lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6c6b7120050731061761fb242d@mail.gmail.com> Date: Sun Jul 31 14:17:20 2005 From: jason.heschel at gmail.com (Jason Heschel) Subject: RE: Cisco IOS Shellcode Presentation Are you really naive enough to think that Mikes only motivation was a noble one? Here we have an individual (previoulys unknown to most), who spent countless hours doing research, and putting together a great presentation knowing that when it was given, his name smeared all over the press...then the day before it was finally supposed to come to fruition, everything now threatened. Mike is a greedy vane little bastard just like the rest of us. Doing what was 'right' is merely a cloak by which he can hide behind so bible thumpers like you will follow him. He's no martyr. On 7/30/05, Neville Aga <neville.aga@...il.com> wrote: > The presentation Larry posted is not the same presentation Mike Lynn > delivered at Blackhat. I was there and saw his presentation. It was > one of the best presentations I have ever seen. It was delivered with > intelligence and passion and care. I wonder when my time comes for > something like that I will have the fortitude to do what I believe to > be right under threats from a corporation as powerful as Cisco. What > has been posted is irresponsible. > > Michael was responsible with his information. The slides that are > posted here and are now going to float around the internet forever > have full text in the slides titled finding malloc() and finding > CreateThread(), complete with the critical offsets needed to reproduce > the attack. The slides he presented had all that blacked out. He gave > nothing to a blackhat attendee to go out and reproduce the attack > themselves. Instead he made a point about cisco IOS, namely: > > 1. You get one Cisco BGP internet router, it has a route to all other > routers and therefore a path to the entire network, not one system > (OK, you knew that) > > 2. Cisco IOS source code has been stolen at least twice. There is no > good reason to steal it other than to attack it. If Mike Lynn can > figure this one attack technique out, how many more attack techniques > can be figured out by people holding source code? > > 3. During the presentation, Mike Lynn said a substantial amount of his > research in this subject came from English translations of Chinese > hacking web sites. Consider That!! > > 4. Most importantly, the real threat here is a self replicating worm > that has a destructive payload to modify BGP routes or write back boot > sectors to make thousands of routers simultaneously useless (the > digital Pearl Harbor he alluded to). Mike said that that is not really > feasible today with this particular technique because the way code is > implemented you would need to know the exact IOS version and some > other hardware details for each router, so unless you have a 17MB worm > that has precompiled exploit code for each possible instance, then the > worm scenario is not possible, and a 17MB worm is not practical. > > 4A. However (consider this one reason why Mike may ultimately be > remembered as a hero) Cisco's roadmap is moving to a new memory > structure where the offsets would be the same for all hardware. That > could make your router worm a real possibility, not with this exploit > (I am sure everyone will patch their routers to prevent this exploit), > but with the next flaw someone else figures out. Do you think Cisco > may reconsider that design after this? I certainly think they will, or > else they should have their collective head examined. Remember, some > Chinese hackers were already thinking down these paths before Mike > was. > > > In my opinion a real loser in all this is ISS. The strength of any > company is its people. Management should trust and defend their best > and brightest, not sue them and force them to resign. In the case of > illegal activities of course management has no obligation to defend > criminals. However that is not what happened here. Cisco saying this > was illegal did not make it so. The talk was delivered in a > responsible and professional way. ISS did not care to see the details > and the way Mike presented this particular talk, they just caved to > Cisco pressure, co-suing Mike with Cisco to make Mike look like a > rogue and becoming a puppet for a business partner instead of helping > an employee. > > > Neville > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists