Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Sep 2002
Posts: 553
UGN Super Poster
OP Offline
UGN Super Poster
Joined: Sep 2002
Posts: 553
LAS VEGAS--Computer hackers worked through the weekend to expose a flaw that could allow an attacker to take control of the Cisco Systems routers that direct traffic across much of the Internet.

Angered and inspired by Cisco's attempts to suppress news of the flaw earlier in the week, several computer security experts at the Defcon computer-security conference worked past midnight Saturday to discover and map out the vulnerability.

"The reason we're doing this is because someone said you can't," said one hacker, who like the others spoke on condition of anonymity.

Cisco's routers direct traffic across at least 60 percent of the Internet and the security hole has dominated a pair of conferences that draw thousands of security researchers, U.S. government employees and teenage troublemakers to Las Vegas each summer.

The hackers said they had no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw.

Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities. Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet.

Security researcher Michael Lynn first described the flaw on Wednesday at the Black Hat conference over the objections of Cisco and his former employer, Internet Security Systems.

Lynn helped Cisco develop a fix but wanted to discuss it publicly to raise awareness of the problem, according to associates, going so far as to quit his job with ISS so he could talk freely.

"What (Lynn) ended up doing was describing how to build a missile without giving all the details. He gave enough (details) so people could understand how a missile could be built, and they could take their research from there," said a security expert who gave his name only as Simonsaz and who said he is not involved in the hacking effort.

After his presentation Cisco and ISS obtained a court order barring Lynn and the Black Hat organization from further disseminating details of the flaw. Cisco employees ripped Lynn's presentation from the conference program, according to witnesses, and Black Hat handed over its video recording of his talk.

"ISS and Cisco's actions with Mr. Lynn and Black Hat were not based on the fact that a flaw was identified, rather that they chose to address the issue outside of established industry practices," said Cisco spokeswoman Mojgan Khalili, who added that the company is committed to protecting its customers.

But those efforts have only inspired other security experts to take a crack at Cisco's software.

"It's really saddening and disheartening to see Cisco taking this approach, because it leaves their customers less secure," one of the hackers said.

In one of the hackers' hotel room, several Cisco routers sat surrounded by plastic beer cups on a coffee table. Two laptops on the floor displayed the software's source code, an endless blur of numbers.

If they don't figure out how to take over Cisco's Internet Operating System software by the end of the weekend, their counterparts at a hacking festival in Europe will certainly do so, the hackers said.

Some experts said the flaw has been blown out of proportion. Malevolent attackers are more likely to focus on easier targets such as home computers rather than the complex routers that direct traffic across the Internet, said Jon Callas, chief technical officer of PGP, a provider of encryption software.

"An awful lot of the buzz that is going around is buzz because of the use of lawyers and injunctions and lawsuits rather than the actual thing itself," said Callas, who is not involved in efforts to hack the software.

SOURCE

Joined: Nov 2003
Posts: 478
A
UGN Member
Offline
UGN Member
A
Joined: Nov 2003
Posts: 478
cool, i love it how some people make it out like thier system is completly ipenetrable. Its like provoking the hackers.



Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5