More on Last Year's Cisco Source Code Theft

grazzy writes "The New York Times has a story about last year's theft of Cisco source code: The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. "

Re:t

You win, buddy.

Too bad all you had time to say was "t".

Did they steal the editor too?

[P3NIS_CLEAVER]

What's a Thef????

Re:Did they steal the editor too?

[TripMaster+Monkey]

Yup....and I wrote daddypants and everything.

Asleep at the switch.

Re:Did they steal the editor too?

What's a Thef?

A chef with a lisp?

Re:Did they steal the editor too?

Most amusing part to me is that the title was corrected but it still has "Years" instead of "Year's".

Re:Did they steal the editor too?

An uber thief that defies the normal term by even stealing the 'i' in his her own category.

Re:Did they steal the editor too?

[antifoidulus]

Well, the guy in question IS Swedish......

Re:Did they steal the editor too?

Linux geeks like to mount their devices.

"More on Last Years Cisco Source Code Thef"

[Beatbyte]

More on Last Years Cisco Source Code Thef

Oh well! Should have used the preview button!!

Ahh yes... karma at work you stinky taco!

Re:"More on Last Years Cisco Source Code Thef"

Well at least he didn't call him a Tode Chef.

Stakkato

[natron+2.0]

so now the hunt is on for the elusive stakkato...

Re:Stakkato

What, you mean he isn't a ~17-year old in Uppsala, Sweden?

Re:Stakkato

highly doubtful...

cmdr taco

[mondoterrifico]

Master of the ebonics.

Re:cmdr taco

Master of the ebonics.

That be fo' shizzle.

Re:cmdr taco

eugenics?

Re:cmdr taco

Or mo'ronics, either way...

Re:cmdr taco

[Master+of+Transhuman]

Yo, homey! What up? What it is? Run it down! Whaaaas zappening, bro?

It's not theft!

It's infringement!

Oh wait, sorry, we're talking about code not music. It's theft!

Re:It's not theft!

Exactly.

Mod parent up!!!

Re:It's not theft!

[Halo-]

Oh wait, sorry, we're talking about code not music. It's theft!

I know you're trying to be funny, but I think you're missing something basic. The reason this is "theft" and not "infringement" is because the intruder made a copy of something not generally released. (the source code).

In the music world, if someone buys an album, and gives copies to his or her friends, he is violatating the artist's right to control copies. (i.e. their "copyright"). If that same person hacks into the artist's recording studio, and downloads unreleased tracks, the artist has had those tracks stolen. It is a "theft".

Re:It's not theft!

If that same person hacks into the artist's recording studio, and downloads unreleased tracks, the artist has had those tracks stolen. It is a "theft".

Only if the person somehow manages to destroy the masters. How can theft happen when nobody is being deprived of anything?

Re:It's not theft!

[Halo-]

How can theft happen when nobody is being deprived of anything?

Well, I'm not a lawyer, but here's how I see it:

If there is value to a secret, and that secret is compromised, then you have deprived the secret's owner of the secret's value.

If I'm an author, and while I'm writing the highly anticipated sequel to a book, and someone breaks into my house, reads the surprise ending, and then broadcasts it to the world, they have stolen. If they make xerox's of the last chapter, and then hand those out, they have stolen AND infringed. If I publish the book, and they make xerox's and hand them out, they have infringed, but not stolen.

Most data is "born" with a copyright, but additional restrictions can be placed on top. Without the patient's consent, the doctor can't legally publish a medical records. If I break into a doctor's office, and make a copy of all the patients' charts, I have committed theft.

One last example. Recipes can't be copyrighted in the US. But the formula for Coca-Cola is still secret. If I break into the secret Coke vault, and make off with a copy of the formula, I've stolen it.

I think that to "infringe a copyright" someone already has to be exercising their right to make copies available. (again, I'm not a lawyer) Cisco didn't make their code available, so it was stolen. Infringement is an escalation of privilege, theft is the unlawful attainment of privilege.

Re:It's not theft!

[DeadChobi]

Hmm... perhaps someone is being deprived of... oh, the money garnered from the people who would've otherwise had to purchase the album legally? I'm not sure here, but I doubt many people would be willing to buy something they've already got.

But on 24 they said cisco networks were

self defending?????

Re:But on 24 they said cisco networks were

They don't self-defend half as well as they self-screwup.

Re:But on 24 they said cisco networks were

[the+MaD+HuNGaRIaN]

Not if you have the manufacturer code.

The fat guy knows them by heart.

Re:But on 24 they said cisco networks were

[Daravon]

But if they route the firewall and hack the proxy.....god I can't type that.....I feel dirty than that one time in Thailand....oh the stories I could tell...

Re:But on 24 they said cisco networks were

Let's just pray the thieves don't mess with the precompiled headers, or the reactor might melt down!

Re:But on 24 they said cisco networks were

[Anonymous+Cowpat]

ah yes, the secret 'back-door codes' that magically decrypt data from a harddisk, and then make all the files magically open on a CTU laptop...

rant: The gibberish in the latest episode of 24:
1, Why would the US be routinely patroling their own airspace with expensive stealth fighters?
2, So they can't find it because the pilot had the RADAR on, resulting in RADAR transmissions from the aircraft
3, Nor can they find it by switching one of their satellites to infrared and looking in the general area of air force 1 for a whopping great "ooh look at me I'm a jet engine!" signature
4, Air force one's pilot apparently doesn't know how to fly evaside maneuvers of any kind
5, and magically air force one's raft of countermeasures were never used.

Do the script writers have it in for the president?

Re:But on 24 they said cisco networks were

And unless I'm mistaken, Stealth Fighters don't carry air to air missles....

Re:But on 24 they said cisco networks were

[coolGuyZak]

Why would the US be routinely patroling their own airspace with expensive stealth fighters?

Because you don't want to put that technology at risk. It's safer here.

Nor can they find it by switching one of their satellites to infrared and looking in the general area of air force 1 for a whopping great "ooh look at me I'm a jet engine!" signature

The engines of stealth fighters use cooling techniques to mask their exhausts.

Air force one's pilot apparently doesn't know how to fly evaside maneuvers of any kind

When you can perform evasive maneuvers with a commercial airliner, let me know.

Not that I actually watch 24...

Re:But on 24 they said cisco networks were

[Kehvarl]

All they need to do is get HUDConnectionAnalysis, Monitor Bypass v5, Proxy Bypass v5, and Firewall Bypass v5, and the HUDLanView with LANSpoof and LANScan.

That and the standard toolkit you need to get to this stage and a nice collection of admin-hacked banks and government servers to bounce through will let them get anything they need and have plenty of time to look around without getting caught.

Re:But on 24 they said cisco networks were

[Bios_Hakr]

About point 2:

I haven't see the eppisode you talk about, but aircraft that don't have RADAR aren't completely without RADAR information. Another aircraft (AWACS) can gather very detailed information and feed that (along with other supporting data) into a ground-based processing center. At that point, data is aggregated and filtered to show pertinant info. That data can be uploaded via secure link to an aircraft trying to hide by not using active RADAR.

In fact, not using active RADAR is fairly common. It's almost like a sub using active SONAR. As soon as you flip the RADAR on, everyone can see you.

Re:But on 24 they said cisco networks were

[Martin+Blank]

Because you don't want to put that technology at risk. It's safer here.

Not entirely sure if this was in jest, but this excuse has been used before in a way that cost American (and Allied) lives. The Browning Automatic Rifle was not sent to WWI battlefields because it was feared that if the Germans got it, they could come up with something as good or better to use on American troops. Meanwhile, one of America's biggest advantages (the ability to move quickly with an automatic weapon that didn't require lengthy setup times) was completely nullified, turning US troops into Yet More Targets.

Eventually, BARs did go over, though in small numbers IIRC, and those units that got them did extremely well with the additional firepower.

Re:But on 24 they said cisco networks were

Hrmn.. What good would a fighter be with out air to air missles, sir?

Perhaps thinking of the stealth bombers?

Re:But on 24 they said cisco networks were

[Mikito]

Caveat: I don't watch 24, so I didn't see the aircraft involved.

"Stealth fighter" is the term commonly used to refer to the F-117 (I think that's the number) plane, that oddly wedge-shaped aircraft which is reminiscent of a diamond. It has lots of unusual angular surfaces.

It's also strictly a subsonic aircraft and not really intended to battle other planes. It was used in the first Gulf War, and probably the second, as a way to drop bombs without being detected. I don't think it has air-to-air missiles. Just a couple of guns if I remember correctly.

There is a supersonic fighter which is also stealth capable but I don't think it's in production yet. You can see it* at the Smithsonian Udvar-Hazy Air and Space Museum near Dulles Airport.

I have no idea what the reasoning is behind using an F-117 versus the more domelike B-2 stealth bomber.

* There was a bidding competition between two companies to develop a stealthy, supersonic fighter plane, and I forget whether the museum is displaying the winner of the government bid, or the loser.

Re:But on 24 they said cisco networks were

Sorry, I usually think of the F-22 when I hear Stealth Fighter, but that's probably because it's new and a bit more fresh in my mind than the F-117. I'm pretty sure it's designed to fire air-to-air missiles.

Re:But on 24 they said cisco networks were

[Mikito]

Sorry, I usually think of the F-22 when I hear Stealth Fighter [...] I'm pretty sure it's designed to fire air-to-air missiles.

In any case, they probably don't open up the cockpit and fire pistols at enemy targets. Some of the earliest dogfights were fought just that way.

