p2pnet.net News:- Is it possible to hack Cisco Systems?

No! says Cisco

Yes!, said researcher Michael Lynn. And he went on to prove it, to Cisco’s consternation.

Last week Lynn quit his job at Internet Security Systems (ISS) so he could tell attendees at the Blackhat Briefings conference on 27 July about a serious security hole in the Cisco IOS.

Infowarior carried full details but, following a take this down or or else letter from ISS lawyers, reconsidered.

“By serving takedown notices in response to such situations, a company demonstrates clearly that it is more concerned with preserving its commercial interest in intellectual property than fostering community awareness and knowledge pertaining to critical internet security issues,” he says.

“Improvements to internet security will NOT become a reality as the result of questionable secrecy or from commercial lawsuits that serve to mask the more substantial and fundamental problems within the information security industry and Internet community at large. Security through obscurity doesn’t work, and neither does security through lawyering. These practices make the Internet more, not less, vulnerable.”

And Lynn has, “reached a legal settlement with Cisco and ISS in which he agreed to erase his research material on the vulnerability, to keep secret the details of the attack, and to refrain from distributing copies of his presentation, among other concessions,” says Wired News.

Now facing an FBI investigation, Lynn told Wired that ISS instructed him to reverse-engineer the Cisco IOS in the first place.

“It was January 26th and Cisco had just announced a totally different vulnerability than the one I demonstrated,” the story has him saying in a long and intriguingly detailed Q&A.

“They’d announced a vulnerability for something called ‘Multiple Crafted IPv6 Packets Cause Router Reload’ (as they worded it in their patch message). But that’s a very vague term. It just says, ‘Hey, something is wrong in IP6 with the router reload’ … but it didn’t say you could be in control of it.

“ISS wanted to get protection in their products (against this problem) so that their customers wouldn’t be affected by it. So they called up Cisco to try to get some more details for it … and Cisco wouldn’t give (the information) to them. So (ISS managers) came to me and said, ‘Can you reverse-engineer … can you disassemble IOS … to find out what their vulnerability is’?”

At Defcon 13, hackers spent the weekend trying to get into the Cisco ISO.

They said they had “no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw,” says Reuters.

“Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities. Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet.”

Meanwhile, the Cisco / ISS supression effort has failed.

Although Infowarior took his post of Lynn’s Leak down, the information is still readily available on a number of mirrors.

Stay tuned.

Something you think we should know? tips[at]p2pnet.net

See:-
Infowarior – ISS serves takedown notice for Cisco briefing, July 29, 2005
Wired News – Router Flaw Is a Ticking Bomb, August 1, 2005
Reuters – Hackers race to expose Cisco Internet flaw, July 31, 2005

This entry was posted on Monday, August 1st, 2005 at 1:31 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1852 times