SANS ISC: More Cisco/Blackhat

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Cisco/Blackhat

We did receive quite a bit of input about Michael Lynn's presentation about the
Cisco flaws. Beyond what was reported in the press, we have nothing new/different
to add. It looks like things will move to the courts.

The quick summary: Michael Lynn talked about how to better exploit known
flaws in Cisco IOS. He did not talk about any new / 0 day vulnerability. However,
with his work it could be easier to write exploit code that will change router
settings or run arbitrary code. Most of these techniques have been discussed before, but the presentation put a lot of them in an easier to understand content.

What does it mean for companies running Cisco equipment: Patch. It is possible that some flaws, which where considered 'DOS only' flaws at this point, can be
used to execute code on the router. Cisco routers may attrack more attention
as a result of the presentation (not like they got left out of the games so far).

So again: Nothing fundamentally new, but a new quality of exploitation. At this point, its more of a legal issue then a technical issue.

Some links that go into more detail about the affair:

http://blogs.washingtonpost.com/securityfix/

http://www.securityfocus.com/news/11259
Feel free to voice your opinion in our , but keep it civil (the forum is moderated, and now email addresses are obfuscated).

Windows Genuine Advantage update

Update to windows genuine advantage.
One reader pointed out that despite microsoft's asserting to the contrary this "patch" could be backed out. I won't be providing the details. Donald Smith