Re:But on 24 they said cisco networks were

[Martin+Blank]

The F-117 does not carry defensive armament of any kind, even guns, as they would negate the stealth advantage. It relies on not being seen (and perhaps a bit of maneuvering to not get hit if it is seen) to stay in the air. It's actually pretty maneuverable as a result of its inherently high instability (as are all modern fighters, which cannot be flown without computer assistance).

The F-117 is deployed when the B-2 is not for several reasons, mostly logistical. It's expensive to move a B-2 out to a forward location because it's fairly delicate, and because it requires longer runways. It's also a lot easier to hit with visually-aided weapons if you actually do see it. The F-117 can use smaller runways, existing hangars, and smaller maintenance crews. Furthermore, it has the political advantage of not costing more than a billion dollars to replace. :)

Re:But on 24 they said cisco networks were

[Mikito]

The F-117 is deployed when the B-2 is not for several reasons, mostly logistical.

The details you provide fit in with what I've heard about the B-2 being deployed at very few bases around the world. I remember something about B-2s flying from the central US to Iraq and back. That doesn't sound like something you would want to do frequently.

Re:But on 24 they said cisco networks were

[Flendon]

When you can perform evasive maneuvers with a commercial airliner, let me know.Not that I watch 24 either, but we are not talking about your typical commercial airliner here. Or your typical commercial pilot. Give me a freaking break!

Re:But on 24 they said cisco networks were

[Flendon]

The F-117 is a first generation stealth plane with a primary tactical (local) role. Its armament hard points are internal so while it is capable of carrying missiles doing so would not affect the stealth signature (except the short period the bomb bay opened to fire). It is primarily used as a short range bomber as it is not truly stable enough for heavy maneuvering and can only carry two missiles and no guns. With only two bomb hard points it is also used for precision targets.

The B2 is a second generation stealth plane and has primarily a strategic role. The B-2 is strictly a bomber and is used as a long range bomber. Several reasons exist for the F-117 being preferred over the B-2. One is the 2.2 Billion dollar price tag per plane. In addition only 21 (if more than the official number have been built no conflict to date has warranted bringing them out of hiding) B-2s have ever been built and they are all based out of Whiteman Air Force Base, Missouri. While the B-2 has the advantage of almost 10 times the range, improved stealth and being able to carry 40,000lbs of bombs the price tag and rarity keep it from being used nearly as often as the F-117. With the massive bomb payload it is most effective at blanket bombing, though precision bombing can be done by reducing the payload to smart bombs.

The F/A-22 is a supersonic fighter craft with ground attack capabilities as well. The F/A-22 has a 480 round Gatling gun and multiple internal and external hard points capable of carrying missiles and bombs simultaneously. The plane is highly maneuverable due to the long refinement of its computerized flight control system. The plane also utilizes an AN/APG-77 Active Electronically Scanned Array (AESA) radar that changes frequencies more than 1,000 times a second along with other techniques to make it almost undetectable. As other have mentioned stealth planes frequently mix cold air into the exhaust prior to expelling it to prevent IR detection. The plane is an excellent air superiority machine; I would guess this was the plane used in the episode you referred to.

As to why the US was patrolling its airspace with stealth fighters, well it advanced the plot, or you could go ask a tin hat. For why the pilot couldn't maneuver or use countermeasures it advanced the plot. And I know I skipped the F-35 which is also a capable Air to Air stealth platform, but it will not be in production for another 3 years.

Question for an expert...

[wcitech]

I'm without a doubt no networking expert, so I'd like to ask one of you who is: if the source code for cisco's equipment is leaked, would that person have the ability to create some kind of virus/malware that could bring the internet to a screaching halt? What can they do, infect routers with viruses now? I guess I'm unclear on the real dangers in a situation like this.

Re:Question for an expert...

[CaymanIslandCarpedie]

No, that just makes it more secure sense more eyes will be looking at it ;-)

Re:Question for an expert...

the leak of crisco source code could only be used to create an attack against crisco firmware which would of course do nothing to those of us with enough of a clue NOT to be using crisco for all our cooking needs...

-GenTimJS

Re:Question for an expert...

[Phil246]

only if there are flaws in said code.

Re:Question for an expert...

GODDAMMIT, THE WORSE IS SINCE, NOT SENSE.

Seriously, it's not that difficult to use the right fucking word.

Re:Question for an expert...

[galdur]

Routers have already been compromised because of weak or default passwords. You could already do some temporary damage by messing with the setup. Add to that the fact that they are firmware upgradeable in most cases ... you do the math ...

Re:Question for an expert...

[fimbulvetr]

which would of course do nothing to those of us with enough of a clue NOT to be using crisco...

Let me ask...
What do your providers use? How about your provider's providers?

Thought so.

Re:Question for an expert...

What can they do, infect routers with viruses now?
Potentially, but more likely they'd find a vulnerability in the code that would allow for DoS attacks - along the lines of the BGP transitive attribute problem. It would also give them a chance to poke holes in the telnet/ssh/tacacs...etc functions so they could get onto the device, wipe it and reload it. Specially good fun if they also screw with the console baud rate, partition the flash, change the config register... etc.

I guess a virus is possible, they could compile a problem into the IOS code, upload it over the top of the old one and reload. A subtle issue (drop one in ten packets or something) would be very tricky to isolate - not that Cisco aren't more than capable of making mistakes with similar results themselves...

Re:Question for an expert...

[JustOK]

mmmmm k.

Re:Question for an expert...

[globalar]

No, likely not.

1) Cisco IOS does not run the *whole* Internet. Different IOS versions apply as well.

2) Revealed source code != massive untapped exploits.

3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course other ways to crash a router.

4) IOS is mature and (obviously) well tested. People have been throwing all sorts of strange things as Cisco routers for a long time now. Outside the main "train," any exploit would be a real chore to find.

Re:Question for an expert...

[Thud457]

" GODDAMMIT, THE WORSE IS SINCE, NOT SENSE. Seriously, it's not that difficult to use the right fucking word."

Haw Haw!

Re:Question for an expert...

[computational+super]

Nope, nothing word than using the wrong worse.

Re:Question for an expert...

[Phil246]

whoever modded this a troll - turn in your badge of geekhood. Flawless sourcecode is useless when it comes to trying to use it to do damage. Only if there are flaws IN the code, will it be possible to damage routers by exploiting it.

Re:Question for an expert...

[lazlo]

3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course other ways to crash a router.

I kinda wonder about this sometimes. As a for instance, here is an excellent example of how to write an SMTP client in the TCL shell included in recent IOS versions. Of course, getting the shell to start out with is left as an exercise to the reader, but routers operate more and more heavily on the data that passes through them and arrives at them. On a modern IOS router, you have a bunch of routing processes handling routing protocols, as you would expect, and then you've also got a telnet server, an ssh server, a couple of small tcp/udp services (if for who knows what reason you've decided to turn them on), snmp support, a web server with the capability of executing scripted code directly on the router... In short, there's a lot that's potentially explotiable there.

Of course, I completely agree with your basic assertion that the leak of the source code isn't a particularly big deal, from a security standpoint. The best evidence of this, for me, is the fact that I don't feel at all insecure with the linux-based routers I use, and (sarcasm) I understand the source code to linux got leaked quite a while ago. (/sarcasm)

Re:Question for an expert...

People learning how Cisco routers work without having to take 4 to 8 years of Network Academy courses which cost about $500.00 per semester and by the time you're finished the first $4000.00 dollars you spent is nearly useless ancient technology.
Starting at CCNA (A four semester course) each Network Academy course including all fees is well over the price posted above and depending on who's teaching you and how stupid your classmates are the cost is no guarantee you'll pass the cert test. The class will be dumbed down to include the lowest common denominators. After paying well over $2000.00 dollars to attend a CCNA authorized Academy Connection course and busting your ass to ace it, the end result is everyone in the class including those that ought to have failed it are handed the answers to the cert test thanks to CERTKILLER.COM.
What I'd like to see these hackers provide is a stand-alone virtual reality router simulator where I can set up several routers using scripts, with open terminals then attack and defend them etc.

Re:Question for an expert...

[dgatwood]

I'd be more worried about a timebomb. Somebody writes a worm that spreads to all the Cisco routers on the planet, then sits and waits until some specific time---say... the anniversary of the first movie theater opening---then thus down the IOS processors and locks the OS up in an endless reboot cycle.

If somebody did something like that, it could basically bring the majority of the internet to a grinding halt. By anybody's book, this is a bad thing. Indeed, that's why I've been saying for so many years that we need more diversity on the Internet, that we depend way too much on Cisco and their systems, and that the Internet isn't nearly as reliable as we think....

Re:Question for an expert...

[dgatwood]

1) Cisco IOS does not run the *whole* Internet. Different IOS versions apply as well.

It runs enough of the backbones to cause very serious problems if it is compromised.

2) Revealed source code != massive untapped exploits.

I wouldn't want to count on that. It's possible that their code is perfect, but....

3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course other ways to crash a router.

So you crash it constantly with a bunch of Windows bots. Maybe find an obscure kernel panic that can be triggered via the administrative interface and crash the ability of the router to boot while you're at it so that the admins can't patch IOS to fix the bug.

Re:Question for an expert...

[Master+of+Transhuman]

Unless you're Yoda...

"What worse wrong word is?!"

Re:Question for an expert...

[Master+of+Transhuman]

Well, I took the first two of the CCNA series so far without it costing ME anything, since I go to City College of San Francisco on a Pell Grant AND get a Board of Governors Fee Waiver as well...

Well, it did cost me the textbook - which is not cheap, either...

Haven't decided yet whether to take the last two courses, since I doubt I'll be doing much WAN router configuration for big corporations. Not to mention the rest of the Cisco training - I have no intention of being a CCIE.

Re:Question for an expert...

