Stephen Fulton wrote:
That assumes that the worm must "discover" exploitable hosts. What if
those hosts have already been identified through other means
previously?A nation, terrorist or criminal with the means could
very well compile a relatively accurate database and use such a worm
On Fri, 29 Jul 2005, Stephen Fulton wrote:
>
> Petri Helenius wrote:
>
> > Fortunately destructive worms don't usually get too wide distribution
> > because they don't survive long.
>
> That assumes that the worm must "discover" exploitable hosts. What if
> those hosts have already been identifi
On 30/07/05, Janet Sullivan <[EMAIL PROTECTED]> wrote:
>
> If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
> 7200s, 7600s, GSRs, etc.
>
That's like saying "nobody will write windows trojans to infect tiny
PCs, they'll go after big fat *nix servers with rootkits"
Somethi
Petri Helenius wrote:
Fortunately destructive worms don't usually get too wide distribution
because they don't survive long.
That assumes that the worm must "discover" exploitable hosts. What if
those hosts have already been identified through other means previously?
A nation, terrorist
On Fri, 29 Jul 2005 17:26:45 CDT, Chris Adams said:
>
> Once upon a time, Janet Sullivan <[EMAIL PROTECTED]> said:
> > If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
> > 7200s, 7600s, GSRs, etc.
>
> Right. And if they wanted to cause chaos on computers, they'd ignore
>
Once upon a time, Janet Sullivan <[EMAIL PROTECTED]> said:
> If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
> 7200s, 7600s, GSRs, etc.
Right. And if they wanted to cause chaos on computers, they'd ignore
business desktops and home computers and target large server farms
midable revenue streams generated by those that do.
Guru
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janet
Sullivan
Sent: Friday, July 29, 2005 12:44 PM
To: [EMAIL PROTECTED]; nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Scott Morris wro
On
Behalf Of Janet Sullivan
Sent: Friday, July 29, 2005 12:44 PM
To: [EMAIL PROTECTED]; nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in
assuming they will not
be running IPv6 (current exp
On
> Behalf Of Janet Sullivan
> Sent: Friday, July 29, 2005 12:44 PM
> To: [EMAIL PROTECTED]; nanog@merit.edu
> Subject: Re: Cisco IOS Exploit Cover Up
>
>
> Scott Morris wrote:
> > And quite honestly, we can probably be pretty safe in
> assuming they will not
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other
exploits) or SSH (even other exploits) on that box. :) (the 1601 or the
2500's)
If a worm writer wanted to cause chaos, th
--- Scott Morris <[EMAIL PROTECTED]> wrote:
>
> And quite honestly, we can probably be pretty safe
> in assuming they will not
> be running IPv6 (current exploit) or SNMP (older
> exploits) or BGP (other
> exploits) or SSH (even other exploits) on that box.
> :) (the 1601 or the
> 2500's)
L
TECTED] On Behalf Of
David Barak
Sent: Friday, July 29, 2005 2:52 PM
To: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
--- John Forrister <[EMAIL PROTECTED]> wrote:
> Indeed - Cisco's hardware, especially the older, smaller boxes, tended
> to be really solid once you go
On 7/29/05, David Barak <[EMAIL PROTECTED]> wrote:
>
>
>
> --- John Forrister <[EMAIL PROTECTED]> wrote:
> > Indeed - Cisco's hardware, especially the older,
> > smaller boxes, tended
> > to be really solid once you got them running. I was
> > just pondering a
> > few minutes ago on how many 2
--- John Forrister <[EMAIL PROTECTED]> wrote:
> Indeed - Cisco's hardware, especially the older,
> smaller boxes, tended
> to be really solid once you got them running. I was
> just pondering a
> few minutes ago on how many 2500's I configured &
> installed in 1996 & 1997
> are still running t
On Fri, Jul 29, 2005 at 01:01:42AM +, Christopher L. Morrow wrote:
>
> > could they be unpatched because no one has sent out a notice saying
> > "versions before X have known vulnerabilities. upgrade now to one
> > of the following: ...?"
