|  | 
 
 
 
| Mike Lynn's 'exploit', in plain (non-technical) English by Dagmar at 12:11 am EDT, Aug  2, 2005
 |  | There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media.  Let me say one thing to everyone reading this, right up front.  What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be.  While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone. Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered.  Lynn did not reveal an "exploit" in the usual sense.  In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps".  Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done.  It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true.  We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok.  Pretty much everyone on the Internet was either personally affected by this, or knows someone who was.  Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months.  The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it.  Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed. Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue.  Cisco makes some really awesome products, and their technical people can't really be faulted for this one technical flaw.  The problem is that Cisco's lawyers are convinced that public knowledge of a serious issue ... [ Read More (1.3k in body) ] |  
 
 
|  | 
| Mike Lynn's 'exploit', in plain (non-technical) English by Dolemite at  9:00 am EDT, Aug  2, 2005
 |  | There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media.  Let me say one thing to everyone reading this, right up front.  What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be.  While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone. Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered.  Lynn did not reveal an "exploit" in the usual sense.  In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps".  Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done.  It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true.  We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok.  Pretty much everyone on the Internet was either personally affected by this, or knows someone who was.  Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months.  The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it.  Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed. Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue.  Cisco makes some really awesome products, and their technical people can't really be faulted for this one technical flaw.  The problem is that Cisco's lawyers are convinced that public knowledge of a serious issue ... [ Read More (1.3k in body) ] |  
 |  
 
|  | 
| Mike Lynn's 'exploit', in plain (non-technical) English by Neoteric at  9:51 am EDT, Aug  2, 2005
 |  | There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media.  Let me say one thing to everyone reading this, right up front.  What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be.  While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone. Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered.  Lynn did not reveal an "exploit" in the usual sense.  In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps".  Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done.  It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true.  We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok.  Pretty much everyone on the Internet was either personally affected by this, or knows someone who was.  Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months.  The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it.  Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed. Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue.  Cisco makes some really awesome products, and their technical people can't really be faulted for this one technical flaw.  The problem is that Cisco's lawyers are convinced that public knowledge of a serious issue ... [ Read More (1.3k in body) ] |  
 |  
 
|  | 
| Non-Technical Explanation of Mike Lynn's Disclosure by Rattle at  3:26 pm EDT, Aug  2, 2005
 |  | Kudos to MemeStreams user Dagmar for putting together a post with breaks the technical aspects of Lynn's disclosure down in a way that non-technical people can understand.  Be sure to click through and read his entire post. Someone who takes the time to tie a few existing exploits together and utilize a technique similar to what Lynn discovered to make a worm that infects equipment, spends a small amount of time trying to infect other equipment, and then viciously puts the equipment out of commission in the aforementioned fashion, could in a very real sense turn off large chunks of the Internet.  No, I was not joking about the last sentence. If you work in an IT (Information Technology shop) take a moment to look around your office at all the very important equipment you have that just happens to have the Cisco logo on it. (I say "just happens to have the Cisco logo" because the root problem here has nothing to do with Cisco in particular, they're just the first company who have had this weakness uncovered--and as I said earlier, they were already in better shape than most.) Now imagine what would happen if that all that equipment just shut off, and you couldn't get it back up and running any time in the next twelve hours or so. You might think, "well, I will just go to their website and get the updates" but no, no... the Internet connection ran through one of the pieces of equipment that is now down so you can't do that. ...and even if it's not, there's a good chance that the people who your company connects to in order to reach the Internet has equipment that's has been effected, so you still can't get to the website with the updates you need. So you pick up the phone and call the manufacturer, and get to wait on hold for a very long time indeed, because many thousands of other people are just as stuck as you are. FedEx can get things out fast, but they're not nearly instantaneous, and hundreds of thousands of packages all marked "Red Tag, Highest Priority" at once are going to give them fits. Unless you know someone with magic powers of teleportation, you're looking at a very long wait for a package to be delivered by a truck that can fix your problem, and you're going to have to deal with all the upper-management types freaking out in the meantime. (Mind you, if you're lucky, your inter-office email system will also have been shut down by this, so they can only get to you through your cell phone and pager, which limits the number of panicked managers who can get to you at once.)
 One message that Dagmar tries to get across in this, that should be spread and embraced, is that equipment (and software) mono-cultures are inherently dangerous.  A post on the blog Art Of Noh... [ Read More (0.1k in body) ] |  
 |  
 