[Keruo]

Even with the leaked source code, you'd have to be quite skilled progammer to find flaws which you could exploit in there.
The strength(and flaws) of internet become from the versatile equipment used in creating it. Most operators have their own device setup they're familiar with.
Not everything runs with cisco, though they would probably want it that way.(ca-ching)

The hardware in question isn't your average linux/bsd router, so you can't just whip up exploit with x86 compiler and push it in.
Since the system isn't normal x86, you'd need to have similar equipment where to build and test the exploit before trying to use it out in open.
And even with ebay, most cisco stuff is still out of reach for scriptkiddies and even some more skilled hackers.

Now, assuming you are skilled enough to find holes in code, and resourceful enough to scrap together a platform where you can build and test exploits,
there's few steps still to take before you have anything worth getting worried about.
You would need to find some remote hole in the code which would give you some degree of access to the system, and then another hole to actually execute your exploit on the system.

Any correctly configured router would have remote console access either disabled or in separate management network, so basically it's impossible to find remote hole against routers directly.

But let's assume you found one, and got the local exploit in:
The local exploit would probably do something that would be hidden from the user/administrator on IOS interface.
Something like hidden routing tables, which the hacker could use to forward traffic destined to certain addresses through or to his own machines without the real user even noticing anything odd.
This would enable hiding his own traffic for hacking other places through that connection, or just to transfer lots of data(warez).
It could also allow man-in-the-middle attacks for throughgoing connections.

More realistic scenario:
The programmer might find some buffer overflow from the code and with the overflow, he can create exploit that crashes the router remotely.
That would create DoS situation on systems connected to the router, which would last until it's rebooted.
The DoS woudn't halt entire internet, because when one route goes down, routers find another path to transfer the data.

Re:Question for an expert...

[hempalicious]

Dude ... read the text you quoted. crisco was intentionally misspelled. I would just about guarantee his providers' providers are not using Crisco to route his TCP packets. Although they certainly may be using it for other (less scrupulous) activities.

Re:Question for an expert...

[Guido+von+Guido]

While I'm agreed with the general statement, I'm not sure it's of any real value. Where is this flawless source code? Based on recent experiences with Cisco code, Cisco certainly doesn't have it. I don't meant to single out Cisco. Look at the history of openssh, and I think the OpenBSD folks write high-quality, security-conscious code.

Re:Question for an expert...

[fimbulvetr]

Yeah I left it too ambigious, it was my fault.
I should have put something about PAM in there.

Re:Question for an expert...

[PhraudulentOne]

The person could find errors in the code which could lead to DoS attacks, or perhaps unauthorized access via a buffer overflow, etc. Probably not a virus. Another possibility could include this hacker modifying the source and recompiling the code into a new/existing firmware. If he has access to a Cisco webserver, he could upload this firmware and have half the planet installing modified code. Perhaps he could insert a backdoor, or hell, just make unstable code to make Cisco look bad - routers could start failing all over the place. There are a LOT of (evil) things that a Cisco router could do with bad code.

Ofcourse the kid probably isn't going to do any of this, but it is *possible*

It is more likely that this kid would sell the technology to a competitor of Cisco, but he probably just hacked it because it was fun.

Re:Question for an expert...

Take my advice and don't spend another dime.
You're better off purchasing the test, then plugging keywords you don't understand into any search engine.
Ask you're Prof for the stand-alone nearly useless router simulator that Cisco does provide first though. He/She would probably give you a copy of it.
The Academy Connection graduation doesn't count in the real world, however the cert does for some odd reason even though the answers to every cert in the world can be purchased online for 2% of the college course cost.

Re:Question for an expert...

[SpaceLifeForm]

It would be much easier to do that with zombie windows machines.

Yes, it would be a different attack, but the results could be just as bad.

Re:Question for an expert...

[online-shopper]

Uhm, since somebody broke into their network and got the source to begin with, wouldn't it be reasonable to think they may have figured out how to remotely crack a cisco box?

Re:Question for an expert...

[Lodragandraoidh]

My question is - why did they choose to use TCL? There are much more efficient interpreters (from an executable standpoint) - such as Python...

Re:Question for an expert...

[dgatwood]

True, but with the IOS code, a black hat might be able to do it in a way that wouldn't be as easily traceable as a packet flood or whatever. You know, like "generate a single UDP packet that is larger than n bytes with the byte sequence 'x y z a b c' at offset k" or whatever.

IMHO, there are two models that work: tight security on source code and open source, the former because black hats have less tools to find security holes, the latter because the white hats vastly outnumber the black hats. Closed source that leaks is probably the worst of both worlds.

Re:Question for an expert...

[pthisis]

My question is - why did they choose to use TCL? There are much more efficient interpreters (from an executable standpoint) - such as Python

Timing is part of it. IOS 12.1 introduced TCL in 2000, but it'd been in betas for a while before that and I'd guess was originally (internally) incorporated by 1998 at the latest. At that point Python was around version 1.4, which was really the first pretty stable, usable version. I doubt Cisco would commit to something that new (at the time).

I'd also be curious to know what the relative memory footprints are on the Cisco hardware.

Re:Question for an expert...

[HiThere]

Try *WHEN* did they choose to use TCL.

Python, et al. haven't been widely known for all that long. Cisco probably got started before Python reached 1.5, possibly before it was written at all.

Once you've chosen a language for a project, it required a significant event to cause you to re-decide.

Re:Question for an expert...

[Lodragandraoidh]

I guess I'm an early adopter...

Thanks for the info - Cheers!

Re:Question for an expert...

[Keruo]

They didn't use holes in cisco routers to break into their network.

They used stolen passwords gathered from other hacked machines by using trojaned sshd's.

Says so in TFA.

Re:Question for an expert...

[strikethree]

only if there are flaws in said code.

which translates into: yes!

Re:Question for an expert...

This is a really stupid comment, but has anyone seen Terminator 3?

Re:Question for an expert...

[arivanov]

Cisco has always been a champion in managing to ship a record number of bugs and still stay alive. Compare to them Microsoft is a stellar example of quality assurance.

Just look at the mixture of puke and shite they have for a TCP stack (do not mistake it with the forwarding engine which is a different thing). Every single TCP weakness reported in the last 3 years has cisco amidst the vulnerable list. Inadequate reaction to ICMPs, insecure resets as a reaction to bogus data, you name it.

Interestingly enough they are still out there despite all their bugs. My personal take on this is that they have managed to create create a stable ecosystem of certified "specialists" that do not know anything but cisco and do not buy anything but cisco. From there on it is not really relevant if it breaks.

Anyway, back on topic. Even a record number of bugs does not mean that a system is a usefull target for intrusion. Cisco is not such a target, because it is monolytic. You cannot easily transfer control from a bug to something that is usefull for you (some form of command line). There is nothing to "exec" so you have to figure out the address of an interpreter instance with enable access and manage to invoke it without buggering up the scheduler and the nearly insane memory allocation. Definitely non-trivial. Compare this to a unix platform where for a "good bug" you can execute a shell with under 30 bytes and the difference becomes quite obvious. Futher to that the CPU on an average cisco is outright flimsy so even after taking over one you cannot really use it to listen to network traffic. It has nearly no local storage so you cannot use it to stage an attack or as a zombie.

So on so fourth.

It is hard to hack and very useless. Once upon a time the answer to "I have root on this router, what can I do with it" was "You can shovel it up your arse". That is still the case.

In btw, I read the article and it does not compute. AFAIK Cisco (as a company) uses one-time passwords on all internet accessible systems. SecureID to be most exact. Used to be SKEY prior to 1998 (or 7?). So you can sniff passwords until you puke without getting anywhere. The article is missing a few steps on how the guy got from the bastion hosts to real stuff. Alternatively (and more likely) it is full of shit.

Re:Question for an expert...

[DA-MAN]

Well, I took the first two of the CCNA series so far without it costing ME anything, since I go to City College of San Francisco on a Pell Grant AND get a Board of Governors Fee Waiver as well...

Hope you took the course with the correct teacher. Of the four Cisco teachers there, only one is worth a damn.

Re:Question for an expert...

[Master+of+Transhuman]

I found Leo Baca and Carlos Colom to be extremely knowledgeable people. Both of them know their stuff - they do networking contracts on the side for people like JPL.

The course itself has problems, mostly due to problems insuring everybody can get hold of a cable when needed in the labs, and problems with the quality of the online Cisco course itself - I am absolutely appalled at how many typos, screwups and just plain crap is buried in the Cisco course offerings!

Re:Question for an expert...

[Master+of+Transhuman]

Actually I have tons of networking texts downloaded from alt.binaries.ebooks.technical and as long as I have a Board of Governors Fee Waiver, I could take the rest of the Cisco courses pretty much free - although since you have to do the exercises as part of the grade, you still have to buy the textbook - but the one I had is good for the first two courses at least and probably the remaining two IIRC. I actually used last year's book - only a couple of the exercises had been changed and they're downloadable from the Cisco site anyway.

Re:Question for an expert...

[DA-MAN]

I found Leo Baca and Carlos Colom to be extremely knowledgeable people. Both of them know their stuff - they do networking contracts on the side for people like JPL.

Whoops, don't recognize those names, perhaps I am thinking of the CCSF annex or the SFSU group. Disregard my previous posting.

Spy world!

[iztaru]

This sounds like the old James Bond(TM) movies or similar ones. The thief breaks a system, takes and changes what he wants to and after a year the most powerful U.S. security agencies do not even know what was taken.

Missing

[nizo]

One slightly used t. Reward if found.

Re:Missing

Isn' i possible ha aco's keyboard has los i's "" key?

