Announcement

Collapse
No announcement yet.

"Cisco Gate" at DEFCON and Black Hat

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Cisco Gate" at DEFCON and Black Hat

    For those of you out there interested in network/Internet security related topics:

    Michael Lynn was a former employee of ISS. While employed at ISS he discovered a critical vulnerability in Cisco's IOS that is largely responsible for the backbone operation of the Internet. This vulnerability allowed an attacker to get full administrative/root (in Cisco land, called "enable") rights to network devices.

    Lynn was scheduled to present this information this past week at Black Hat and was warned by his employer, ISS, not to present his findings. Lynn summarily quit his job at ISS in order to be able to present these findings.

    Cisco and ISS responded by suing Lynn and the Black Hat organizers hours after his presentation on Wednesday and forced Black Hat to remove sections of conference book that included notes on the vulnerability as well as a copy of his talk.

    On Saturday, I watched Raven Alder's presentation on "Hacking the Backbone" and she had some very harsh comments towards Cisco:
    "Cisco, you are really screwing up. Suing researchers is not going to make you secure. Alienating the security community is not going to encourage people to come to you and report problems and work with you."

    How do you feel about these actions taken by Cisco? In this day and age, many companies are only as concerned about security as they are forced to be. Security vulnerabilities exist in all sorts of software products and hardware appliances that are never touched until the public becomes aware of them and force the manufacturers to fix the flaws. As long as a security hole remains hidden, most companies don't bother to fix them.


    Some Articles:
    Cisco hits back at flaw researcher

    Hackers rally behind Cisco flaw finder

    Black Hat Day 1: Update on Cisco-Gate

    A video clip of Cisco/ISS and Black Hat reps tearing out Lynn's section of the Black Hat Briefings book:
    Book Destruction Video
    Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

  • #2
    Re: "Cisco Gate" at DEFCON and Black Hat

    I'm just saying that the guy is clearly willing to throw his job away for something he thinks is "right", in this case exposing a backbone vulnerability. What if he's working for me and finds some hole in our processes (not that we have any....HA!)? Will he feel compelled to announce it to the world over our objections? Seems so.
    Last edited by leejo; 08-02-2005, 03:36 PM.

    Comment


    • #3
      Re: "Cisco Gate" at DEFCON and Black Hat

      This wasn't just a "hackers" conference, law enforcement was there also...

      Edit: And not in the way your probably thinking. :icon12:
      I'm not the Killer Man...
      I'm the Killer Man's son...
      But I'll do the killing...
      Until the Killer Man comes...

      Comment


      • #4
        Re: "Cisco Gate" at DEFCON and Black Hat

        Originally posted by leejo
        To me, the only way that Mr. Lynn's actions were correct is if he'd given Cisco plenty of notice and time to address the issue.

        If Cisco and his employer were both telling him not to present his findings, then he's probably in the hot seat now. Furthermore, he's out of a job now, fired for defying his employer's instructions not to dislose his findings at a conference of hackers. That's gotta look great on your resume. Wouldn't you be a bit nervous about hiring this guy?
        Cisco DID know about this issue and failed to properly remedy it. In many cases, software and hardware manufacturers don't put the time and money into resolving these issues until the point at which they feel it becomes a public threat.

        Nothing was disclosed telling people exactly how to exploit this vulnerability. The only reason anyone should be concerned about hiring Michael Lynn is if they wish to practice security by obscurity and not to take the appropriate steps as soon as possible to remedy issues such as this.
        Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

        Comment


        • #5
          Re: "Cisco Gate" at DEFCON and Black Hat

          Originally posted by Rahn
          This wasn't just a "hackers" conference, law enforcement was there also...

          Edit: And not in the way your probably thinking. :icon12:
          There was quite a large law enforcement / DOD presence at both Black Hat and DEFCON this year.

          Although I don't think it was any LEO or DOD employee that poured the Kool-Aid in Pool #3 on Friday night. :row__639:
          Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

          Comment


          • #6
            Re: "Cisco Gate" at DEFCON and Black Hat

            To me, this is akin to shooting the messenger. My company utilizes (2) very expensive (More than $100k) Cisco routers and we cannot afford any downtime as our routers are used to provide closed captioning to live TV broadcasts and we will be fined, no matter the reason. Just as I don't trust Cisco anymore to identify vulnerabilites, I cannot trust them to provide a reliable fix or work around as quickly as I might need it. As is usually the case, providing this information to world at large is more likely to produce a quick fix than waiting on the manufacturer. I think the whistleblower laws should protect people like this also.

