Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Patches 'ExtraBacon' Zero-day Exploit Leaked By NSA Hackers (dailydot.com)

Posted by BeauHD on from the zero-day dept.

Patrick O'Neill quotes a report from The Daily Dot: After a group of hackers stole and published a set of NSA cyberweapons earlier this week, the multibillion dollar tech firm Cisco is now updating its software to counter two potent leaked exploits that attack and take over crucial security software used to protect corporate and government networks. "Cisco immediately conducted a thorough investigation of the files released, and has identified two vulnerabilities affecting Cisco ASA devices that require customer attention," the company said in a statement. "On Aug. 17, 2016, we issued two Security Advisories, which deliver free software updates and workarounds where possible." The report adds: "An unknown group of hackers dubbed the Shadow Brokers posted cyberweapons stolen from the so-called Equation Group, the National Security Agency-linked outfit known as 'the most advanced' group of cyberwarriors in the internet's history. One of the cyberweapons posted was an exploit called ExtraBacon that can be used to attack Cisco Adaptive Security Appliance (ASA) software designed to protect corporate networks and data centers. 'ExtraBacon targets a particular firewall, Cisco ASA, running a particular version (8.x, up to 8.4), and you must have SNMP read access to it,' Khalil Sehnaoui, a Middle East-based cybersecurity specialist and founder of Krypton Security, told the Daily Dot. 'If run successfully, the exploit will enable the attacker to access the firewall without a valid username or password.' ExtraBacon was a zero-day exploit, Cisco confirmed. That means it was unknown to Cisco or its customers, leaving them open to attack by anyone who possessed the right tools."

21 of 100 comments (clear)

  1. Oh, really? by Anonymous Coward · · Score: 3, Interesting

    ExtraBacon was a zero-day exploit, Cisco confirmed. That means it was unknown to Cisco or its customers, leaving them open to attack by anyone who possessed the right tools.

    Yeah, sure, because Cisco has never co-operated with any of the TLAs in the past.

  2. I dont know about all that by Anonymous Coward · · Score: 5, Funny

    But I support anything related to bacon

  3. Q4 earnings, layoffs by Anonymous Coward · · Score: 2, Interesting

    Lovely timing with their earnings report. Hope they don't need those 14K/20% of workforce employees now...

    Seriously: Fuck Cisco. I hope their stock value plummets. I'm tired of this fucking fuckery.

    I will take my damn extra bacon though, cause bacon.

  4. Many on Slashdot can say, "I told you so" by TomR+teh+Pirate · · Score: 5, Insightful

    In past posts on Slashdot, the idea that the government should have backdoors into various systems that would allegedly be used only for legitimate criminal investigations. The security experts poo-pooed the idea, saying that all manner of things would go wrong, and this appears to be the day of reckoning. The government of course claims that this would never be a problem.

    Security researchers 1, NSA 0

    Is anybody here really surprised?

    1. Re:Many on Slashdot can say, "I told you so" by WolfgangVL · · Score: 2

      Can the wider US intelligence community fully trust raw data gathered by the NSA? Could massive budgets sway back to the CIA, FBI for a more secure approach or a massive expansion of other global signals collection efforts be considered? A shift in decades of post Vietnam political patronage..

      Will all past product have to be reevaluated? Will other US agencies suggest they can do better and request their own new collection budgets?

      Find out next week, in another exciting episode of "Real Government Shinagigans"

      --
      You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
  5. Re:Hackers stole a set of NSA cyberweapons by Anonymous Coward · · Score: 5, Insightful

    Yes I do believe it. Snowden was no super spy. He was a mid level IT grunt and he took everything including their lunch money. That means that spies with real training and skills, like the FSB, are walking out with arm loads of top secret stuff every day.

  6. So... by sshir · · Score: 4, Interesting

    NSA _and_ Russians had access to to all thus firewalled networks for 3 years... Should Cisco and it's customers start lawyering up?

    1. Re:So... by bill_mcgonigle · · Score: 2

      NSA _and_ Russians had access to to all thus firewalled networks for 3 years... Should Cisco and it's customers start lawyering up?

      Are you serious? The entire point of a government is that they can do things that are illegal for everybody else (ostensibly because they are morally indefensible actions) and never face any consequences for their actions. Everything else is just various arrangements of that maxim.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  7. Well, it's convincing evidence by Anonymous Coward · · Score: 2, Insightful

    that the data files are indeed genuine. Cisco may have known about this for years, maybe not, who cares? Fact is, Cisco has confirmed that the exploits relating to them are genuine.

    This convinces me that Linus' rather blase' attitude towards security needs to be readdressed. Linux is the most widely-used Open Source OS for DIY and newcomer switch/router/firewall vendors. Linux can pretty much chown the market, if it can be reliably secured. OpenBSD is the next potential OS, but it's slower and the Book of PF simply doesn't go into the kind of details that Linux' Netfilter books do.