Heh

[mattmentecky]

Internet Attack Called Broad and Long Lasting by Investigators

Thats about the only thing nerds/hackers are ever going to be doing that is described as "broad" and "long lasting".

Re:Heh

[EvilTwinSkippy]

Thats about the only thing nerds/hackers are ever going to be doing that is described as "broad" and "long lasting".

Not according to the Spam in my inbox.

Re:Heh

What about Cowboy Neal's butt?

Re:Heh

The log I dropped yesterday was pretty broad. Damn thing wouldn't flush either so my flatmate and I had to resort to breaking it into chunks with a knife. So it was pretty long-lasting as well.

Re:Heh

Speak for yourself, mine is broad, long and lasting.
Oh your not talking about net connection huh?
I believe I've hammered home my point on several occassions and have even been know to take all night doing it.
It might not be broad, long, but it darned sure is lasting.
If nothing else we geeks have strong fingers and wagging tounges.

Re:Heh

[Master+of+Transhuman]

It's not how broad you make it, it's how you make it long-lasting...

Oh, never mind, this is /.

Re:Heh

Thats about the only thing nerds/hackers are ever going to be doing that is described as "broad" and "long lasting".

Uhm... I don't get it. Is this another one of those Dr. Fun jokes where you need to be a little bit "special" to recognize the humor?

Doesn't make sense

[afidel]

Cisco uses two factor one time passwords for remote access. I don't see how planting a trojaned copy of SSH on the lab computers would give the hacker access to Cisco's systems.

Re:Doesn't make sense

[Argon]

Sometime back Cisco allowed ssh access for employees by using user created keys. That's now disabled. I don't remember if it was disabled after this incident or before.

Re:Doesn't make sense

[afidel]

Hopefully before since they were talking about removing it back in 2002. Infosec must have been supremely pissed if that is in fact how they got in!

Re:Doesn't make sense

[dr_dank]

From the tone of the article, it seems that a keylogger was used to grab passwords from a cisco user, which were then used from machines in that lab remotely exploited by an ssh rootkit.

Re:Doesn't make sense

[afidel]

Yes, but if things were working as they should have been a password logger doesn't do you ANY good. The password as entered by the user consists of two parts, the first part is their passphrase, which is like a traditional password, but the second part is a numeric sequence which is spat out by a numeric FOB which is synced to the master access server. These combined passwords must be entered within a narrow window, and once accepted are no longer valid. Someone must have f'd up big time to allow an internet accessible machine to bypass this very strong access mechanism.

Re:Doesn't make sense

[rcw-home]

Cisco uses two factor one time passwords for remote access. I don't see how planting a trojaned copy of SSH on the lab computers would give the hacker access to Cisco's systems.

I don't know how Cisco has their stuff set up, but it's easy to imagine such a breach playing out:

1. Black hat replaces ssh client at University lab computer.
   
2. Authorized but unwitting user uses University computer to VPN into Cisco's network and then uses the trojaned ssh client to connect to a computer on Cisco's network.
   
3. The trojaned ssh client is now able to execute arbitrary code as the unwitting user on an internal Cisco computer. It uploads an executable to the internal Cisco computer that regularly makes outgoing TCP connections (they could even look like web browser traffic) to a computer under the black hat's control. The black hat sends control commands through these connections which the executable gladly obeys.
   
4. The black hat is now free to scan the internal network to look for a host they can get root on, or hope that the user's account on the internal server they control will be used to connect to other internal systems, perhaps using more highly privileged accounts. (Any admins ever had to sit down at a users' computer and ssh into a server to fix something?) The longer the initial breakin is left unidentified, the better the chances of this occurring.
   
5. Eventually the black hat will strike paydirt and get root on a system. From then on, the rootkit that the black hat installs can use any credentials anyone uses to access any systems remotely. Ssh into something? It can run commands on the remote host. Connect to a file server? It can replace executables that you have write access to and wait for someone else to run them.
   

While an attacker would need a fairly deep understanding of the software infrastructure he is attacking and of the usage habits of the users there to pull this off, the same basic strategy is applicable to UNIX, Windows, anything. I remember reading several years ago that the breakins at Exodus and VA Linux happened this way.

We're only used to the stuff we hear about not doing any real damage, because it's all dumb worms running without anyone at the controls. Just because we can fend off that stuff doesn't mean that someone with determination, knowledge, and patience won't get in and stay in.

Re:Doesn't make sense

[dr_dank]

Its not easy to pull off, but if you can enter the sequence before it expires, you can gain entry. IIRC, for the RSA SecurIDs, its 90 seconds.

Re:Doesn't make sense

[Jon+Peterson]

That's an understatement. I read the original description of the timing security flaw, and it was far from practical to exploit. Let's just say that you needed a real-time key logger on your target user, and the ability to type _very_ fast just to get started. I'm not aware of the weakness ever being exploited, and it was fixed prior to 2000.

Meanwhile, people are still coming up with amusing weaknesses! Here's one that merely requires stealing the user's token for a week without their knowledge, and having access to a digital camera, an accurate OCR application, and two months worth of CPU time.

http://www.okiok.com/index.jsp?page=Security%20Bul letin%2003-002

Re:Doesn't make sense

[afidel]

Nope, once it is used that sequence is removed from the valid pool. This is to insure against replay attacks just as you describe. I've done it to myself before where I hit disconnect on accident and was unable to relogin until the next number came up on the fob.

Re:Doesn't make sense

ssh key access was disabled long before this incident occurred.

Re:Doesn't make sense

Yes it does.

Cisco source is maintained via CVS with anonymous browse rights. The CVS bug was known and exploitable (working code against linux/fbsd/solaris) (but not public) since about Feb 2003.

Furthermore, one of CISCO's security people (Google broncbuster) was part of an infamous hacking group (Legions of the Underground) and was hacked SSHing into CISCO from his home machine. (Google EL8.3). He was fired after it was discovered he was attempting to trade CISCO NETRANGER source with gobbles@hotmail.com in exchange for 0day SSH exploits against OpenSSH.

Timing..

[gmerideth]

Rather good timing that last night on "24" we see Cisco's name all over the screen's at the CTU command center and the actress works in the line "the Cisco network is defending itself" followed immediately by an Alienware laptop on the screen.

Just in time for major articles about how bad Cisco's security was that they had some source code stolen. /golfclap foxtv

And people wonder why I don't watch television. Sad..just sad.

Re:Timing..

If you dont watch TV how did you see that?

Re:Timing..

[irq255]

By downloading the show.

Re:Timing..

[Daravon]

All depends. Joe Sixpack is going to go "Them there sisckoes are pretty durn good." Nerd says "But they got hacked!!" Who is Joe going to believe? Nerd or TV?

Re:Timing..

[notsoanonymouscoward]

You think that you're different or somehow special because you're not hooked directly to the idiot box? You may be thinking "At least I don't see the commericals"... but as you so aptly pointed out... the entire show is a fucking commercial.

Re:Timing..

And people wonder why I don't watch television.

I don't think anyone cares whether or not you watch television.

Re:Timing..

[gad_zuki!]

>And people wonder why I don't watch television.

So this vision of 24 came to you in a fever dream then?

Re:Timing..

You're a jerk. I don't think anyone cares whether or not you think anyone cares whether or not he watches television.

Re:Timing..

[springbox]

Good thing it's TV where things don't have to be real, accurate, or make sense. I love pointing this out to my friends all the time.

Re:Timing..

Or maybe it's from all that cocksucking his mom does.

Re:Timing..

[Master+of+Transhuman]

Better timing than the Lone Gunmen show that showed the World Trade Center being attacked by a hijacked airliner - six months before 9/11.

Whereupon Condi Rice says, "Who knew?"

Right, Condi, and your title was what then?

You knew, all right. That's why you told Willie Brown not to fly that day.

Re:Timing..

[JTek]

Last night on "24"...And people wonder why I don't watch television. Sad..just sad.

Obviously, you do watch television.

Re:Timing..

[Just+Some+Guy]

I got stuck watching "CSI: Miami" with the in-laws. I've never seen "24", but it can't be more inaccurate than "Miami": "Hey, we've got a X-ray machine's serial number - let's just type it into the Bat Crime Computer to see who bought it."

My wife kept looking at me to watch my reaction to the on-screen stupidity and eventually said that she'd never actually heard anyone roll their eyes before.

Re:Timing..

[qwertyatwork]

...but it can't be more inaccurate than "Miami"

I watch both and 24 is WAY more inacurate than csi miami. Also full of right wing propaganda.

Re:Timing..

[twilight30]

Not a troll ... who is Willie Brown?

Re:Timing..

[Master+of+Transhuman]

Mayor of San Francisco at that time.

To be fair, the only source for that Rice report is KPFA Radio (IIRC) in San Francisco. Apparently Brown WAS warned, but by who is not certain. My point stands, tho.

hackiis6's 18yr old rule should be tossed out.

[hydroxy]

This definetly goes to show that www.hackiis6.com's 18yr old rule was probably imposed to simply limit the number of hackers who will enter. Props to the kid for pulling this off... even if he did get into trouble =).

Re:okay I'll get this out of the way

Try using a little more funny next time.

Alarming ?

[alexhs]

The incident seemed alarming enough

Why alarming ? The internet is still up and running since that last years theft.

(I guess it should be read last year's)

Sensationnal breaking news !
The programming instructions of Linux and Free/Net/OpenBSD, which run many of big corporations servers, is avalaible to the sight of anybody! That's alarming!

Re:Alarming ?

[iztaru]

I think the problem with this could come from two corners: 1- The people at Cisco are not as confident with their source code as the people of Linux, Free/Net/OpenBSD 2- There are back doors in the Cisco systems for the government to use and they are afraid anyone else might find them useful!