> or... cause new IOS won't run on them.
Indeed - C
On Fri, 29 Jul 2005, Randy Bush wrote:
>
> > I think there is also a LOT concern about all the unpatched routers that
> > remain unpatched simply because the admins don't feel like spending a week
> > running the cisco gauntlet to get patches when you don't have a support
> > contract with cisco
On Jul 28, 2005, at 8:40 PM, Randy Bush wrote:
I spoke with people with Lynn in Vegas and confirmed the following,
if anyone is watching the AP wire or Forbes you'll see that Cisco, et
al. and Lynn have settled the suit.
i missed the part where we, the likely actual injured parties, learn
to
> I spoke with people with Lynn in Vegas and confirmed the following,
> if anyone is watching the AP wire or Forbes you'll see that Cisco, et
> al. and Lynn have settled the suit.
i missed the part where we, the likely actual injured parties, learn
to what we are vulnerable and how to protect
I spoke with people with Lynn in Vegas and confirmed the following,
if anyone is watching the AP wire or Forbes you'll see that Cisco, et
al. and Lynn have settled the suit.
http://www.forbes.com/business/feeds/ap/2005/07/28/ap2163964.html
On Fri, 29 Jul 2005, Randy Bush wrote:
> could they be unpatched because no one has sent out a notice saying
> "versions before X have known vulnerabilities. upgrade now to one
> of the following: ...?"
It's interesting...yes, I do make fun of my Windows brethren about their
security problems,
> I think there is also a LOT concern about all the unpatched routers that
> remain unpatched simply because the admins don't feel like spending a week
> running the cisco gauntlet to get patches when you don't have a support
> contract with cisco. Its like cisco doesn't want you to patch or they
On Thu, 28 Jul 2005, Jason Frisvold wrote:
> On 7/27/05, Jeff Kell <[EMAIL PROTECTED]> wrote:
> > Cisco's response thus far:
> >
> > http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
> More fuel on the fire... Cisco and ISS are suing Lynn now...
> http://news.zdnet.co
Thus spake "James Baldwin" <[EMAIL PROTECTED]>
Moreover, the fix for this was already released and you have not been
able to download a vulnerable version of the software for months however
there was no indication from Cisco regarding the severity of the required
upgrade. That is to say, the
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of James Baldwin
Sent: Thursday, July 28, 2005 10:36 AM
To: [EMAIL PROTECTED]
Cc: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Lynn developed this information based on publicly av
On 7/28/05, Leo Bicknell <[EMAIL PROTECTED]> wrote:
> I am not a lawyer, and so under the current DMCA and other laws it
> may well be illegal to "decompile" code.
I'm sure all the script kiddies and real hackers out there will be
sure to obey the law.. This is the bit of the DMCA I have a huge
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of James Baldwin
> Sent: Thursday, July 28, 2005 10:36 AM
> To: [EMAIL PROTECTED]
> Cc: nanog@merit.edu
> Subject: Re: Cisco IOS Exploit Cover Up
>
>
>
> Lynn de
>>I think he's just pointing out that the risk assessments of many
network operators are way off.<<
I think there is also a LOT concern about all the unpatched routers that
remain unpatched simply because the admins don't feel like spending a week
running the cisco gauntlet to get patches when yo
On Thu, Jul 28, 2005 at 01:36:01PM -0400, James Baldwin wrote:
> On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:
> >While I do think it's obnoxious to try to
> >censor someone, on the other hand if they have proprietary internal
> >information somehow that they aren't supposed to have to begin
On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:
While I do think it's obnoxious to try to
censor someone, on the other hand if they have proprietary internal
information somehow that they aren't supposed to have to begin
with, I don't
think it is in security's best interested to commit a c
On Thu, 28 Jul 2005, Leo Bicknell wrote:
> In a message written on Thu, Jul 28, 2005 at 08:29:22AM +0100, Neil J. McRae
> wrote:
> > I couldn't disagree more. Cisco are trying to control the
> > situation as best they can so that they can deploy the needed
> > fixes before the $scriptkiddies sta
r
rumour that Michael's presentation MIGHT be made available in video
via the Washington Post web site tomorrow."