            Comment


            • #7
              Re: "Cisco Gate" at DEFCON and Black Hat

              Originally posted by Apophis
              .... The only reason anyone should be concerned about hiring Michael Lynn is if they wish to practice security by obscurity and not to take the appropriate steps as soon as possible to remedy issues such as this.
              Exactly.

              Comment


              • #8
                Re: "Cisco Gate" at DEFCON and Black Hat

                It's Cisco.... I mean... are you really surprised they pulled this? I would be shocked if they didn't.

                Cisco is the only company I know that sells a 100 Mb hub for $300 US. Last year it was $600.

                They'd probably squeeze school-children to death if they thought silicon would come out of them.

                Plus the food at their confrences sucks.

                Comment


                • #9
                  Re: "Cisco Gate" at DEFCON and Black Hat

                  According to the article:

                  The actual flaw he exploited for his attack was reported to Cisco and has been fixed in recent releases of IOS, experts attending Black Hat said.
                  I wonder what his motivations were for disclosing this flaw? Cisco acknowledged and fixed it, but not everyone may have patched yet. It's one thing to inform the people that there is a very bad flaw that needs patching and that has an available patch, it's another to describe how to exploit the flaw. I think Lynn was just trying to make himself out to be a hot shot.

                  This has nothing to do with security by obscurity. Cisco patched it, and tried to protect their customers by stopping Lynn. From what I see, I don't think there's anything wrong with that.

                  Comment


                  • #10
                    Re: "Cisco Gate" at DEFCON and Black Hat

                    Actually, from one of the articles
                    "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," Noh added.

                    Lynn decompiled Cisco's software for his research and by doing so violated the company's rights, Noh said.
                    This is security by obscurity.

                    But it's important to note that, despite how the flaw was discovered, Cisco did patch it. Lynn quit his job at ISS because they didn't want to present their research yet, and he presented their research anyway. Any company that has an NDA should be concerned about hiring Lynn, because it's pretty obvious that doesn't mean anything to him.

                    The bottom line is, everyone involved in this whole mess was doing something wrong.

                    Comment


                    • #11
                      Re: "Cisco Gate" at DEFCON and Black Hat

                      Originally posted by rs_al
                      ...... I think Lynn was just trying to make himself out to be a hot shot.

                      This has nothing to do with security by obscurity. Cisco patched it, and tried to protect their customers by stopping Lynn. From what I see, I don't think there's anything wrong with that.
                      Is there a reason why he shouldn't be able to talk about what he's discovered and gain notoriety for it? The day you can make people stop talking about the truth by suing them is a very sad day.

                      Comment


                      • #12
                        Re: "Cisco Gate" at DEFCON and Black Hat

                        A non-disclosure agreement would be one excellent reason why he shouldn't talk about what he's discovered. When you sign your name to a contract it should mean something.

                        Comment


                        • #13
                          Re: "Cisco Gate" at DEFCON and Black Hat

                          Originally posted by Buck Fush
                          Is there a reason why he shouldn't be able to talk about what he's discovered and gain notoriety for it? The day you can make people stop talking about the truth by suing them is a very sad day.
                          What he's discovered? He was an employee of Internet Security Systems. What he presented was THEIR work, not his.

                          It's like if I send you the source code for a class I wrote at work last week. Is there a reason why I shouldn't be able to talk about what I wrote? Yes. It's called an NDA, a legally binding contract I signed when I was hired stating that I would not do that.

                          Comment


                          • #14
                            Re: "Cisco Gate" at DEFCON and Black Hat

                            Originally posted by rs_al
                            According to the article:

                            I wonder what his motivations were for disclosing this flaw? Cisco acknowledged and fixed it, but not everyone may have patched yet. It's one thing to inform the people that there is a very bad flaw that needs patching and that has an available patch, it's another to describe how to exploit the flaw. I think Lynn was just trying to make himself out to be a hot shot.

                            This has nothing to do with security by obscurity. Cisco patched it, and tried to protect their customers by stopping Lynn. From what I see, I don't think there's anything wrong with that.
                            It has not been completely fixed. The underlying priviledge escalation issue is still in the IOS, AFAIK. They rollout of the patch was also pretty cheap on Cisco's part. But that's another story in itself.
                            Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

                            Comment


                            • #15
                              Re: "Cisco Gate" at DEFCON and Black Hat

                              Originally posted by rs_al
                              Lynn quit his job at ISS because they didn't want to present their research yet, and he presented their research anyway. Any company that has an NDA should be concerned about hiring Lynn, because it's pretty obvious that doesn't mean anything to him.
                              This was indeed Lynn's research.
                              Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

                              Comment

                              Connect

                              Collapse

                              TeamSpeak 3 Server

                              Collapse

                              Advertisement

                              Collapse

                              Twitter Feed

                              Collapse

                              Working...
                              X