| |
|
Non-Technical Explanation of Mike Lynn's Disclosure |
|
|
|---|
| Topic: Computer Security |
3:16 pm EDT, Aug 4, 2005 |
Kudos to MemeStreams user Dagmar for putting together a post with breaks the technical aspects of Lynn's disclosure down in a way that non-technical people can understand. Be sure to click through and read his entire post. Someone who takes the time to tie a few existing exploits together and utilize a technique similar to what Lynn discovered to make a worm that infects equipment, spends a small amount of time trying to infect other equipment, and then viciously puts the equipment out of commission in the aforementioned fashion, could in a very real sense turn off large chunks of the Internet. No, I was not joking about the last sentence. If you work in an IT (Information Technology shop) take a moment to look around your office at all the very important equipment you have that just happens to have the Cisco logo on it. (I say "just happens to have the Cisco logo" because the root problem here has nothing to do with Cisco in particular, they're just the first company who have had this weakness uncovered--and as I said earlier, they were already in better shape than most.) Now imagine what would happen if that all that equipment just shut off, and you couldn't get it back up and running any time in the next twelve hours or so. You might think, "well, I will just go to their website and get the updates" but no, no... the Internet connection ran through one of the pieces of equipment that is now down so you can't do that. ...and even if it's not, there's a good chance that the people who your company connects to in order to reach the Internet has equipment that's has been effected, so you still can't get to the website with the updates you need. So you pick up the phone and call the manufacturer, and get to wait on hold for a very long time indeed, because many thousands of other people are just as stuck as you are. FedEx can get things out fast, but they're not nearly instantaneous, and hundreds of thousands of packages all marked "Red Tag, Highest Priority" at once are going to give them fits. Unless you know someone with magic powers of teleportation, you're looking at a very long wait for a package to be delivered by a truck that can fix your problem, and you're going to have to deal with all the upper-management types freaking out in the meantime. (Mind you, if you're lucky, your inter-office email system will also have been shut down by this, so they can only get to you through your cell phone and pager, which limits the number of panicked managers who can get to you at once.)
One message that Dagmar tries to get across in this, that should be spread and embraced, is that equipment (and software) mono-cultures are inherently dangerous. A post on the blog Art Of Noh... [ Read More (0.1k in body) ]Non-Technical Explanation of Mike Lynn's Disclosure |
|
Sky News : Sign Here Please 'Mr Dick Head' |
|
|
|---|
| Topic: Humor |
3:13 pm EDT, Aug 4, 2005 |
When going to pay at a store, a bank customer discovers that the name on his new debit card is wrong... haha sucks for him --wilpig Sky News : Sign Here Please 'Mr Dick Head' |
|
RE: Antennas that make you go WTF?! |
|
|
|---|
| Topic: Computer Networking |
10:23 am EDT, Jul 28, 2005 |
Catonic wrote:
I just got a look at this creature, and had someone walk by my cube when they did and they, very loudly, commented WTF as well. :)
I actually saw these in a store and had to laugh at them. RE: Antennas that make you go WTF?! |
|
Wired News: Cisco Security Hole a Whopper |
|
|
|---|
| Topic: Computer Security |
10:22 am EDT, Jul 28, 2005 |
Wired just posted the best article so far.. Here are some of the highlights:Lynn likened IOS to Windows XP, for its ubiquity. "But when there is a Windows XP bug, it's not really a big deal," Lynn said. "You can still ship (data through a network) because the routers will transmit (it). How do you ship (data) when the routers are dead?" "Can anyone think why you would steal (the source code) if not to hack it?" Lynn asked the audience, noting that it took him six months to develop an attack to exploit the bug. "I'm probably about to be sued to oblivion. (But) the worst thing is to keep this stuff secret." "There are people out there looking for it, there are people who have probably found it who could be using it against either national infrastructure or any enterprise," said Ali-Reza Anghaie, a senior security engineer with an aerospace firm, who was in the audience. During his talk, Lynn demonstrated an attack in real time using his own router, but did not allow the audience to see the steps. The attack took less than a minute to execute. "In large part I had to quit to give this presentation because ISS and Cisco would rather the world be at risk, I guess," Lynn said. "They had to do what's right for their shareholders; I understand that. But I figured I needed to do what's right for the country and for the national critical infrastructure."
Wired News: Cisco Security Hole a Whopper |
|
Further Abaddon Nogoodery |
|
|
|---|
| Topic: Technology |
10:22 am EDT, Jul 28, 2005 |
A presentation called “The Holy Grail: Cisco IOS Shellcode Remote Execution” was slated to run at the Black Hat conference in Las Vegas this week. But Internet Information Systems and Cisco, the companies presenting the segment, decided to pull the presentation after discussions between the two firms. Further Abaddon Nogoodery |
|
Abaddon, still up to no good. |
|
|
|---|
| Topic: Technology |
10:21 am EDT, Jul 28, 2005 |
Even more of Abaddon being up to no good. Abaddon, still up to no good. |
|
Some Papers Pull, Edit 'Doonesbury' Strip - Yahoo! News |
|
|
|---|
| Topic: Society |
1:09 am EDT, Jul 27, 2005 |
KANSAS CITY, Mo. - It may be
President Bush's nickname for key political adviser Karl Rove, but some editors don't think it belongs in their newspapers. About a dozen papers objected to Tuesday's and Wednesday's "Doonesbury" comic strips, and some either pulled or edited them. The strips refer to Rove, the White House deputy chief of staff, as "Turd Blossom."
Some Papers Pull, Edit 'Doonesbury' Strip - Yahoo! News |
|
CNN.com - Shuttle returns to space - Jul 26, 2005 |
|
|
|---|
| Topic: Science |
12:40 am EDT, Jul 27, 2005 |
A new battery of cameras trained on the shuttle during launch showed a small piece of debris falling from the underside of the orbiter, which NASA officials say could have come from a tile near a door covering the nose landing gear. But NASA's flight operations manager, John Shannon, said it was too soon to determine the source of the debris, how large any possible defect might be and whether it poses any safety threat for the spacecraft.
CNN.com - Shuttle returns to space - Jul 26, 2005 |
|
Wining and dining best way to woo women - Yahoo! News |
|
|
|---|
| Topic: Society |
3:35 pm EDT, Jul 26, 2005 |
Researchers at Imperial College London developed a mathematical formula and modelled courtship as a sequential game to find the best way to impress the ladies. Their results show that offering an expensive present signals the man's serious intentions but he must be wary of being exploited by gold-diggers who will dump him after receiving the gift.
Wining and dining best way to woo women - Yahoo! News |
|
Publius Pundit - Iraqi Cop Babe |
|
|
|---|
| Topic: Current Events |
1:52 pm EDT, Jul 26, 2005 |
Pounding her Baghdad beat, wrapped in a bulletproof vest and brandishing a pistol, Sgt. Bushra Jabar definitely stands out in the new Iraq. She’s the only woman in the Iraqi Army unit patrolling the Kharkh district in the heart of the capital.
Publius Pundit - Iraqi Cop Babe |
|
