Create an Account
username: password:
 
  MemeStreams Logo

Wired | ISS Allegedly Hiding Cisco Bugs

search

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Wired | ISS Allegedly Hiding Cisco Bugs
Topic: Computer Security 2:39 am EST, Dec  7, 2005

The computer security researcher who revealed a serious vulnerability in the operating system for Cisco Systems routers this year says he discovered 15 additional flaws in the software that have gone unreported until now, one of which is more serious than the bug he made public last summer.

Mike Lynn, a former security researcher with Internet Security Systems, or ISS, said three of the flaws can give an attacker remote control of Cisco's routing and gateway hardware, essentially allowing an intruder to run malicious code on the hardware. The most serious of the three would affect nearly every configuration of a Cisco router, he said.

"That's the one that really scares me," Lynn said, noting that the bug he revealed in July only affected routers configured in certain ways or with certain features. The new one, he said, "is in a piece of code that is so critical to the system that just about every configuration will have it. It's more part of the core code and less of a feature set," Lynn said.

Lynn, who now works for Cisco competitor Juniper Networks, told Wired News that ISS has known about additional flaws in the Cisco software for months but hasn't told Cisco about them. This is serious, Lynn said, because attackers may already be developing exploits for the vulnerabilities. Cisco's source code was reportedly stolen in 2004 and, while doing research on the IOS software, Lynn found information on a Chinese-language website that indicated to him that Chinese attackers were aware of the security flaws in IOS and could be exploiting them.

"Essentially there are more bugs, and they've gagged me from telling anyone the details of what they are," Lynn said.

"It's pretty meticulous. There's lots of notes because it's very complicated stuff," Lynn said. "I gave the most details for the ones that are the most critical -- those are all spelled out."

With regard to Allor's statement suggesting that any flaws ISS found are theoretical, Lynn said, "We're not dealing with an iffy thing when I actually have the code that I'm disassembling."

"At the very least," he said, "even if ISS only suspected there were flaws, you'd think they'd want to talk to Cisco about it even if they think maybe it's not true. If I'm totally wrong, great, but I have a pretty good track record on this, and you'd think they'd want to be talking to Cisco to be sure."

This story is far from over. I continue to keep my fingers crossed that we don't see a router worm hit the net.

Wired | ISS Allegedly Hiding Cisco Bugs



 
 
Powered By Industrial Memetics
RSS2.0