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Network Fortius
> Sent: Wednesday, July 27, 2005 6
> Lynn's statement would tend to make one believe that this is
> yet another example of a vulnerability that is awaiting an
> exploit, not one that has yet to be discovered -- a sort of
> Sword of Damocles, if you will...
I think he's just pointing out that the risk assessments of many
network o
One thing that bugs me, though, is the quote that is
credited to Lynn:
[snip]
"I feel I had to do what's right for the country and the national
infrastructure," he said. "It has been confirmed that bad people are working on
this (compromising IOS). The right thing to do here is to make sure th
If I were to venture a guess (and it would be just
that, a guess), I'd say that you're probably spot on.
I wonder who's having more fun this week? The folks
at Black Hat, or the folks in The Netherlands at the
"Politics of Psychedelic Research" or perhaps the
"Fun and Mayhem with RFID" sessions a
In a message written on Thu, Jul 28, 2005 at 10:14:42AM -0400, Scott Morris
wrote:
> And yet, look how much havoc was created there. It's always the "potential"
> stuff that scares people more. While I do think it's obnoxious to try to
> censor someone, on the other hand if they have proprietary
On Thu, Jul 28, 2005 at 07:03:31AM -0700, Eric Rescorla wrote:
>
> Can you or someone else who was there or has some details describe
> what the actual result is and what the fix was? Based on what I've
> been reading, it sounds like Lynn's result was a method for exploiting
> arbitrary new vulne
to commit a crime in order to get
tighter security.
Is this the technical version of civil disobedience?
Scott
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
James Baldwin
Sent: Thursday, July 28, 2005 9:24 AM
To: Neil J.McRae
Cc: nanog@merit.edu
Subject
* James Baldwin:
> A fix had been generated with the vendor and it was time that the
> information to become public so network operators understood that
> the remote execution empty world we had lived in until now was over.
Huh? Remote code injection exploits on Cisco routers have been
demonstr
James Baldwin <[EMAIL PROTECTED]> writes:
> On Jul 28, 2005, at 3:29 AM, Neil J. McRae wrote:
>
>
>> I couldn't disagree more. Cisco are trying to control the
>> situation as best they can so that they can deploy the needed
>> fixes before the $scriptkiddies start having their fun. Its
>> no diff
On 7/27/05, Jeff Kell <[EMAIL PROTECTED]> wrote:
>
> Cisco's response thus far:
>
>http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
>
> Jeff
More fuel on the fire... Cisco and ISS are suing Lynn now...
http://news.zdnet.co.uk/internet/security/0,39020375,3921101
On Jul 28, 2005, at 3:29 AM, Neil J. McRae wrote:
I couldn't disagree more. Cisco are trying to control the
situation as best they can so that they can deploy the needed
fixes before the $scriptkiddies start having their fun. Its
no different to how any other vendor handles a exploit and
I'm s
In a message written on Thu, Jul 28, 2005 at 08:29:22AM +0100, Neil J. McRae
wrote:
> I couldn't disagree more. Cisco are trying to control the
> situation as best they can so that they can deploy the needed
> fixes before the $scriptkiddies start having their fun. Its
> no different to how any ot
* Neil J. McRae:
> I couldn't disagree more. Cisco are trying to control the
> situation as best they can so that they can deploy the needed
> fixes before the $scriptkiddies start having their fun. Its
> no different to how any other vendor handles a exploit and
> I'm surprised to see network op
> This is looking like a complete PR disaster for cisco. They
> would have been better off allowing the talk to take place,
> and actually fixing the holes rather than wasting money on a
> small army of razorblade-equipped censors.
