From BlackHat Convention:
The backdoors that Cisco and other networking companies implement in
their routers and switches for lawful intercept are front and center
again at this week's Black Hat security conference. A few years ago,
they were cause celebre in some VoIP wiretapping arguments and court
rulings.
This time, an IBM researcher told Black Hat conference attendees that
these openings can still expose information about us to hackers and
allow them to watch our Internet activity. Backdoors are implemented
in routers and switches so law enforcement officials can track the
Internet communications and activity of an individual or individuals
under surveillance. They are required by
law[http://www.networkworld.com/news/2007/012307-us-govt-wiretapping-laws-and.html
] to be incorporated in devices manufactured by networking companies
and sold to ISPs.
In this report from
Forbes[http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html?feed=rss_technology_security
], IBM Internet Security Systems researcher Tom Cross demonstrated how
easily the backdoor in Cisco IOS can be exploited by hackers. When
they gain access to a Cisco router, they are not blocked after
multiple failed access attempts nor is an alert sent to an
administrator. Any data collected through the backdoor can be sent to
anywhere -- not just merely to an authorized user, Forbes reports.
What's more, an ISP is not able to perform an audit trail on whoever
tried to gain access to a router through the backdoor - that nuance
was intended to keep ISP employees from detecting the intercept and
inadvertently tipping off the individual under surveillance. But
according to IBM's Cross, any authorized employee can use it for
unauthorized surveillance of users and those privacy violations cannot
be tracked by the ISP.
Cisco said it is aware of Cross's assertions and is taking them under
consideration. To Cisco's credit, it is the only networking company
that makes its lawful intercept architecture public, according to the
recommendations of the IETF, the Forbes story states. Other companies
do not, which means they may be susceptible to the same security
flaws, or worse.
On Feb 10, 2010, at 3:40 PM, Jack Unger wrote:
Not only don't they pay for it but they are also in favor of it
because it gives them JOBS... good, government JOBS. Thus government
gets even bigger with no real results to show for it and with a
further reduction in the rights granted citizens by the Bill of
Rights. http://en.wikipedia.org/wiki/United_States_Bill_of_Rights.
jack
Tom DeReggi wrote:
a survey of state computer crime investigators found them to be
nearly
unanimous in supporting the idea.
Really? What an idiot, of course they are. They dont pay for it.
Tom DeReggi
RapidDSL Wireless, Inc
IntAirNet- Fixed Wireless Broadband
- Original Message -
From: Mark McElvy mmce...@accubak.com
To: Principal WISPA Member List w...@wispa.org; WISPA General
List
wireless@wispa.org
Sent: Monday, February 08, 2010 9:07 PM
Subject: [WISPA] FBI wants records kept of Web sites visited |
Politics
andLaw - CNET News
http://news.cnet.com/8301-13578_3-10448060-38.html?tag=nl.e404
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
Jack Unger - President, Ask-Wi.Com, Inc.
Network Design - Technical Training - Technical Writing
Serving the Broadband Wireless, Networking and Telecom Communities
since 1993
www.ask-wi.com 818-227-4220 jun...@ask-wi.com
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org