lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 21 May 2008 20:23:01 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [NANOG] IOS rootkits

On Wed, May 21, 2008 at 5:05 PM, mutiny <mutiny@...inbeardsucks.com> wrote:
> A rootkit for Cisco will not damage anything, Cisco has even shown interest
> in the development.  A rootkit for Cisco will cause Cisco to look into the
> issue more closely, which in turn will make IOS *more secure.*
>

I'm interested in you saying things will be more secure because of the
presentation, but how long will it
take for things to be more secure and how big an attack window will
the bad guys have after the presentation (A day, a week, a month, a
year?) for putting rootkits into Cisco routers before the problem gets
fixed? I don't want there to be an attack window of any length... even
a day is too long, the bad guys could do a lot in a day.

I agree things will be more secure eventually, but whats going to
happen between presentation day and some kind of solution for the
problem actually being rolled out is the worrying part for me.

Cyber armageddon?

Do we just say, its your own fault your business went down because you
weren't secure... or should the folks who let the presentation go
ahead hold some responsiblity for the pwned routers will evitably be
hacked.

Let's just hope its networks that don't matter that get pwned, and not
networks that carry anything important on them.

The problem is, all networks are important to somebody... thanks
EUSecWest for allowing an attack window of carnage... in the name of
making IOS more secure or something.

So guys, how long will the attack window be, the bad guys have to pwn
routers before things are secure? I am worried about whats going to
happen during the attack window of opportunity...

This presentation is a bad idea on so many levels which out weigh the
Cisco IOS will eventually end up more secure argument.

Its the *eventually* part that the bad guys will take advantage of.

So has anyone got a time frame in mind of how long the bad guys are
going to have? Any estimations? Will Cisco be working to close the
attack window time frame after the presentation to keep it to a
minimal time frame and to limit damage and disruption caused to its
customers?

I'm scared, worried, paranoid...

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists