Educause Security Discussion mailing list archives

furor over Cisco IOS router exploit erupts at Black Hat

From: Scott Genung <sagenung () ILSTU EDU>
Date: Thu, 28 Jul 2005 15:25:35 -0500

All,

I just read this article. Based upon Cisco's reaction, I'm rather concerned
about this material that has been shared with the hacker community. I have
asked my account manager if Cisco will be releasing to it's customer base
what vulnerabilities we need to be aware of to defend our infrastructure.
It could be a very interesting fall semester.

Date: Thu, 28 Jul 2005 12:18:59 -0500
From: NW Cisco News Alert <CiscoAlert () nwfnews com>
Subject: Cisco News Alert Special Issue: Furor over Cisco IOS router exploit
 erupts at Black Hat

_______________________________________________________________
Furor over Cisco IOS router exploit erupts at Black Hat
By Ellen Messmer, Network World, 07/28/05

Although Cisco and Internet Security Systems had abruptly cancelled
a planned technical talk and demo at the Black Hat Conference to
reveal how unpatched Cisco routers can be remotely compromised,
the researcher who had originally uncovered the problem went ahead
with the talk anyway, igniting a spate of lawsuits against himself
and the Black Hat Conference.

Michael Lynn, the research analyst at ISS who was asked to resign
after his presentation detailing how an attacker can exploit flaws
in unpatched Cisco routers to gain total control over them, said
he felt compelled to reveal the information because "I felt I had
to do what's right for the country and the national infrastructure."

Cisco and ISS, claiming it was premature to release the research,
saw it differently and immediately filed a lawsuit aimed at
compelling him not to discuss the subject further. The Black Hat
Conference was also served with a lawsuit by the two companies for
allowing Lynn to discuss the exploits associated with Cisco routers.

Full story:
http://www.networkworld.com/news/2005/072805-cisco-black-hat.html?nl



Scott Genung
Manager of Networking Systems
Telecommunications and Networking
Illinois State University
124 Julian Hall
Normal, IL 61790-3500

sagenung () ilstu edu
Phone: (309)438-7258
Web: http://www.tel.ilstu.edu

Current thread:

furor over Cisco IOS router exploit erupts at Black Hat Scott Genung (Jul 28)
- <Possible follow-ups>
- Re: furor over Cisco IOS router exploit erupts at Black Hat Randy Marchany (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Parker, Ron (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Steve Bernard (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Matthew Keller (Jul 29)