|  |  | 
| RE: Non-Technical Explanation of Mike Lynn's Disclosure by bunnygrrl at  3:31 pm EDT, Aug  2, 2005
 |  | I appreciate the non-technical explanation.  I could tell it was big from all the buzz, but couldn't quite understand why.  Thanks! |  
 |  
 
|  |  |  | 
| RE: Non-Technical Explanation of Mike Lynn's Disclosure by Rattle at  3:39 pm EDT, Aug  2, 2005
 |  | bunnygrrl wrote:I appreciate the non-technical explanation.  I could tell it was big from all the buzz, but couldn't quite understand why.  Thanks!
 Be sure to pass on your thanks to Dagmar.  He wrote it, I just relayed it on.  :) |  
 |  
 
|  |  |  |  | 
| RE: Non-Technical Explanation of Mike Lynn's Disclosure by bunnygrrl at  3:50 pm EDT, Aug  2, 2005
 |  | Oops!  I'm also not tech-savvy enough to utilize memestreams! Rattle wrote: bunnygrrl wrote:I appreciate the non-technical explanation.  I could tell it was big from all the buzz, but couldn't quite understand why.  Thanks!
 Be sure to pass on your thanks to Dagmar.  He wrote it, I just relayed it on.  :)
 |  
 |  
 
|  |  |  |  |  | 
| RE: Non-Technical Explanation of Mike Lynn's Disclosure by Rattle at  4:00 pm EDT, Aug  2, 2005
 |  | bunnygrrl wrote:Oops!  I'm also not tech-savvy enough to utilize memestreams!
 A good portion of that is blatantly our fault.  MemeStreams is not everything it should be..  Yet. Thanks for participating in our community. |  
 |  
 
|  | 
| RE: Mike Lynn's 'exploit', in plain (non-technical) English by bunnygrrl at  3:54 pm EDT, Aug  2, 2005
 |  | I'll try this again: thanks for the great summary!  I hadn't quite figured this whole thing out until now.  Now, if I could just figure out how to safely navitage memestreams, I'll be ok. Dagmar wrote:There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media.  Let me say one thing to everyone reading this, right up front.  What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be.  While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone.
 Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered.  Lynn did not reveal an "exploit" in the usual sense.  In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps".  Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done.  It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true.  We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok.  Pretty much everyone on the Internet was either personally affected by this, or knows someone who was.  Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months.  The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it.  Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed. Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping t... [ Read More (1.4k in body) ]
 |  
 |  
 
|  | 
| RE: Mike Lynn's 'exploit', in plain (non-technical) English by biochik007 at 10:44 pm EDT, Aug  2, 2005
 |  | Great explanation Dagmar, I was stuck somewhere in the middle between knowing just enough to understand parts of this whole mess, but also enough to be pretty darn confused as well. Again, thanks for the explanation in non technical english, it's very much aprpreciated. Hats off to MIke as well, for standing up to "the man" and saying what he believes in, vs just taking it lying down.Mel
 Dagmar wrote:There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media.  Let me say one thing to everyone reading this, right up front.  What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be.  While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone.
 Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered.  Lynn did not reveal an "exploit" in the usual sense.  In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps".  Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done.  It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true.  We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok.  Pretty much everyone on the Internet was either personally affected by this, or knows someone who was.  Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months.  The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it.  Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone imp... [ Read More (1.4k in body) ]
 |  
 |  
 
|  | 
| RE: Mike Lynn's 'exploit', in plain (non-technical) English by shana at  9:07 am EDT, Aug  3, 2005
 |  | Very nice explanation, thanx for taking the time to write it out :) |  
 |  
 