Re:Alarming ?

[fredrikj]

programming instructions

Programming instructions? In the popular press (at least in Sweden), stolen source code is referred to as source codes and in such a way that it sounds like stolen passwords.

Re:Alarming ?

[geekee]

"1- The people at Cisco are not as confident with their source code as the people of Linux, Free/Net/OpenBSD"

Why are Linux, Free/Net/OpenBSD confident in their code? From the article:
"The crucial element in the password thefts that provided access at Cisco and elsewhere was the intruder's use of a corrupted version of a standard software program, SSH."

Yet more evidence to debunk the Linux is secure myth.

Wren Montgomery

[kevin_conaway]

So let me get this straight. This lady knew that someone had breached her system and she a.) kept right on using it and b.) taunted the person who had breached her system? What was she thinking? If your machine has been compromised, pull the plug and clean it!

Re:Wren Montgomery

It was a woman, of course she wasn't thinking.

Re:Wren Montgomery

[Drakonian]

At least she's hot.

Re:Wren Montgomery

[Rauser]

My guess is that "her system" was just an account on some university *nix box, and that she had no more power to "pull the plug" than any other user.

And anyway, since when does etiquette play into the considerations of teenage vandals of any kind?

Re:Wren Montgomery

[Otter]

And while normally I'd applaud her attempt to shove a PowerBook into the picture regardless of the actual topic, in this case Mac zealotry probably should have counseled some restraint...

Re:Wren Montgomery

[darkmeridian]

She didn't taunt the guy--the dude was checking her e-mail. She didn't know he had this capability until he, uh, deleted all her e-mail.

Re:Wren Montgomery

You forgot the sarcasm tags...

Re:Wren Montgomery

[OglinTatas]

It looks to me less that she is flaunting a powerbook, than hiding a body she is not comfortable with. I would do the same thing--you know, try to suck in my belly, cover the mustard stain on my shirt, etc.-- if I were being photographed.

Re:Wren Montgomery

[Otter]

Looking at it again, I think you're right. Sorry about the moderation...

Re:Wren Montgomery

Actually, the photographer insisted the laptop be held so the logo was in view. Even though the hacking had nothing to do with the laptop.

Re:Wren Montgomery

[thulorn]

Your guess is perfectly accurate; a Berkeley department cluster, with Wren having no power beyond informing the sysadmins of the breakin, which she promptly did.

Did anyone parse that as...

[ajlitt]

"Source Code Chef"? That may make more sense.

Re:Did anyone parse that as...

Yes. A 16 year old Swedish source code chef. I wonder if he sang a jaunty polka when he pwned NASA. =D

Re:Did anyone parse that as...

[marsjays]

Maybe "Sauce Cod Chef"..

Re:Did anyone parse that as...

[Drantin]

Stir-fried with lots of Goto sauce...

Re:Did anyone parse that as...

"Source Code Chef"? That may make more sense.

And the attackers are supposedly from Sweden. Bork, bork, bork, bork!

Re:Did anyone parse that as...

[Master+of+Transhuman]

New TV show: The Master Hacker!

And here's Dangerous Andy about to do a number on him!

Contradiction?

[simon2263]

On one hand, the article claims that "With such information, sophisticated intruders would potentially be able to compromise security on router computers of Cisco customers running the affected programs" and on the other hand that Cisco itself claims that "the improper publication of this information does not create increased risk to customers' networks". These statements are, IMHO, in direct contradiction of each other. Who the hell should we believe?

Re:Contradiction?

Well, on one hand you have an article in the Times which was probably not written by someone who actually knows anything about network security, and on the other, you have a company desperate to cover its ass.

Believe neither.

Re:Contradiction?

[saider]

The first part is the journalist who wishes to sensationalize his/her story and the second part is the company trying to downplay the whole fiasco.

My guess is that the true answer is in between (probably closer to Cisco's story).

Re:okay I'll get this out of the way

I think that was the best he could do...

:(

Thef

[Doc+Ruby]

What do Slashdot "authors" (editors) do all day? They publish about 35 stories in a 24 hour cycle, usually about 4 editors participating. That's about 1-2 stories an hour, with 1-2 authors overlapping shifts. The summaries take about 2 minutes max to read, and the stories take max 5-10 minutes. That seems ample time to catch dups, fix typos, spelling and punctuation errors. Why not? What else are they doing? Maybe they don't read Slashdot after they've published, so they don't see all the feedback on their poor editing performance.

Re:Thef

[gowen]

What else are they doing?

Applying massive amounts of negative mod-points to posts criticising Slashdot Editors... See you at (-1 Troll), baby).

Re:Thef

[Doc+Ruby]

Moderation 0
50% Interesting
20% Troll
20% Redundant

Where's another post running a time analysis of Slashdot editing? Even given Slashdot's absence of features to prevent comment redundancy, isn't a chorus of "not again!" appropriate? And how is my coherent, accurate comment, which I haven't seen before, a "Troll"?

Perhaps this comment is just the criticism uberpost, destined to point out all the serious flaws in Slashdot's publishing system model. If so, here's some constructive suggestions for fixing it:

1. Submitted story queue filter: editors see a story, with links listed separately (already a Slashcode function). Links already published in a previous story are indicated, linked to the previously published story. Publishing such links includes an "ongoing coverage" indication in the new published story.
   
   
2. Submission spell/grammar checker
   
   
3. Submission link checker: links in stories in submission queue are interlinked through a Slashdot redirection script which sets a flag. Until each link's flag has been set, by following the link (through the script) to the linked object, the story cannot be published.
   
   
4. Mod comments: Negative moderation must be accompanied by an explanatory comment, which can be viewed by metamoderators. Metamoderation gets more "teeth", with 3 "unfair" metamods cutting modpoints for a month, and 3 such suspensions cutting modpoints forever.
   

Re:Thef

[Doc+Ruby]

Well, *you* volunteered that obnoxious comment. It's the low quality I care about, not the dedication of the work. If volunteer work doesn't cut it, the profitable business using it needs to pay for quality.

Re:Thef

[Master+of+Transhuman]

They use Windows. (C'mon, where do you think all the Windows trolls here come from and why are all Windows trolls modded up?)

And haven't figured out how to use the spellchecker since it's on a menu, not an icon (on the desktop.)

Re:Thef

[coolGuyZak]

Moderation 0
50% Interesting
20% Troll
20% Redundant

And as you all can see, the last 10% is 90% of the work...

Re:Thef

[Doc+Ruby]

And on what basis do I owe you, Anonymous asshole Coward, anything? Like listening to your inane advice? "It's free, it's OK if it has problems - don't complain." Get someone else do spank you for a while - I'm done wasting my time.

Re:Thef

[strikethree]

While your commentary is insightful and your suggestions are useful, you are off topic. The topic is Cisco source code theft. These kinds of suggestions do not belong in the comment section for stories. I have seen hundreds (thousands?) of them over the years and _nothing_ has ever changed because of them. Maybe send them directly to taco or cowboyneal?

I was going to post anonymously so I could mod you offtopic but, I felt it was important that you, or anyone else, not think that I am hiding... which means, of course, that I can not mod your comments offtopic anymore.

strike

Re:Thef

[Doc+Ruby]

"Offtopic" I don't quibble with. It's true, though one metaflaw in Slashdot is the problem of feeding back about problems in Slashdot, especially problems in Slashdot feedback.

I get the very uneasy feeling...

[kclittle]

...that all the discovered breaches are by inept, pimply-faced teens (regardless of how many times some news article quotes some 'expert' about how 'particularly clever' the idiot was), and that the really serious harm is being done by real pros who never leave a trace.
Scary...

Re:I get the very uneasy feeling...

[Tim+Doran]

inept, pimply-faced teens

Careful now - let's not invite JonKatz back into the picture...

I have your code now! Muhahaha!

[PlancksCnst]

All your code are belong to us!

Seriously, what's the problem?

[daniel_mcl]

As a good number of regular slashdot readers are no doubt aware, full source code to Linux, Apache, etc. is available to anyone and they are more secure than their counterparts for this reason. If access to the source code for Cisco routers makes it possible to write a whole bunch of backbone-targeting virii that would really drop my opinion of Cisco routers considerably.

If you actually read the article, the exploit was not big deal either; some guy just distributed a trojan'd SSH client to a bunch of people and collected their passwords and then ran a bunch of rootkits. Nothing to see here.

Re:Seriously, what's the problem?

[gregfortune]

Right, but the difference is that the maintainers for Linux, Apache, et all *know* the source is available. If a hole is discovered, it has to be fixed as anyone with the source may have already discovered it and might be prepping a 0 day exploit.

Cisco doesn't have to worry in the same way as no one else can see their code. There's less incentive to fix known potential holes and less incentive for Cisco to search the code for potential exploits.

Except....

So, yes. I'd be very surprised if Cisco routers couldn't be root'd by a capable hacker with access to the source.

Re:Seriously, what's the problem?

See, here's the thing. Apache and Linux were developed open soure. And they were hardly secure out of the gate. But they became secure against people with source code access, because they had to be--otherwise, they would have died. As functions were added, people found flaws proactively and fixed them.

Consider what would happen if, say Microsoft open sourced Windows. There is probably a lot of exploitable code in Windows that people simply aren't aware of. When they open source it, those flaws are exposed to the light of day, and people will begin fixing them. Over time, Windows will become more secure, just as Linux, Apache, etc., did.

But in the meantime--CHAOS! There would be a lot of code that might not be commonly looked at. Some people look through the code looking for patches. Others go looking for exploits. There will be a HUGE number of exploits initially before the "good guys" can patch everything.

