, at the Black Hat computer security conference in Las Vegas, security expert Michael Lynn demonstrated just how easily a router can be taken over.

Routers are vital to the Internet as they route and prioritize traffic around the world. Using various techniques that we will explain in a later article, Lynn was able to move memory values within a Cisco router, thereby gaining the "enable" prompt or administrator access.

Full Article.

Cisco hits back at flaw researcher

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference.

Lynn alledgedly decompiled Cisco's software for his research and by doing so violated the company's rights. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," a Cisco spokesman said.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Researcher Lost Job after Cisco presentation

The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Flaw researcher settles dispute with Cisco

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organizers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.

Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.

Full Story.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Leftovers: Gaming

  • Launching into Orbit
    We’re excited to announce today the release of a BioWare project that’s unlike anything we’ve done before. Over the past few months, the BioWare Online Services team has been working hard on the next-generation of our online technology platform: Orbit.
  • The Big SuperTuxKart Update Is Almost Ready
    Towards the end of last year a development version of a big new version of SuperTuxKart was released that brought a new OpenGL 3.1+ graphics engine and other improvements. The new SuperTuxKart game looks great (especially for being an open-source game) and is now closer to being officially released with now having an RC version out.
  • Humble Indie Bundle 14 Drops Torchlight 2, Outlast, and Other Awesome Games on Linux
    Following on the footsteps of the fantastic success of the previous Humble Indie Bundle initiatives, the awesome people behind Humble Bundle, Inc. have put together yet another amazing collection of cross-platform games entitled Humble Indie Bundle 14.
  • New Linux Gaming Survey For April
    The new GOL survey for April is now available, so please make sure to fill it in if you have the time.
  • Team Fortress 2 Update Brings Balancing Fixes
    Team Fortress 2 is an online multiplayer game developed by Valve and it's one of the most popular titles on Steam for Linux. A new update has been released for it, and it applies to the Linux version as well.
  • Grass Simulator Fully Released With Linux Support
    April Fools! Wait, this is real? Grass Simulator added Linux support recently, and today they have released the final version.

Android Leftovers

CentOS 7 Update and Red Hat

  • Latest CentOS 7 Update Brings Support for Intel Broadwell, AMD Hawaii, and Btrfs
    The CentOS development team, through Karanbir Singh, announced at the end of March 2015 that a new build for the stable CentOS 7 Linux operating system is available for download and update.
  • CentOS 7.1-1503 Screenshot Tour
  • Red Hat helping you (J)Boss your Big Data
    New product enhancements are designed to help enterprises get more out of their Big Data.
  • JOSE – JSON Object Signing and Encryption
    Federated Identity Management has become very widespread in past years – in addition to enterprise deployments a lot of popular web services allow users to carry their identity over multiple sites. Social networking sites especially are in a good position to drive the federated identity management, as they have both critical mass of users and the incentive to become an identity provider. As the users move away from a single device to using multiple portable devices, there is a constant pressure to make the federated identity protocols simpler (with respect to complexity), more user friendly (especially for developers) and easier to implement (on wide range of devices and platforms).

Linux in the Old Homestead

My darling daughter Mimi, who had installed Debian when she was 9 (with her proud father watching over her shoulder), had been an Ubuntu user for years. We’ll get to why that was OK with her Dad in a minute. Unity, of course, changed everything: She hated it as much as her father did (and does), and she switched to Linux Mint, which she had been using for the last several years. Read more