Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge@linuxbox.org> wrote:
"That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment."
More here: http://blogs.iss.net/archive/blackhatlitalk.html
Gadi.
For the sake of clarity and transparency, Gadi Evron has absolutely no connection to this research whatsoever. He is famous in the security community for piggybacking off other peoples research. We are frustrated with him as much as we are annoyed. Andrew Security consultant
On Thu, 04 Feb 2010 15:04:22 PST, "andrew.wallace" said:
On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge@linuxbox.org> wrote:
"That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept
Gadi Evron has absolutely no connection to this research whatsoever.
For the benefit of those who just fell out of a tree - anytime a conference paper abstract says "review", it's pretty certain that the presentation won't be cutting 0-day technical stuff, but a *review* of stuff that half of us already know, for the benefit of getting the other half up to speed. Also - note that the skillset needed to be a cutting-edge researcher is *very* different from the one needed to actually present a good review talk and have the information retained by the audience. (I've done overview presentations. It's definitely not easy to make the points "You should be doing X, Y, and Z, and here's why you should invest the time and effort to do so").
He is famous in the security community for piggybacking off other peoples research.
You apparently fail to understand that making other people's research well known in the community is an important role. Would we be more secure, or less secure, if somebody did the research, but then nobody told the owners of all that Cisco gear about it? (Hint: "pwned router" is never a good day for the network provider) Or would we as a community be more safe, or less safe, if <trollbait> SANS didn't do security traning courses </trollbait>?
Andrew
Security consultant
Is that what you're calling yourself these days?
On Mon, Feb 8, 2010 at 6:37 PM, <Valdis.Kletnieks@vt.edu> wrote:
You apparently fail to understand that making other people's research well known in the community is an important role. Would we be more secure, or less secure, if somebody did the research, but then nobody told the owners of all that Cisco gear about it? (Hint: "pwned router" is never a good day for the network provider)
Or would we as a community be more safe, or less safe, if <trollbait> SANS didn't do security traning courses </trollbait>?
Andrew
Security consultant
Is that what you're calling yourself these days?
They cater for mostly the public sector, doing a SANS course does not make you *SAFE* it just means you have an understanding of current trends and be able to take mitigation. It is not a sure-shot way to be secure, you need to have years of hands-on experience in security. You can't walk out of SANS courses and be a security professional, you need to have a lot more than that. I started Cyber Security from my basement back in 1999 as an 18 year old, I am now 29 years old and am doing independent security consultancy work here in the UK for multiple global vendors. I have various titles and skills, security researcher, ethical hacker, security consultant, any of them can be used as those are the qualifications i've achieved over the years. It's not unusual in the security community for one person to fall into more than one category or be qualified to undertake more than one role. Kind regards, Andrew Security Consultant
participants (2)
-
andrew.wallace
-
Valdis.Kletnieks@vt.edu