NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

7.30.2005

 
Defcon 13 Presentations - More Soon

posted by GeeWhiz Saturday, July 30, 2005

 
Posted for Geewhiz:

Dr. Linton Wells, DoD Chief Information Officer, Assistant Secretary of Defense, Networks and Information Integration, gave a great talk on the shifting nature of defense information systems. Topics included the use of commercial off the shelf (COTS) versus government off the shelf (GOTS) software, the criticality of supervisory control and data acquisition (SCADA) systems and the evolving threat faced by defense information systems. In concluding, Dr. Wells issued an open call for assistance in the information operations of defense systems and a request for a reduction in “noise” present on defense networks. The condor of his presentation was a welcome evolution in the (occasionally uneasy) relationship between the security, insecurity and government communities.

and...

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:

* Asynchronous stateless TCP scanning with all variations of TCP Flags.
* Asynchronous stateless TCP banner grabbing
* Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
* Active and Passive remote OS, application, and component identification by analyzing responses.
* PCAP file logging and filtering
* Relational database output
* Custom module support
* Customized data-set views

posted by arkng Saturday, July 30, 2005

 
Hyper-Threading Considered Harmful from GeeWhiz

posted by Brenda Saturday, July 30, 2005



7.29.2005

 
Here is the actual presentation that got Mike Lynn in trouble "The Holy Grail: Cisco Shellcode and Remote Execution"

posted by Theobromine Friday, July 29, 2005

 
Tom's Hardware has Published Significant Details on Michael Lynn's Cisco Presentation at Black Hat from Lance

posted by GeeWhiz Friday, July 29, 2005

 
Cisco Security Advisory: IPv6 Crafted Packet Vulnerability

posted by Brenda Friday, July 29, 2005



7.28.2005

 
Victory for Cisco-Censorship - Michael Lynn has agreed to turn over all materials relating to his Cisco research and to not discuss the presentation he gave Wednesday in exchange for Cisco to the drop charges against him. Cisco will release an official advisory soon, possibly tomorrow.

Black Hat USA 2005 Presentations (54MB Zip)

posted by GeeWhiz Thursday, July 28, 2005

 
Hands-on Honeypot slides - Maximillian Dornself has posted links to the BlackHat Hands-on Honeypot class, that he and Thorsten Holz presented, here.

posted by joat Thursday, July 28, 2005

 
"What politicians are talking about when they talk about the Digital Pearl Harbor is a network worm," he said. "That's what we could see in the future, if this isn't fixed."

Mike followed the rules of "responsible disclosure" but Cisco did not. This entire fiasco has proven that Cisco does not care about infrastructure security. Cisco refused to let the public know about a critical remote execution flaw in IOS and for this they should be liable. The major ISP engineers have expressed support for Mike via the NANOG list. More from Wired.

Read Cisco's Response to Mike Lynn's Presentation

posted by GeeWhiz Thursday, July 28, 2005



7.27.2005

 
Michael Lynn's "The Holy Grail: Cisco Shellcode and Remote Execution" presentation blew the doors off of Caesar's Palace Today with a full shell code exec capabilities for nearly ANY Cisco vulnerability. If your organization hasn't updated any Cisco IOS-based devices lately, the devices may be under someone else's control.

The story from Michael Lynn proceed like this: He discovered clues that there was an issue being exploited when reading translated Chinese hacker sites that alluded to the issue. It was likely discovered after the theft of the Cisco Source code in May 2004 which was itself part of a larger series of intrusions. Upon further research leading to the development of working proo-of-concept code, he and his former employer ISS notified Cisco. Cisco patched the issue silently in April but never issued an advisory as to the seriousness of the issue. Cisco has since pulled all older, vulnerable versions of IOS from it's web site. After discovering that ISS was allow Lynn to present on the issue, Cisco CEO John Chambers attempted to censor the issue. When ISS stood it's ground, John Chambers requested that the US Government intervene as a matter of national security to no apparent avail.

The popular press is starting to pick up on the issue now and I hear rumour that Michael's presentation MIGHT be made available in video via the Washington Post web site tomorrow.

posted by GeeWhiz Wednesday, July 27, 2005

 
Need to earn an easy few hundred dollars? Just report a previously unknown software vulnerability to either TippingPoint or its rival iDefense. The more you report, the more $ per vulerability you can earn.

Russian spammer found murdered in his apartment. Probably beaten to death by an end user tired of being inundated by viagra email.

posted by Theobromine Wednesday, July 27, 2005



7.26.2005

 
Michael Lynn, the author of Airjack, was to Present Tomorrow at Black Hat on "The Holy Grail: Cisco Shellcode and Remote Execution". Unfortunately, his presentation has been literally cut out of the Black Hat book and the Compact Discs withdrawn from distribution. It'll be interesting to see what he is able to say tomorrow or if he is able to say anything at all. Perhaps Michael Powell's Infamous Ninjas finally acheived their objective?

posted by GeeWhiz Tuesday, July 26, 2005

 
Not directly security related but interesting none-the-less. For the wireless freaks - Microsoft has a new service that uses wireless networks to rival GPS.

By using specially outfitted autos, Microsoft has collected the MAC addresses of wireless networks all over the U.S. and placed them into a database that Microsoft believes can act as an alternative to GPS to give positioning information. Users will be able to locate their position to within 30 metres.


posted by Theobromine Tuesday, July 26, 2005

 
SecurityForest - Exploitation Framework

posted by GeeWhiz Tuesday, July 26, 2005



7.25.2005

 
SMART Anti-Forensics by Stephen McLeod

posted by GeeWhiz Monday, July 25, 2005





This page is powered by Blogger.
Site Meter Locations of visitors to this page