The Black Hat Conference featured an interesting session on the Cisco vulnerability. Michael Lynn, formerly of ISS, did a presentation on the Cisco vulnerability. It took him six months to write the code for the exploit, but less than a minute to execute it. He demonstrated the exploit at the conference, leaving out the essential steps for accomplishing the feat. Cisco and ISS had initially supported Lynn’s presentation, but yanked that support on Friday. Lynn subsequently quit his position at ISS to do the presentation. ISS and Cisco threatened to sue, but Lynn persisted. Gaining access to Cisco’s router OS would be a big, big problem. …This would allow a hacker to passively watch traffic that passes through it. And since Cisco is such a big player on the internet, this could be a very big compromise. Cisco had issued a patch for the problem last April, but you have to wonder just how many have been applied. Lynn’s justification in demonstrating the attack is simply to educate and turn up the heat. Lynn said, “They had to do what’s right for their shareholders; I understand that. But I figured I needed to do what’s right for the country and for the national critical infrastructure.” (Source: Kim Zetter, Wired)
Related Posts:
Router Drive By Pharming Exploit Symantec has released an interesting research paper. The paper details a javascript (and Java applet) exploit that can change...