And, in the Cisco case, it's even worse. The Cisco code isn't even AVAILABLE to the folks in the white hats who are willing to write security patches--it was stolen by folks looking for weakenesses to exploit.

So, basically, it's Cisco's engineers against the exploit writers in a race to find and patch any holes. I'm much happier with it being Cisco than Microsoft here, but still...

Re:Seriously, what's the problem?

[signingis]

As a good number of regular slashdot readers are no doubt aware, full source code to Linux, Apache, etc. is available to anyone and they are more secure than their counterparts for this reason.

But Cisco hasn't opened up their source. As far as we know only Cisco and the bad guys have this code. Cisco might not have all the bases covered when it comes to reviewing their code. It's possible that they had their code audited, but who knows?

[OT] Re:Did they steal the editor too?

[ackthpt]

What's a Thef????

You expect these things when someone begins a sentence 'More on'

One of my English profs explained the importance of thinking through sentence structure so as not to be phonetically or grammatically careless, i.e. 'Me and Jim went to the arcade' as it could sound like 'Mean Jim went to the arcade', proper grammar is 'Jim and I went to the arcade.'

Thus endeth today's grammar report.

Re:[OT] Re:Did they steal the editor too?

[unitron]

Excuse me, did you say Gemini went to the arcade?

Proper grammer is admirable, but it's no substitute for careful enunciation.

Re:[OT] Re:Did they steal the editor too?

You expect these things when someone begins a sentence [1] 'More on'[2]

One of my English profs explained the importance of thinking through sentence structure so as not to be phonetically or grammatically careless, i.e.[3] 'Me and Jim went to the arcade'[4] as it could sound like 'Mean Jim went to the arcade'[5],[6] proper[7] grammar is 'Jim and I went to the arcade.'[8]

[1] Missing preposition, such as "with".
[2] Missing period.
[3] Should use 'e.g.' (exempli gratia) instead of 'i.e' (id est) for examples.
[4] Should use double quotes.
[5] Same as [4].
[6] Missing period.
[7] Missing capitalization.
[8] Same as [4].

Re:[OT] Re:Did they steal the editor too?

[P3NIS_CLEAVER]

Grammer is definitly a two-edged sword.

Re:[OT] Re:Did they steal the editor too?

[Alien+Being]

"Proper grammer is admirable,"

Good spelling is overrated.

Re:[OT] Re:Did they steal the editor too?

[jim_redwagon]

grammer? I don't even know her!

Re:[OT] Re:Did they steal the editor too?

[Master+of+Transhuman]

Brains? Who needs 'em?

This is /.!

Re:[OT] Re:Did they steal the editor too?

Sunday's NASCAR race included one of the announcers saying, "Lets look at Jimmy Johnson's, Dick". He was referring to the Jimmy's punctured tire, but even my wife started laughing. The comma doesn't help when things are spoken not written.

Re:[OT] Re:Did they steal the editor too?

If anyone doesnt, I'm collecting them. I'll give you a free bottle of bawls, too.

Re:[OT] Re:Did they steal the editor too?

[unitron]

"Proper grammer is admirable,"

And proper grammar is even better!

Cisco VPN Client

[Malc]

Tell me again why our IT department insists on using this buggy Cisco VPN Client POS that causes me grief on a daily basis...

Re:Cisco VPN Client

[British]

Gotta love the Cisco VPN client. Version 4(think that's one) doesn't work at all on Windows 2k(at least to me). Falling back to version 3 has less-than-stellar performance.

I remember using version 4 on WinXP and hitting connect instantly rebooted my system.

Great joerb!

Re:Cisco VPN Client

I remember using version 4 on WinXP and hitting connect instantly rebooted my system.

Most likely it was really a BSOD, but the default in XP is to not show a BSOD, but just reboot without explaination. It works like a charm, just the other day people here were saying they hadn't seen a BSOD in years.

Re:Cisco VPN Client

[Hormonal]

I use the Cisco VPN client to dial in to work all the time. Used to use it under Windows XP, now I use Mandrake. Only drops I ever had were attributable to either my cable modem, or the POS Linksys cable router I was using.

Your IT department probably insists on using it because it works for most people. Did you think to look at your system, rather than blame it on Cisco?

Re:Cisco VPN Client

[Malc]

My original point was: our IT department trusts their networking security to a company that had their network broken in to. Yes I know, it happens to the best of them ;)

By far the biggest problem with the CVC is that when it starts failing to connect, one has to reboot to get it working again. Many around here will blame Windows XP for this, but AFAIC, Cisco could fix their product so that it's not a requirement. Unfortunately if a system goes in to a power save mode, when it powers back up >2/3 of the time it refuses to connect and the system has to be rebooted. This is really annoying for both me and my work colleagues who are all on laptops. I've pretty much got in to the habit of disconnecting before hibernating, but there are days I forget, or if I'm running on batteries it happens more frequently. This wastes so much time and causes so much frustration. How hard could it be to detect the power save mode and disconnect? (Hint: it's not). Really, for it to be decent Windows solution, they would make it look and behave like a standard dial-up networking interface, and then they would get a whole bunch of standard Windows features for free (like being in the logon dialog rather than popping up their own POS UI). Then of course if there's any other networking issue that causes of connectivity, one runs risk of it refusing to connect again and forcing a reboot. And no, this isn't just my system that experiences this.

There also little annoyances: why does the sign-in dialog only come up with just a little of the left edge showing on the right side of my primary monitor? The secondary monitor is on the left! Some brain-dead idiot and their ignorant assumptions had to go out of their way to do that - the default Windows behaviour would put it in the middle of the primary monitor.

I can go on and on about this. It's the bane of my life. I telecommute 100% of the time you see.

Moron Last Years Cisco Source Code Thief?

[freakmn]

I think the title sounds better when read out loud. I wonder if that was intentional? If so, it's pretty clever.

OK Mr. Anonymous Coward

[freakmn]

I've been watching you Mr. Anonymous Coward, and I just can't figure you out. Why are you having a conversation with yourself. You just replied to your own post, then replied to the reply. In the spirit of Moe Jaffe and Dwight Latham, you're your own grandparent. Why?

Re:OK Mr. Anonymous Coward

I was accosted by ninjas and forced to do their bidding!

Re:OK Mr. Anonymous Coward

Don't trust him. He's a liar.

Give me a fucking break

So let me get this right.

Compromised Cisco.
Compromised US Military systems.
Compromised NASA systems.
Compromised research systems.

And released to his parents custody?! WTF?! Extradite his ass and slam him with everything we've got. For fuck's sake, you get more prison time for a copyright violation than rape and this asshat compromises private and government systems and gets released to his parents?!?!?!

Something's rotten in Denma^WSweden. ::hides his Volvo::
-AC

Catastrophic apostrophic

[Ancient_Hacker]

"last years theft" : A theft, in the last years of Cisco "last year's theft": A theft, in the previous year. Apostrophes do make a difference.

Re:Catastrophic apostrophic

[Master+of+Transhuman]

A theft in the last years of Cisco.

Sounds right to me.

Re:Catastrophic apostrophic

If only any of us could get those past years back...

Mod parent up

Yeah, why exactly is source access such an inherent security risk? It seems the author of this article has bought into the corporate attitude of proprietary software secrets.

This is actually kinda funny

[Jetifi]

I mean, 'cybersecurity' bigheads are all worried about Terrorists disabling our Internet Infostructure etc., but in real life it turns out that any vulnerabilities that could be used to break into (e.g.) the JPL, White Sands, the DoD etc. have already been exploited by petulant teenagers.

So in this sense, the script kiddies of the Internet are kinda like an early warning system: it's almost certain that before someone with serious intentions finds a nasty flaw and uses it, it'll be discovered by some kid who will promptly boast about it on IRC.

How lucky we are that terrorists find themselves vastly outnumbered by people with too much free time on their hands!

Re:This is actually kinda funny

it's almost certain that before someone with serious intentions finds a nasty flaw and uses it, it'll be discovered by some kid who will promptly boast about it on IRC.

Heh, unfortunately that isn't quite true. Back when I was into some pretty illegal activities (about 5 years ago) I would write scanners that were ten times more sophisticated than the stuff you see even now. Only 2 or 3 people other than me ever even used my big guns. Script kiddies seem more damaging only because there are so many more but be warned, the big guns are well hidden. I have since quit that but unfortunately there are still others out there who have the knowledge I use to abuse.

Re:This is actually kinda funny

Yeah ok but if you read into it, this kid was posting the source to a russian site, and showing off to all sorts of people.

Imagine a terrorist who has a few thousand bored kids at his disposal. Keep them sweet with little incentives and cash donations they will work their little hearts out, AND WIN

More Source Code stolen for Routers

In other news, the source code for a different router/firewall technology was posted on the net: http://www.openbsd.org/cgi-bin/cvsweb/

Thef... I mean, Thief

[PlancksCnst]

I bet this guy's a /. reader.

not just Cisco!

[Heisenbug]

a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet.

Just wait until these guys see apache.org ...

open code is good, right?

Wait, isn't open source code good? At least, that's what slashdot has been telling me. My whole world is starting to fall apart -- sometimes it's good and sometimes it's not? I can't handle that level of complexity.

Re:open code is good, right?

[Master+of+Transhuman]

"I can't handle that level of complexity."

That's why you're on /., where complexity is never an issue (and good spelling always is.)

Re:open code is good, right?

[CrankyFool]

Gah, I should know better than to respond to trollers.

