Furor over Cisco IOS router exploit erupts at Black Hat
Cisco and ISS filed lawsuits against Michael Lynn and the Black Hat conference
Network World - The decision by Internet Security Systems Inc. (ISS) research analyst Michael Lynn to speak at this week's Black Hat USA conference about how unpatched Cisco routers can be remotely compromised has ignited a spate of lawsuits against Lynn and the conference.
Although Cisco Systems Inc. and ISS abruptly canceled Lynn's planned technical talk and demo, the researcher went ahead with the talk anyway (see ISS researcher quits job to detail Cisco flaws). Lynn, who originally uncovered the problem, was asked to resign after his presentation but said he felt compelled to reveal the information. "I felt I had to do what's right for the country and the national infrastructure," he said.
Cisco and ISS, claiming it was premature to release the research, saw it differently and immediately filed a lawsuit to stop him from discussing the subject further. The Black Hat Conference was also served with a lawsuit by the two companies for allowing Lynn to discuss the exploits.
Black Hat CEO Jeff Moss yesterday said he felt trapped in the middle. "Michael Lynn said he was going to discuss VoIP," said Moss. "I can't control a speaker who changes his topic in the middle of a presentation."
Told by ISS not to discuss the router exploit, Lynn began his presentation at Black Hat yesterday with a substitute presentation on voice over IP. But boos from the audience -- which had come for his original topic, "The Holy Grail: Cisco IOS Shellcode and Remote Execution" -- prompted him to talk about how an attacker can take control of a Cisco router through a variety of buffer overflow attacks and shellcode exploits.
While such an attack is common against unpatched servers -- several destructive Internet worms in past years have used buffer overflow attacks to take over Microsoft-based servers -- this is believed to be the first demonstration of a buffer overflow attack against Cisco routers.
Lynn did not publicly offer the specific code to carry out the attack -- which he said could be accomplished in several ways on unpatched Cisco routers -- but he provided evidence it could be done. Lynn said he got some of his insights by reading information posted on Chinese hacker sites.
ISS just last week stated that it had intended to provide a "first" in this security area, but by Monday, discussions with Cisco -- which had been expected to participate in the Black Hat presentation -- ended up with the two firms abruptly canceling the talk on Monday.
In addition, Cisco warned Black Hat organizers that if they did not remove
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts