Slashdot Mirror
Lynn Settles With Cisco, Investigated By FBI
Following up on yesterday's story, daria42 writes "Security researcher Michael Lynn has settled a dispute with Cisco over his presentation on hacking the company's routers, which was given at the Black Hat security conference in Las Vegas this week. The two parties and Black Hat organisers have agreed not to further discuss the presentation, which contained techniques Lynn said could bring the Internet to its knees." Not all is good news, though. jzeejunk writes "The FBI is investigating computer security researcher Michael Lynn for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them."
The real issue at hand, at least with Cisco router owners, is not the fact that Lynn released information concerning the exploit, but the fact that Cisco would not tell anyone about it. Time and time again has shown how security through obscurity is not real security, especially when Cisco's source code had been stolen.
The reality of it is that Cisco fixed the exploit last April with a patch and no longer offers the vulnerable IOS for download on their site. The problem with that though is that they did not inform anyone what the patch fixed and who needed to download it. Most people who are vulnerable to this attack are those who have not updated to Cisco's version as of April (which are a few I'm sure. No point on upgrading a working system with a patch that could break you.)
The real problem is Cisco and their disregard to release information over a severe vulnerability in order to press forward their new OS next year.
I'm a virgo and on Slashdot. Coincidence? Yes.
HELLO WORLD
60691 60691
HELLO WORLD
41529 41529 37391 37391 16079 16079 00583 00583 28145 28145 10248 10248
65200 65200 54451 54451 61814 61814 71645 71645 89370 89370 83390 83390
83850 83850 35222 35222 82600 82600 32861 32861 14891 14891 84629 84629
98985 98985 62184 62184 78713 78713 69353 69353 67395 67395 47211 47211
04383 04383 03368 03368 19687 19687 63126 63126 75503 75503 60948 60948
21683 21683 71130 71130 24901 24901 14226 14226 49885 49885 29738 29738
15491 15491 63673 63673 71613 71613 53775 53775
K-BYE
I found this linked on Nick84's site (http://www.rootsecure.net/): http://www.infowarrior.org/users/rforno/lynn-cisco .pdf
If I'm correct, it's the slides that were taken off of the hand out cd.
Another link from a Wired article:
http://cryptome.org/lynn-cisco.zip
Irongeek's Hacking Videos / Security Videos and Articles
"There's no arrest warrant for (Lynn) and there are no charges filed and no case pending," Granick said. "There may never be. But they got a complaint and as a result they were doing some investigation."
In other words, probably not really in trouble with the FBI.
The world's only surviving livewriter.
Why didn't he blow the whistle to the US-CERT, then? Yeah, this is a good idea, let's present it at a Black Hat convention. Jeez
Do you have any idea who is at Black Hat these days? It is a huge security convention sponsored by hundreds of major computer and security vendors, even Microsoft is a sponsor. Heck the Department of Defense, the Army, West Point, Stanford Law School, etc. all had people giving presentations. If you want to get the word out when a major threat is being ignored, blackhat is a pretty good place to do it. It seems to have worked, don't you think?
Further, Lynn himself admitted that the vulnerability had already been patched by a Cisco update.
One specific buffer overflow vulnerability was patched. But Lynn's presentation was a general approach to exploit any buffer overflow, with dire consequences. There is likely more exploitable code inside those routers; it's just a matter of time before some is found. At that point Lynn's attack could be executed.
Crafted IPv6 packet vulnerability.
5 0729-ipv6.shtml
s p
http://www.cisco.com/warp/public/707/cisco-sa-200
http://www.eweek.com/article2/0,1759,1841669,00.a
Upshot is that if you aren't running IPv6 on the router, this doesn't affect you.
I've been writing letters to my Congressman and Senators about the DMCA for some time, but they're not listening.
One day people in this country will realize that congresscritters and senators don't listen to their constituents anymore, and they haven't done so for a very long time. Mostly they listen to corporations and their lobbies.
I'm glad you still have the proper democratic reflex a citizen should have when confronted with issues, but really you should realize "writing to your congressman" nowadays amounts to pushing a button that's been disconnected.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Except he disclosed no such information.
A Pirate and a Puritan look the same on a balance sheet.
Cisco Internetwork Operating System (IOS®) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
PDF:
Lynn-cisco.pdf"
In the mean time, time to do a Freenet search for his paper. I can't believe all of the copies were destroyed.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
In other words, give Cisco the opportunity to explain that patching vulnerabilities in major commercial vendor-supported code isn't just something that happens instantaneously.
He gave Cisco *FOUR MONTHS* to fix it, which is hardly "instantaneous".
Cisco Internetwork Operating System (IOS®) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
You are being MICROattacked, from various angles, in a SOFT manner.
I could see your argument if this fellow was in Canada, because here, some publications are banned because they promote hatred, or instruct people on how to commit illegal acts.
As the FBI is investigating, I presume this is the USA. That's where companies like the well known Paladin Press are. For those that don't know, they publish some very weird stuff. They publish books on subjects like Improvised Explosives, weapons conversions (making a semi-auto into full-auto), improvised silencers, as well as how-to's on electronics for Surveillance and sabotage. Since they're still advertising in the back of various hobby magazines, I presume they're still legal in at least some states.
What I find weird is, if stuff like that is still legal why would something like this be an issue? This is pretty lightweight stuff by comparison.
By the way, being "investigated" doesn't mean anything. Law enforcement agencies around the world "investigate" useless crap all the time. All it requires is someone filing an official complaint and it has to be followed up. You can't infer guilt just because the police want to talk to someone.