A) It's better to assume your code is open than to assume your code is closed; see "Security Through Obscurity;"

B) Code that is engineered from day 1 to assume it's open is less likely to have

/*
* Here, we assume that nobody knows that you can
* use 'feeb' as the alternate enable password
*/

Therefore, the fact that anyone can see the source code for Linux, Apache, and PHP isn't a big issue, but the fact that someone could see the source code for Cisco's IOS _could_ be a big issue -- because of their assumptions. It's quite possible of course that Cisco's coding standards say something like "assume a malicious hacker has access to this code," but it's also possible they _don't_.

John Markoff

[wackysootroom]

Note that this article was written by the person famous for creating the myth of Kevin Mitnick being a super hacker. Markoff is largely responsible for the fear and paranoia surrounding Mitnick and consequently his unfair prison experience.

His articles were full of lies and exaggerations back then so I would take this article with a grain of salt as well.

Re:John Markoff

Thanks for pointing that out. I need to start noticing the by-lines a lot more. Had I noticed ahead of time, I would have stopped reading the article.

Re:John Markoff

[halo8]

thank you so much for pointing this out, the articale seemed very fuzzy, now i know why.

Re:John Markoff

[tgrigsby]

Note that this article was written by the person famous for creating the myth of Kevin Mitnick being a super hacker. Markoff is largely responsible for the fear and paranoia surrounding Mitnick and consequently his unfair prison experience.

Kevin, we have a deadline, and you don't have time to be playing on /. Get back to work.

-- your boss

Re:John Markoff

[GrassMunk]

John Markoff is a hack. His articles are full of shit. He makes money off of the fear that others have. He should be banned from writting articles covering computers and hackers in general.

Re:John Markoff

You mean Mitnick isn't a lying, sleazeball?

Re:John Markoff

[Master+of+Transhuman]

Obligatory /. spellcheck: there shouldn't be a comma between lying and sleazeball.

Or did you mean this in the ebonics sense:
"You mean Mitnick isn't a-lying, sleazeball?"

(If I see this "Slow down, Cowboy" POS one more time, I'm gonna fill the fucktard who wrote that code full of 9mm hollowpoints. For an outfit that /.'s whole Web sites to bitch about a post in less than 2 minutes is fucking retarded.)

Re:John Markoff

[thulorn]

I've known Wren since college, and I share two (non-Berkeley) systems compromised by "Stakkato", and much of the article was spot on. The Cisco stuff I don't know anything about, but the hacker had broken into clusters at Berkeley and Caltech, and a private shared machine, and bragged about much much more. People we knew near Caltech security didn't say much, but indicated that the wave of breakins was in fact widespread and worrisome. IT people I know at Indiana University with TeraGrid connections also indicated at the time that much was going on. E-mails forwarded from the hacker showed much immaturity and petty malice, on top of deleting her home directory ("computer file directory" in the article.)

Oops, another friend closer to the action said the Cisco stuff is accurate too.

As for the powerbook in her lap, that was posed by the photographer. It was the UCB Unix machines which were hacked.

Re:John Markoff

It's more like he is a lying sleazeball, but then how does that compare to other things, and was he treated accordingly.

I've seen Freedom Downtime, read Takedown, read Markoff's books.... I think of Mitnick like a socially inept nerd who didn't grow up until quite late in his life (30+). He was a lying sleazeball, he may still be. Markoff lied obsessively about him though, and aside from 'nudge-wink-he-did-it' they couldn't pin a thing on him. It's nice to pretend to be all smart about what he did, but we don't know shit, and the punishment was ridiculous.

WHAT!!! she is NOT, i repeat NOT, *hot*

[keepper]

Damn dude.. get out more.. seriously, I hate to be an asshole, and wren, if you are reading this, well, dismiss me as an asshole.. but she is NOT hot by any definition of *hot*.

lim wren{hot} --> 0

take a look... http://www.ugcs.caltech.edu/~wren/

Re:WHAT!!! she is NOT, i repeat NOT, *hot*

[Pete]

Hey, I usually try not to judge people by photos, but she seemed pretty cute in the NYTimes photo. And she's probably smart. Just accept that some people could find her hot, but apparently not you. :)

Re:WHAT!!! she is NOT, i repeat NOT, *hot*

I'd fuck her.

Re:WHAT!!! she is NOT, i repeat NOT, *hot*

[keepper]

I guess so... :-\ hehe

Re:WHAT!!! she is NOT, i repeat NOT, *hot*

Pass the gravy!

Re: What are they doing..

[rakkasan]

Pron... fap fap fap.. review submission - quick edit.. browse for pron. fap fap fap..

I'm in deep trouble now aren't I?? oh well..

RTFA

[Anm]

She did taunt anyone. She recieved taunts. It was these taunts that lead the authorities onto the trail. More so, his anger came from monitoring emails to the sys admin where he was called a "quaint hacker". The messages were not taunts. They were not even directed at him.

Anm

Re:RTFA

[Master+of+Transhuman]

If I was this guy and got called a "quaint hacker" (is that anything like the "quaint Geneva Convention"?) by some asshole sys admin, I'd fry his whole system...

Best thing about source code leak

[mnmn]

If the code in its entirety is leaked to a real self-respecting hacker, he ought to port the thing to x86 systems, possibly building a network driver interface to linux's network drivers. Before you know it, there are dell machines routing packets using IOS 12.4.

Hopefully that will motivate someone to build an IOS clone on an OpenBSD or NetBSD subsystem for multiple architectures...

mmmmmmmm IOS source code *drool*

Re:Best thing about source code leak

It's called Zebra, go look and enjoy.

Re:Best thing about source code leak

[Master+of+Transhuman]

Since IOS seems to consist of a brain-damaged circa-1965 UNIX clone with a command-line only a router engineer could love, I'd say it shouldn't be too difficult to implement it after taking a one-semester course in BASIC...

Their machines are basically 33MHz 486's with 8 or 16 MB of RAM, some interface chips and some ASICS.

If it wasn't for the ASIC chips, Cisco would have been out of business years ago.

Re:Best thing about source code leak

[dago]

well, if it's the IOS version available on P2P networks, that's 11.2, not very actual.

Re:Best thing about source code leak

Wrong. The IOS code won't run on a "little endian" (ie. x86) architecture so forget about a hacking a BASIC emulator for Windows/Linux. You need a RISC or PPC.

theft

surely you mean copyright infingement ?

I mean, the code was still there for cisco to use..right ? all that was done was to make an unauthorised copy of it ....

Re:Contradiction? Sorta.

[RealProgrammer]

As odd as it sounds, both are correct. A sophisticated intruder could compromise security with the stolen code. Or not.

But for the sake of argument, suppose they do find flaws in Cisco's code. An exploit shows up on rootkit.org or someplace. It should be apparent from the exploit which flaws they're using, and so Cisco cleans up the flaw. In the long run, customers are actually safer.

It's sort of a backasswards way to open source your code.

I wouldn't believe everything in this story.

Note that this article is by John Markoff, who has established a history of trying to milk arrests of people for his own personal profit, by not only sensationalizing security breeches, but assisting authorities to the point of being on site during the arrests, and doing book and movie deals afterwards.

Don't confuse this story with independent journalism; Markoff is out to make a mint here, however he can.

Markoff reportedly was pissed of at Kevin Mitnick for spurning a movie deal, and later set himself up to write "the Kevin Mitnick story", earning over a million dollars in the process.

Here's a link: http://www.labmistress.com/kevins_story.php

So one really has to wonder what the Truth is here, and whether Markoff is just trying to screw over some teenage kid in Europe in order to make another million off of it.

So I'd take anything that John Markoff has to say with a LARGE grain of salt. The same goes for the New York Times, which has officially encouraged this practice.

The real truth is probably out there; but I wouldn't expect to hear it from either John Markoff or the NY Times.

no reg for nytimes ?!?!

The biggest news here: the nytimes has a free, no reg required article!

We got hit.

[glockenspieler]

My laboratory was hit. We're all linux machines. Turns out that I still had an account on a system at Stanford where I was faculty and I transferred some files via scp to my machine at my current university. 4-5 days later, i see some logins from Stanford to my machine but I because I had been using the Stanford account recently, it just didn't register.

One day later, I'm on another lab machine using my lab /home directory (different from my main machine) and i notice a program (it was either brk.c or dobrk.c I think) that was on an unpatched system, allowed a priviledge escalation. I switch to root and look at the history and see a command to stop recording the command history but he (and the article indicates the person is male) misstypied it so i could see that he logged into this machine from mine, grabbed the source code for the exploit from a warez site, compiled, ran, got root, and just tooled around a little.

Because our machines are pretty isolated and don't have any hint of financial stuff, he seemed to just drop it. I called the sysadmin at Stanford, turned out that on a machine with over 500 accounts (i won't say which department), the machine had been rooted about 2 months prior and every password was being captured during that time. The breakin was tracked back through a couple of departments, then back to University of Michigan, then to Uppsala.

Three valuable and perhaps obvious lessons here. Local priviledge escalation exploits are important even if your system has very few users. Keep your system patched (duh...), and remember, if you log onto your machine from another, ask yourself "What do I know about the integrity of this machine?". I really assumed that my stanford account was pretty secure and so I didn't even think about logging from that machine to my current one. No more.

The other interesting thing was that the local exploit used on my machines was announced well after the Stanford machine was hit. I don't think I ever heard of how that machine was comprimised.

Re:We got hit.

[s.d.]

it was probably dobrk, that was one of the vulnerabilities the attacker(s) used last year to root systems.

see http://xforce.iss.net/xforce/xfdb/13880 (this was the 1st google link i saw, there are probably others with better information but i'm lazy).

Re:We got hit.

Because our machines are pretty isolated and don't have any hint of financial stuff, he seemed to just drop it.

