| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 May 2008 01:46:01 -0400 From: mutiny <mutiny@...inbeardsucks.com> To: n3td3v <xploitable@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [NANOG] IOS rootkits Dumb and outlandish statements like these are why you are not responsible for any networks, outside your own (if even). n3td3v wrote: > On Wed, May 21, 2008 at 5:05 PM, mutiny <mutiny@...inbeardsucks.com> wrote: > >> A rootkit for Cisco will not damage anything, Cisco has even shown interest >> in the development. A rootkit for Cisco will cause Cisco to look into the >> issue more closely, which in turn will make IOS *more secure.* >> >> > > I'm interested in you saying things will be more secure because of the > presentation, but how long will it > take for things to be more secure and how big an attack window will > the bad guys have after the presentation (A day, a week, a month, a > year?) for putting rootkits into Cisco routers before the problem gets > fixed? I don't want there to be an attack window of any length... even > a day is too long, the bad guys could do a lot in a day. > > I agree things will be more secure eventually, but whats going to > happen between presentation day and some kind of solution for the > problem actually being rolled out is the worrying part for me. > > Cyber armageddon? > > Do we just say, its your own fault your business went down because you > weren't secure... or should the folks who let the presentation go > ahead hold some responsiblity for the pwned routers will evitably be > hacked. > > Let's just hope its networks that don't matter that get pwned, and not > networks that carry anything important on them. > > The problem is, all networks are important to somebody... thanks > EUSecWest for allowing an attack window of carnage... in the name of > making IOS more secure or something. > > So guys, how long will the attack window be, the bad guys have to pwn > routers before things are secure? I am worried about whats going to > happen during the attack window of opportunity... > > This presentation is a bad idea on so many levels which out weigh the > Cisco IOS will eventually end up more secure argument. > > Its the *eventually* part that the bad guys will take advantage of. > > So has anyone got a time frame in mind of how long the bad guys are > going to have? Any estimations? Will Cisco be working to close the > attack window time frame after the presentation to keep it to a > minimal time frame and to limit damage and disruption caused to its > customers? > > I'm scared, worried, paranoid... > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists