Friday, July 29, 2005

Cisco Silencing former ISS employee about possible problems with internet routers

At the Black Hat 2005 conference, former ISS employee Michael Lynn was to discuss the possible exploits of Cisco routers. The presentation was pulled by the Black Hat Organizers (particularly Jeff Moss) under threat of lawsuit by Cisco and ISS. Furthermore, they are in the process of silencing all those that might have had a mirror of the presentation (see the following infowarrior site), which basically they threatened the site operator to pull the information or face a suit himself. As the Internet Storm Center so elequently put it -

Lynn's Cat is Out of The Bag

While Black Hat may have torn out paper pages, the PDF of Michael Lynn's presentation, "The Holy Grail: Cisco IOS Shellcode and Exploitation Techniques," lives on. Given the amount of attention this thing has gotten, mirrors and links to it are now all over the place.

Shame on Cisco and ISS for their conduct to a security researcher that was discussing a possible issue that he had discovered in working for ISS that can affect much of the core of the internet. There was to be nothing in there to tell the black hats that might be attending the conference before DEFCON 2005 how to exploit it (basically, they would have to do the same research that Lynn did). Many top proponents of full disclosure (like Bruce Schneier) have railed on these companies for the way they handled the situation.

What is Cisco trying to hide...

Thursday, July 21, 2005

What may happen if you don't keep up your server patches

This site has about a 10 minute "demo" on how someone may take control of your server (in this case IIS) and gain control to your internal network if you fail to keep up on your vulnerability management.

Scary Stuff.

Friday, July 15, 2005

A Chronology of Data Breaches Since the ChoicePoint Incident

A Chronology of Data Breaches Since the ChoicePoint Incident

This is a very interesting list of all the reported security breaches since the announcement of Choice Point's problems this Feburary.