The attacker wasn't after financial information. He wanted resources - specifically supercomputing systems or systems that would lead to them. The ironic thing is that the chain of systems the attacker followed lead right in to the creamy goodness of Cisco's internal network. My impression was that this was entirely unexpected. Also, keep in mind that IOS source code has value other than the obvious financial angle.

Re:We got hit.

[saleenS281]

And just think... some random swedish teenager had access to all those 0days. Imagine what people with real connections, or even the people writing this stuff have access to. Gives you more than a little reason to be paranoid.

Re:We got hit.

[starfishsystems]

Turns out that I still had an account on a system at Stanford where I was faculty and I transferred some files via scp to my machine at my current university.

...

Remember, if you log onto your machine from another, ask yourself "What do I know about the integrity of this machine?". I really assumed that my stanford account was pretty secure and so I didn't even think about logging from that machine to my current one.

The key principle is that security is not inherently symmetrical between any two systems. The communication itself between those systems may be secure, but that is independent of the security of each system.

Thus, a remote login from Uppsala to Stanford is not the same as a remote login from Stanford to Uppsala. It's not a deficiency of the remote protocol, but a consequence of different organizations being responsible for the two systems.

This same observation also explains how to manage digital certificates for best security. I've been involved with a number of institutions which generate X.509 certificates for use by their members. The typical implementation is for the institution to provide a web page where the user supplies identification values and a certificate passphrase, from which the system generates a signed certificate and mails it or otherwise presents it to the user.

Such an implementation, while convenient, throws away the two main factors which makes certificates more secure than bare passwords, namely the privacy of your private key and the privacy of its passphrase. The correct way to get a signed certificate is to (a) generate the certificate request in your own secure environment, (b) keep the resulting private key and its passphrase in that environment only, (c) send the public key off as the request to be signed.

Re:We got hit.

[natet]

One other thing you should be aware of: Pull, don't push, data. In other words, don't log into a remote system and then use scp to send the data back to your system. That exposes your password on your local system to the remote system. Instead, use one shell window to find what you want to get, then open a separate shell window on your system to pull the data from the remote system, or use any one of the many graphical SCP clients to log in, navigate around, and pull data back down.

I have seen several incidents where the former pattern was used and it resulted in a compromise of the users password. The lab where I work has gone to 2 factor authentication to make exploiting this pattern more difficult, but with session hijacking, it is nearly impossible to eliminate.

I also want to point something out to those that have been critisizing Cisco's network security. The failure wasn't on the Cisco side of things. The actual security breach happened on a network 1 or more hops away from the Cisco network. As far as Cisco was concerned, a legitimate network transaction was happening. Someone with valid credentials logged on to the system, and until they do something out of the ordinary (install a root kit, scan the network, etc...) they are virtually undetectable, as they don't differ from normal valid network usage.

Re:Special Cisco Part numbers for you

AL-0300-25468NA -- Tinfoil Hat Feature Set, North America

routing security

[delirium+of+disorder]

What's really sad is how many admins don't change the IOS "enable" level account from its default of "cisco". If we cared about the security of large IP networks, we would really be working on and using openbgpd anyways.

http://www.openbgpd.org/

Errors here are getting ridiculous...

...and hurt the writer's credibility.

"Last Years"?

That's "Last Year's".

Completely different meaning.

Duh.

Conspiracy...

[Rainbird98]

Is it just me or is the timing of this article suspicious. Cisco reports earnings after the bell today!

Spell it right

It is:

More on Last Year's Cisco Source Code Theft

give the year its apostrophe!!!

In other news...

"Programming instructions" for machines that power much of Internet already available.

All is well now!

Wren now has a Mac Powerbook which makes her feel
safe and secure. ( see the NYT photo )
This story does have a happy end!

Quote?

[Rollie+Hawk]

The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet.

If you are going to lift your entire submission from a story, you could at least identify it as a quote.

Programing instructions?

[Myolp]

...an intruder seized programming instructions...

Did he steal the manual? That doesn't sound very exciting.

Hang on....

.. it's not that different....

It's like having mice

[swb]

...the one you see running across your living room is the stupid one that isn't doing any damage and will probably win (or lose!) the Darwin award by stepping into a trap.

It's the SMART mice eating the food in your cupboard and breeding in the walls that you don't see you have to be concerned with.

The same comments apply to serial killers. The dumb ones get caught, the smart ones are scary.

Re:It's like having mice

[Master+of+Transhuman]

Heh, heh, let me tell about one stupid blind mouse...

In a former living quarters (too disgusting to describe), I'm laying on my bed and I look over and see this mouse come out a hole in the wall next to my bed, ignore me, walk down the wall, turn the corner into the bathroom.

"Okay, smart ass, I got your ignore right here!", says I.

I take out a glue trap, put it right at the corner to the bathroom.

Sure enough, five minutes later, El Stupido comes waltzing around the corner following his nose whiskers as mice do and walks right into the glue trap.

I break his fucking neck with a broom handle.

Darwin wins again...

Hmmm...

[phorm]

Let's see here:

Their systems were broken into, and the code in question was taken without permission. Yes, it was stolen, and this was theft. There's a difference between this and downloading songoftheday.mp3 from a perfectly willing uploader. In this case, the person you are copying/taking the file from is willing, it's a third-partly that is being "infringed" upon. Now if you hacked the RIAA servers, found a cache of mp3's - perhaps for some unrealeased CD's or whatever - and downloaded them to your home machine... that would be wandering a bit more into the area of theft.

Sorry, but the concept that you can steal from somebody who doesn't retain the final physical product just doesn't work very well...

Re:Hmmm...

So far you have criminal trespass (or whatever the computer equivalent is) and infringement, but still no theft.

Also, there really is no difference between this and downloading songoftheday.mp3 unless you want to say only the original uploader of songoftheday.mp3 is a thief and everyone else is just an infringer. What about the people who downloaded the leaked code, are they thieves or infringers?

While I applaud your lame attempt at a meta troll, I must say, your warped ideology does not make it theft.

More Info

[arodland]

is this "More On Some Topic", or "Some Topic for Morons"? Looks to me like someone just submitted a mainstream news article which dumbs everything down and pisses off slashdotters in the process.

Books on how to hack Cisco routers

[Animats]

In other news, there are reports of books on "CCNA Certification" which tell hackers how to take control Cisco's internal router software.

Re:Books on how to hack Cisco routers

[dillzz]

Is anyone really shocked about this statement?

Re:Books on how to hack Cisco routers

[Master+of+Transhuman]

Yes, I'm shocked anybody thinks a CCNA can control a Cisco router...

In a fit of Anger...

[PhraudulentOne]

...Stakkato had erased her computer file directory

This is why you need MORE THAN ONE "Computer File Directory." If she was smart, she would have had a false "Computer File Directory" with fake "computer files" (could they be files that weren't for a computer?), and a secret hidden SECOND Directory for all her important "computer files." That would fool that sneaky hax0r. He would probably never suspect a second "Computer File Directory."

CSCO is reporting today at 16:30

The timing of this piece is suspect.

IOS

I found cisco IOS software on eMule a few months ago.

It was indeed CISCO software, as I was able to verify it.

Re:IOS

Is this being modded down because we are hoping people won't go to eMule to get the software?

Or because you don't think the poster can verify it?

Re:t

I believe it was in reference to the fact that the last word in the headline was initially posted as "Thef." Not that the grandparent poster didn't sacrifice some, erm, elegance in exchange for expediency, but it makes some sense, at least.

Clutching a Powerbook?

One of the people who got hit is shown in a picture holding a powerbook. Does this mean that an Apple computer got rooted, or is that just a journalistic license to have her hold a computer, which just happens to be a pb. I understand that MacOS X has ssh installed on it, but wouldn't it be a different binary, therefore not succeptible to the hackers tricks?

RTFA

[geekee]

" As a good number of regular slashdot readers are no doubt aware, full source code to Linux, Apache, etc. is available to anyone and they are more secure than their counterparts for this reason."

From the article:
"The crucial element in the password thefts that provided access at Cisco and elsewhere was the intruder's use of a corrupted version of a standard software program, SSH."

Not sure which version of ssh, but this illustrates that Unix is no more secure by design than Windows or anything else written in c.

well...

[KZigurs]

1) If you have access to some anonymous router you can have a totally clean trace while hacking into your next target. Think ssh over http to router and root at .gov from there.
2) A lot of machines on a typical network usually authenticates or restricts users based on their network location. Voila, you just gained an easy access to that very secret intranet page.
3) With access to router you are now in demilitarized zone. Think 3) Profit!!!.
4) Ever wanted to intercept people's pop3 passwords? With usual password use patterns it's a golden pot. Welcome, my root.

And this is just the beginning.

Over Specialise

[OneArmedMan]

Said it before and i'll say it again..

Over specialise and you bread in weakness, its slow death ....

be it DNS server's, Web servers or Routers, if you only run the one type ... and there is a exploit for it , your stuffed..

Have a bit of variety and you should be *mostly* ok.

If only

router#conf t
router(config)#exec-Internet-meltdown
router(c onfig)#This will screw the entire Internet. Are you sure? [Y]
router(config)#Y
router(config)#end
router# debug meltdown
15:00:02 starting evil-BGP process
15:00:03 now routing packets to random destinations
15:00:26 evil-BGP process start request on adjacent routers. (success on 5 of 5 adj. routers. Propagating request......)
15:15:03 Warning: Internet is screwed. Please reload all routers to fix the Internet. :-)

Since the source is pass protected

[emAugust]

Does anyone recal that website that provides free passwords for newsites that require them? It was linked somewhere on here a few days ago.