  8. No security through obscurity: We need source code by chris2net23 · · Score: 4, Insightful

    I can't begin to take people seriously who talk about security if they don't get the basic gist that in order to build a secure system you must release the complete set of corresponding source code. Security is not something you can just bolt on after the fact. You don't get security simply by releasing the code. But without it you can't design a secure system. This is why all Intel and AMD systems are fundamentally flawed. We don't have the complete set of source code to critical secondary processors which have complete access to everything else. And what does the code on these secondary processors do? They include a lot of bloat including remote control functionality. It's not a secret. It's a back door in plane sight. They make it really easy to write off the back door as a feature, but it's clearly not to anybody who has even a remote understanding of the dangers here. You can't disable it. You can't design a system without it. You're simply screwed if the a high legal intelligence agency wants access to your computer and they haven't got some other means of obtaining said monitoring. It's not something that is going to be used lightly- because they it would become apparent. No. They'll utilize other tools for mass-spying. But for those that actually utilize GPG and similar it's a serious security threat.

  9. Re:Hackers stole a set of NSA cyberweapons by TigerPlish · · Score: 5, Insightful

    Does anyone here really believe this cyber bullshit?

    Yes, yes I do.

    Rationale being: "Government is inept at best and criminal at worst. A happy medium is they being criminally inept. NSA is a Government agency, ergo all the batshit insane ineptness that infects the Government also infects the NSA"

    So yes, I believe the NSA got owned, and now begins the rearranging of deckchairs. A few people will be fired or otherwise disposed of, new techniques and tools will be developed, and life will be back to its nefarious normality again.

    But for now, grab your bacon, popcorn and intoxicant of choice, sit back and watch! This may be the best damn show of our age!

    (or it may be a brilliant piece of mis-direction, which would not make it any less real, just thornier and harder to decipher)

    --
    The "Civilized World" jumped the shark ca. 1973.
  10. Auction? by sshir · · Score: 2

    Does anybody know what's going on with that auction? Because it seems now that those crazy hackers do have some serious goods on them...

    1. Re:Auction? by BoRegardless · · Score: 3, Funny

      Is this the "ONLY" bacon exploit those hackers have, or do they keep the juicy bacon hidden from the 'Criscos' of the world.

    2. Re:Auction? by AmiMoJo · · Score: 3, Insightful

      The auction is just to humiliate the US and the NSA. Looking at the file dates it seems likely this data was extracted back in 2013 and presumably the exploits have been in use since then. For political reasons they have decided to go public now.

      The auction is just to give a bit of cover and extra embarrassment that common criminals in it for the money, rather than another nation state, were able to hack the NSA.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  11. Re:Hackers stole a set of NSA cyberweapons by sjames · · Score: 2

    It's funny how fast this can become this.

  12. Re:Hackers stole a set of NSA cyberweapons by calexontheroad66 · · Score: 2

    This thing of the government being inept, have you seen private bureaucracies at work?
    Big corporate bureaucracies are as inept most of the time as state bureaucracies. The moment you have an organization with more than 100 people and company policies or laws start to encroach and accumulate to prevent abuses or set preferred policies then as time goes by you'll see a mismatch between desired outcomes and real outcomes.

    Now, the problem is that at this point incremental improvements in productivity, technology or administration require ever more resources to be accomplished, this means that big bureaucratic tend to be the norm in both private and state organizations.

  13. I'm unclear why this is considered 0 day by breagerey · · Score: 4, Informative

    The exploit is specific to ASA software versions 8.0 - 8.4
    8.5 was released in March of 2012.
    The current version of ASA software is 9.6
    http://www.cisco.com/c/en/us/t...

    Why would anybody still be running 8.0 - 8.4 ??

    1. Re: I'm unclear why this is considered 0 day by bsDaemon · · Score: 3, Insightful

      Because their network is working, they don't need new features and they either don't have time, care or requirements to check security notes when they are released? "If it isn't broken, don't fix it" can be a powerful drug.

    2. Re: I'm unclear why this is considered 0 day by t0rkm3 · · Score: 2

      Huh?

      I've upgraded a metric shit ton of ASA's (~1500) from pre-8.3 to post 8.3 way back in the day, and I am fairly certain that only two failed to correctly migrate their NATs.

  14. Re:Hackers stole a set of NSA cyberweapons by cavreader · · Score: 3

    "Who but the NSA or possibly GCHQ would produce this" How about the FSB, Mossad, MSS, ISI, or DSG for starters?

  15. News? by sshir · · Score: 2

    Interesting note: There are no frontpage articles about NSA hack among major American news outlets. It is/was on BBC, Guardian, etc. But not on CNN, WSJ, NYtimes...

    Hmmm....