///////////////////////////////// From: Andrei Mikhailovsky <mlists@arhont.com> Reply-To: andrei@arhont.com To: ciscoioshehehe@yandex.ru Subject: Re: [Full-disclosure] Cisco IOS hacked? Hello, Being a co-author of the "Hacking Exposed Cisco Networks" book and one of the co-founders of Arhont Ltd an Information Security Company that is doing the research for the book on Cisco Devices I have to make the following comments about the article in SecurityLab.ru: The russian article (http://www.securitylab.ru/news/240415.php) has been badly paraphrased from the livejournal of one of the authors/researchers of the book. As a result of this outrageously inaccurate paraphrasing of the article many confusions and misunderstandings have been circling on the security related sources and mailing lists. Some of the issues addressed in the article are true and Arhont is currently preparing a formal advisory that will be sent to PSIRT. Among the discovered issues are multiple vulnerabilities in EIGRP implementation. Also, authors have addressed the _theoretical_ aspects of an algorithm for cross-platform worm that could spread in IOS based devices. The existence of the practical implementation of such warm is a complete lie. Let me assure that there has been no development nor the desire to develop such code by the authors of the book. The theoretical methodology and algorithms will be also discussed with PSIRT at the appropriate time. In addition, there has been some minor inconsistencies of the livejournal postings that will be soon addressed and edited. If you have any comments on this topic we would be glad to address them. -- Andrei Mikhailovsky Arhont Ltd - Information Security ///////////////////////////////// =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 "Just one more time for the sake of sanity tell me why explain the gravity that drove you to this..." Assemblage
Andre; Thanks for your review and language skills in this area, the article translated was even a mess on babelfish and left more questions than answers -Henry --- "J. Oquendo" <sil@politrix.org> wrote:
///////////////////////////////// From: Andrei Mikhailovsky <mlists@arhont.com> Reply-To: andrei@arhont.com To: ciscoioshehehe@yandex.ru Subject: Re: [Full-disclosure] Cisco IOS hacked?
Hello,
Being a co-author of the "Hacking Exposed Cisco Networks" book and one of the co-founders of Arhont Ltd an Information Security Company that is doing the research for the book on Cisco Devices I have to make the following comments about the article in SecurityLab.ru:
The russian article (http://www.securitylab.ru/news/240415.php) has been badly paraphrased from the livejournal of one of the authors/researchers of the book. As a result of this outrageously inaccurate paraphrasing of the article many confusions and misunderstandings have been circling on the security related sources and mailing lists.
Some of the issues addressed in the article are true and Arhont is currently preparing a formal advisory that will be sent to PSIRT.
Among the discovered issues are multiple vulnerabilities in EIGRP implementation. Also, authors have addressed the _theoretical_ aspects of an algorithm for cross-platform worm that could spread in IOS based devices. The existence of the practical implementation of such warm is a complete lie. Let me assure that there has been no development nor the desire to develop such code by the authors of the book. The theoretical methodology and algorithms will be also discussed with PSIRT at the appropriate time.
In addition, there has been some minor inconsistencies of the livejournal postings that will be soon addressed and edited.
If you have any comments on this topic we would be glad to address them.
-- Andrei Mikhailovsky Arhont Ltd - Information Security /////////////////////////////////
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89
"Just one more time for the sake of sanity tell me why explain the gravity that drove you to this..." Assemblage
participants (2)
-
Henry Linneweh
-
J. Oquendo