RE: Cisco IOS Exploit Cover Up

28 Jul 2005

      The video *might* be available on the Washington Post later today.
...
From http://netsec.blogspot.com/
"Michael Lynn's "The Holy Grail: Cisco Shellcode and Remote Execution" 
  presentation blew the doors off of Caesar's Palace Today with a full 
  shell code exec capabilities for nearly ANY Cisco vulnerability. If 
  your organization hasn't updated any Cisco IOS-based devices lately, 
  the devices may be under someone else's control.

  The story from Michael Lynn proceed like this: He discovered clues 
  that there was an issue being exploited when reading translated 
  Chinese hacker sites that alluded to the issue. It was likely 
  discovered after the theft of the Cisco Source code in May 2004 
  which was itself part of a larger series of intrusions. Upon further 
  research leading to the development of working proo-of-concept code, 
  he and his former employer ISS notified Cisco. Cisco patched the 
  issue silently in April but never issued an advisory as to the 
  seriousness of the issue. Cisco has since pulled all older, vulnerable 
  versions of IOS from it's web site. After discovering that ISS was 
  allow Lynn to present on the issue, Cisco CEO John Chambers attempted 
  to censor the issue. When ISS stood it's ground, John Chambers 
  requested that the US Government intervene as a matter of national 
  security to no apparent avail.

  The popular press is starting to pick up on the issue now and I hear 
  rumour that Michael's presentation MIGHT be made available in video 
  via the Washington Post web site tomorrow."
...
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On 
Behalf Of Network Fortius
Sent: Wednesday, July 27, 2005 6:39 PM
To: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
I have been searching the net since this morning, for "The Holy  
Grail: Cisco IOS Shellcode Remote Execution", or variations of such.  
This seems to be - at the moment - the most thought after torrent ...
Stef
Network Fortius, LLC
On Jul 27, 2005, at 8:13 PM, Daniel Golding wrote:
...
Since the talk was actually delivered - does anyone have a  
transcript or a
torrent for audio/video?
- Dan
On 7/27/05 8:10 PM, "Jeff Kell" <jeff-kell@utc.edu> wrote:
...
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/ 
MySDN_CiscoIOS.html
Jeff

Buhrmaster, Gary

tags

participants (1)