|  | 
| Mike Lynn's 'exploit', in plain (non-technical) English by hobbes at  5:22 pm EDT, Aug  3, 2005
 |  | There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media.  Let me say one thing to everyone reading this, right up front.  What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be.  While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone. Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered.  Lynn did not reveal an "exploit" in the usual sense.  In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps".  Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done.  It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true.  We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok.  Pretty much everyone on the Internet was either personally affected by this, or knows someone who was.  Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months.  The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it.  Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed. Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue.  Cisco makes some really awesome products, and their technical people can't really be faulted for this one technical flaw.  The problem is that Cisco's lawyers are convinced that public knowledge of a serious issue ... [ Read More (1.3k in body) ] |  
 |  
 
|  | 
| Non-Technical Explanation of Mike Lynn's Disclosure by wilpig at  3:16 pm EDT, Aug  4, 2005
 |  | Kudos to MemeStreams user Dagmar for putting together a post with breaks the technical aspects of Lynn's disclosure down in a way that non-technical people can understand.  Be sure to click through and read his entire post. Someone who takes the time to tie a few existing exploits together and utilize a technique similar to what Lynn discovered to make a worm that infects equipment, spends a small amount of time trying to infect other equipment, and then viciously puts the equipment out of commission in the aforementioned fashion, could in a very real sense turn off large chunks of the Internet.  No, I was not joking about the last sentence. If you work in an IT (Information Technology shop) take a moment to look around your office at all the very important equipment you have that just happens to have the Cisco logo on it. (I say "just happens to have the Cisco logo" because the root problem here has nothing to do with Cisco in particular, they're just the first company who have had this weakness uncovered--and as I said earlier, they were already in better shape than most.) Now imagine what would happen if that all that equipment just shut off, and you couldn't get it back up and running any time in the next twelve hours or so. You might think, "well, I will just go to their website and get the updates" but no, no... the Internet connection ran through one of the pieces of equipment that is now down so you can't do that. ...and even if it's not, there's a good chance that the people who your company connects to in order to reach the Internet has equipment that's has been effected, so you still can't get to the website with the updates you need. So you pick up the phone and call the manufacturer, and get to wait on hold for a very long time indeed, because many thousands of other people are just as stuck as you are. FedEx can get things out fast, but they're not nearly instantaneous, and hundreds of thousands of packages all marked "Red Tag, Highest Priority" at once are going to give them fits. Unless you know someone with magic powers of teleportation, you're looking at a very long wait for a package to be delivered by a truck that can fix your problem, and you're going to have to deal with all the upper-management types freaking out in the meantime. (Mind you, if you're lucky, your inter-office email system will also have been shut down by this, so they can only get to you through your cell phone and pager, which limits the number of panicked managers who can get to you at once.)
 One message that Dagmar tries to get across in this, that should be spread and embraced, is that equipment (and software) mono-cultures are inherently dangerous.  A post on the blog Art Of Noh... [ Read More (0.1k in body) ] |  
 |  
 
|  | 
| Non-Technical Explanation of Mike Lynn's Disclosure by skullaria at  5:12 pm EDT, Aug  4, 2005
 |  | Kudos to MemeStreams user Dagmar for putting together a post with breaks the technical aspects of Lynn's disclosure down in a way that non-technical people can understand.  Be sure to click through and read his entire post. Someone who takes the time to tie a few existing exploits together and utilize a technique similar to what Lynn discovered to make a worm that infects equipment, spends a small amount of time trying to infect other equipment, and then viciously puts the equipment out of commission in the aforementioned fashion, could in a very real sense turn off large chunks of the Internet.  No, I was not joking about the last sentence. If you work in an IT (Information Technology shop) take a moment to look around your office at all the very important equipment you have that just happens to have the Cisco logo on it. (I say "just happens to have the Cisco logo" because the root problem here has nothing to do with Cisco in particular, they're just the first company who have had this weakness uncovered--and as I said earlier, they were already in better shape than most.) Now imagine what would happen if that all that equipment just shut off, and you couldn't get it back up and running any time in the next twelve hours or so. You might think, "well, I will just go to their website and get the updates" but no, no... the Internet connection ran through one of the pieces of equipment that is now down so you can't do that. ...and even if it's not, there's a good chance that the people who your company connects to in order to reach the Internet has equipment that's has been effected, so you still can't get to the website with the updates you need. So you pick up the phone and call the manufacturer, and get to wait on hold for a very long time indeed, because many thousands of other people are just as stuck as you are. FedEx can get things out fast, but they're not nearly instantaneous, and hundreds of thousands of packages all marked "Red Tag, Highest Priority" at once are going to give them fits. Unless you know someone with magic powers of teleportation, you're looking at a very long wait for a package to be delivered by a truck that can fix your problem, and you're going to have to deal with all the upper-management types freaking out in the meantime. (Mind you, if you're lucky, your inter-office email system will also have been shut down by this, so they can only get to you through your cell phone and pager, which limits the number of panicked managers who can get to you at once.)
 One message that Dagmar tries to get across in this, that should be spread and embraced, is that equipment (and software) mono-cultures are inherently dangerous.  A post on the blog Art Of Noh... [ Read More (0.1k in body) ] |  
 |  
 
