Full Disclosure mailing list archives
Re: [NANOG] IOS rootkits
From: n3td3v <xploitable () gmail com>
Date: Sun, 18 May 2008 23:40:51 +0100
On Sun, May 18, 2008 at 7:45 PM, Kurt Dillard <kurtdillard () msn com> wrote:
Apparently Gadi doesn't understand either. Rootkits don't need to exploit vulnerabilities in an OS, they leverage the design of the OS or the underlying hardware platform. You don't 'patch' the design of something. You want to stop rootkits in IOS? Don't allow it to run arbitrary code, run the OS in firmware rather than from writable storage. Go study up on rootkits for a few weeks before you complain about someone demonstrating one. Unlike you guys I happen to know what I am talking about as I've been studying malware including rootkits for over 10 years. By studying I mean taking them apart, figuring out how they work, and finding tools to deal with them; not reading some half-assed article on CNET or Ziff-Davis full of technical errors. Over the past few years Cisco, Apple, and Oracle have behaved an awful lot like Microsoft did 10 years ago, trying to pretend that their platforms are immune to malware and refusing to approach vulnerabilities head-on with an attitude of rational pragmatism. Dave Litchfield and his team have dragged Oracle kicking and screaming to the world of reality, the same has yet to happen with the other two firms.
As soon as this presentation is done, someone like HD Moore will work out whats going on and code something and do what he normally does and release some kind of point and click disaster for the script kids to use. Sebastian Muniz, he isn't planning to release any source code, but with brain boxes like HD Moore around he won't need to. He will pretty much hint to the HD Moore's of the world how its all happening, and then its going to be script kiddie hell as soon as the HD Moore's of the world release a point and click disaster. Folks like HD Moore are desperate for new things to leverage to get a name for themselves that will shock and awe the security world so that they will go down in the history books as some great hero of info sec. Trust me, I don't want the HD Moore's of the world working out how to do Cisco rootkits, because he will only code something and throw it out to the masses. This kind of Cisco rootkit should be placed under the secrecy act so its illegal to release this kind of thing that should only be used by the intelligence services. I think me and Gadi are right in saying, if this presentation goes ahead its going to be an absolute disaster as soon as HD Moore catches on how its done. I'm not technically gifted so I can't join in the technical discussion but I see a threat when I see one. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: [NANOG] IOS rootkits n3td3v (May 17)
- Re: [NANOG] IOS rootkits n3td3v (May 17)
- Re: [NANOG] IOS rootkits n3td3v (May 18)
- Re: [NANOG] IOS rootkits Kurt Dillard (May 18)
- Message not available
- Re: [NANOG] IOS rootkits n3td3v (May 18)
- Re: [NANOG] IOS rootkits Kurt Dillard (May 18)
- Message not available
- Re: [NANOG] IOS rootkits n3td3v (May 18)
- Re: [NANOG] [OT] IOS rootkits php0t (May 18)
- Re: [NANOG] IOS rootkits n3td3v (May 18)
- Re: [NANOG] IOS rootkits n3td3v (May 17)
- <Possible follow-ups>
- Re: [NANOG] IOS rootkits Elazar Broad (May 18)
- Re: [NANOG] IOS rootkits I M (May 18)
- Re: [NANOG] IOS rootkits n3td3v (May 20)
- Re: [NANOG] IOS rootkits Valdis . Kletnieks (May 20)
- Re: [NANOG] IOS rootkits n3td3v (May 20)
- Re: [NANOG] IOS rootkits Dr. J Swift (May 20)
- Re: [NANOG] IOS rootkits n3td3v (May 20)
- Re: [NANOG] IOS rootkits Valdis . Kletnieks (May 20)
- Re: [NANOG] IOS rootkits n3td3v (May 20)