I couldn't disagree more. Cisco are trying to control the
sit
At 12:22 AM 28-07-05 -0400, Hannigan, Martin wrote:
> ..and of course:
>
> "Cisco Denies Router Vulnerability Claims"
>
> [snip]
Of course. That's how a broken vuln system works. :-)
The major flaw is that the vendor decides who gets to know
about a vulnerability.
Or 3com:
http://www.netw
> ..and of course:
>
> "Cisco Denies Router Vulnerability Claims"
>
> [snip]
Of course. That's how a broken vuln system works. :-)
The major flaw is that the vendor decides who gets to know
about a vulnerability. This causes an insecurity in "the system"
because $vendor is dealing with peopl
I have been searching the net since this morning, for “The Holy
Grail: Cisco IOS Shellcode Remote Execution”, or variations of such.
This seems to be - at the moment - the most thought after torrent ...
Stef
Network Fortius, LLC
On Jul 27, 2005, at 8:13 PM, Daniel Golding wrote:
Since
Since the talk was actually delivered - does anyone have a transcript or a
torrent for audio/video?
- Dan
On 7/27/05 8:10 PM, "Jeff Kell" <[EMAIL PROTECTED]> wrote:
>
> Cisco's response thus far:
>
>http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
>
> Jeff
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
Jeff
and talk about closing the barn door after the horse has escaped!??
Haven't they just turned those 15 pages scanned as a pdf and
distributed over a p2p file sharing system like bit torrent into
likely one of the the most sought after documents on the planet?
How long before they show u
..and of course:
"Cisco Denies Router Vulnerability Claims"
[snip]
Cisco Systems is downplaying a news story that suggests new security flaws may
have been discovered in some of its routers.
[snip]
http://www.varbusiness.com/components/weblogs/article.jhtml?articleId=166403151
So, until th
...and Wired News is running this story:
"Cisco Security Hole a Whopper"
Excerpt:
[snip]
A bug discovered in an operating system that runs the majority of the world's
computer networks would, if exploited, allow an attacker to bring down the
nation's critical infrastructure, a computer secu
On Wed, 27 Jul 2005, Fergie (Paul Ferguson) wrote:
> For what ot's worth, this story is running in the
> popular trade press:
>
> "Cisco nixes conference session on hacking IOS router code"
> http://www.networkworld.com/news/2005/072705-cisco-ios.html
This is looking like a complete PR disaster
Damn he sure did cause a shit storm AGAIN..
from the crn article it looks like they might have him pinned on an
NDA violation.. (taking a shot in the dark)
quote below.
"Cisco respects and encourages the work of independent research
scientists; however, we follow an industry established disclos
For what ot's worth, this story is running in the
popular trade press:
"Cisco nixes conference session on hacking IOS router code"
http://www.networkworld.com/news/2005/072705-cisco-ios.html
- ferg
-- "Hannigan, Martin" <[EMAIL PROTECTED]> wrote:
>
> For those who like to keep abreast of se
On Jul 27, 2005, at 1:26 PM, James Baldwin wrote:
http://blogs.washingtonpost.com/securityfix/2005/07/
mending_a_hole_.html
Further information:
http://www.crn.com/sections/breakingnews/breakingnews.jhtml?
articleId=166403096
>
>
> For those who like to keep abreast of security issues, there are
> interesting developments happening at BlackHat with regards to Cisco
> IOS and its vulnerability to arbitrary code executions.
>
> I apologize for the article itself being brief and lean on technical
> details, but
For those who like to keep abreast of security issues, there are
interesting developments happening at BlackHat with regards to Cisco
IOS and its vulnerability to arbitrary code executions.
I apologize for the article itself being brief and lean on technical
details, but allow me to say t
58 matches
Mail list logo