|  | 
| Mike Lynn's 'exploit', in plain (non-technical) English by dc0de at  6:03 pm EDT, Aug  4, 2005
 |  | Dagmar... What can I say... Perfectly summarized the problem.... Everyone in IT should read this... There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media.  Let me say one thing to everyone reading this, right up front.  What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be.  While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone. Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered.  Lynn did not reveal an "exploit" in the usual sense.  In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps".  Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done.  It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true.  We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok.  Pretty much everyone on the Internet was either personally affected by this, or knows someone who was.  Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months.  The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it.  Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed. Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue.  Cisco makes some really awesome products, and their technical people can't really be faulted for this one te... [ Read More (1.4k in body) ] |  
 |  
 
|  | 
| Non-Technical Explanation of Mike Lynn's Disclosure by cyantist at  1:44 am EDT, Aug  6, 2005
 |  | Kudos to MemeStreams user Dagmar for putting together a post with breaks the technical aspects of Lynn's disclosure down in a way that non-technical people can understand.  Be sure to click through and read his entire post. Someone who takes the time to tie a few existing exploits together and utilize a technique similar to what Lynn discovered to make a worm that infects equipment, spends a small amount of time trying to infect other equipment, and then viciously puts the equipment out of commission in the aforementioned fashion, could in a very real sense turn off large chunks of the Internet.  No, I was not joking about the last sentence. If you work in an IT (Information Technology shop) take a moment to look around your office at all the very important equipment you have that just happens to have the Cisco logo on it. (I say "just happens to have the Cisco logo" because the root problem here has nothing to do with Cisco in particular, they're just the first company who have had this weakness uncovered--and as I said earlier, they were already in better shape than most.) Now imagine what would happen if that all that equipment just shut off, and you couldn't get it back up and running any time in the next twelve hours or so. You might think, "well, I will just go to their website and get the updates" but no, no... the Internet connection ran through one of the pieces of equipment that is now down so you can't do that. ...and even if it's not, there's a good chance that the people who your company connects to in order to reach the Internet has equipment that's has been effected, so you still can't get to the website with the updates you need. So you pick up the phone and call the manufacturer, and get to wait on hold for a very long time indeed, because many thousands of other people are just as stuck as you are. FedEx can get things out fast, but they're not nearly instantaneous, and hundreds of thousands of packages all marked "Red Tag, Highest Priority" at once are going to give them fits. Unless you know someone with magic powers of teleportation, you're looking at a very long wait for a package to be delivered by a truck that can fix your problem, and you're going to have to deal with all the upper-management types freaking out in the meantime. (Mind you, if you're lucky, your inter-office email system will also have been shut down by this, so they can only get to you through your cell phone and pager, which limits the number of panicked managers who can get to you at once.)
 One message that Dagmar tries to get across in this, that should be spread and embraced, is that equipment (and software) mono-cultures are inherently dangerous.  A post on the blog Art Of Noh... [ Read More (0.1k in body) ] |  
 |  There is a redundant post from SeriouslyUGuys not displayed in this view.
 |  |