lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6c6b7120050731061761fb242d@mail.gmail.com>
Date: Sun Jul 31 14:17:20 2005
From: jason.heschel at gmail.com (Jason Heschel)
Subject: RE: Cisco IOS Shellcode Presentation

Are you really naive enough to think that Mikes only motivation was a
noble one?

Here we have an individual (previoulys unknown to most), who spent
countless hours doing research, and putting together a great
presentation knowing that when it was given, his name smeared all over
the press...then the day before it was finally supposed to come to
fruition, everything now threatened.

Mike is a greedy vane little bastard just like the rest of us. Doing
what was 'right' is merely a cloak by which he can hide behind so
bible thumpers like you will follow him. He's no martyr.

On 7/30/05, Neville Aga <neville.aga@...il.com> wrote:
> The presentation Larry posted is not the same presentation Mike Lynn
> delivered at Blackhat. I was there and saw his presentation. It was
> one of the best presentations I have ever seen. It was delivered with
> intelligence and passion and care. I wonder when my time comes for
> something like that I will have the fortitude to do what I believe to
> be right under threats from a corporation as powerful as Cisco.  What
> has been posted is irresponsible.
> 
> Michael was responsible with his information. The slides that are
> posted here and are now going to float around the internet forever
> have full text in the slides titled finding malloc() and finding
> CreateThread(), complete with the critical offsets needed to reproduce
> the attack. The slides he presented had all that blacked out. He gave
> nothing to a blackhat attendee to go out and reproduce the attack
> themselves. Instead he made a point about cisco IOS, namely:
> 
> 1. You get one Cisco BGP internet router, it has a route to all other
> routers and therefore a path to the entire network, not one system
> (OK, you knew that)
> 
> 2. Cisco IOS source code has been stolen at least twice. There is no
> good reason to steal it other than to attack it. If Mike Lynn can
> figure this one attack technique out, how many more attack techniques
> can be figured out by people holding source code?
> 
> 3. During the presentation, Mike Lynn said a substantial amount of his
> research in this subject came from English translations of Chinese
> hacking web sites. Consider That!!
> 
> 4. Most importantly, the real threat here is a self replicating worm
> that has a destructive payload to modify BGP routes or write back boot
> sectors to make thousands of routers simultaneously useless (the
> digital Pearl Harbor he alluded to). Mike said that that is not really
> feasible today with this particular technique because the way code is
> implemented you would need to know the exact IOS version and some
> other hardware details for each router, so unless you have a 17MB worm
> that has precompiled exploit code for each possible instance, then the
> worm scenario is not possible, and a 17MB worm is not practical.
> 
> 4A. However (consider this one reason why Mike may ultimately be
> remembered as a hero) Cisco's roadmap is moving to a new memory
> structure where the offsets would be the same for all hardware. That
> could make your router worm a real possibility, not with this exploit
> (I am sure everyone will patch their routers to prevent this exploit),
> but with the next flaw someone else figures out. Do you think Cisco
> may reconsider that design after this? I certainly think they will, or
> else they should have their collective head examined. Remember, some
> Chinese hackers were already thinking down these paths before Mike
> was.
> 
> 
> In my opinion a real loser in all this is ISS. The strength of any
> company is its people. Management should trust and defend their best
> and brightest, not sue them and force them to resign. In the case of
> illegal activities of course management has no obligation to defend
> criminals. However that is not what happened here. Cisco saying this
> was illegal did not make it so. The talk was delivered in a
> responsible and professional way. ISS did not care to see the details
> and the way Mike presented this particular talk, they just caved to
> Cisco pressure, co-suing Mike with Cisco to make Mike look like a
> rogue and becoming a puppet for a business partner instead of helping
> an employee.
> 
> 
> Neville
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists