 |
|
| CURRENT SECTION :: News |
The No. 1 Resource for UK IT Contractors: Comprehensive guides - Daily news IT contract jobs - Market rates - Forums - IT contractor network - Calculators |
|
 |
A software flaw that could let an attacker control Cisco routers that direct traffic across the internet has sparked a global push from hackers to fully declare the vulnerability, in a gesture of defiance against the US technology giant. The flaw, which has been the talking points of two recent IT conferences in the States, was discovered early last week, but has received fresh momentum after Cisco tried to silence the external researcher who detected it. Security expert Michael Lynn told a Las Vegas conference last week that bugs affect how the Cisco software, responsible for about 60 per cent of net traffic, handles the next-generation Internet addressing scheme - IP version 6, but quit his job at Internet Security Systems (ISS) to do so. After speaking at the Blackhat Defcon security conference, Mr Lynn and the organisers were slapped with a legal order from Cisco Systems and ISS, effectively barring the duo from ever revealing any other details about the flaw. This is in spite of Mr Lynn’s preparedness to stand down from his full-time research job at ISS, and his co-development of a patch with Cisco to fix the vulnerability. Lynn is said to have quit ISS so he could speak more freely about issues he deemed pertinent to the public interest. Employees at Cisco however went further in trying to limit the flow of information about the software problem, by confiscating CD copies of the talk and deleting slides of the flaw, as well as rounding up all known recordings of Lynn’s speech at the conference. A spokesperson for Cisco Systems said the subsequent legal muting was a result of a security professional choosing to pursue the internet issue “outside of established industry practices.” Yet the company’s actions appear to have backfired, as the details of the flaw are luring hackers to develop a thorough understanding of the potential exploit, fuelled by the knowledge that code can now be run on Cisco routers. According to Reuters, hacking communities in the US and Europe are busy researching ways to exploit the flaw in order to control Cisco’s Internet Operating System (IOS), but do not intend to hijack e-payments, read private e-mail or launch malicious attacks. Instead, hackers told the news agency their motivation was primarily “because someone said you can’t” expose the Cisco vulnerability, prompting coders and crackers to gear up and unite for the challenge. Moreover, the very first page of Lynne’s presentation reportedly states: “For many years Cisco has told you that IOS was impossible to compromise…Others have come close to disproving this claim.” Since hackers announced their quest, a number of weblogs and hacking sites have posted slides, extracts and duplications of Lynn’s 10-page presentation, in a bid to meet the objective of controlling Cisco software. But joined by ISS, the technology giant is pouncing on these portals, insisting they take down any relevant information to the flaw by delivering cease-and-desist legal notices. Security consultant and editor of Infowarrior.org, Richard Fono, said that after posting Lynn’s presentation on his front-page, he was sent a legal notice from ISS demanding removal of the downloadable file. Such “heavy handed tactics” simply serve to boost publicity the exploit receives, said Fono, adding criticism of the network giant for ”preserving its commercial interest” rather than improving overall security. Other internet experts said Lynn’s knowledge of Cisco’s technology was unparalleled, and added a cautionary note that any malware to exploit the flaw would probably not adversely affect the general health of the internet. Aug 2, 2005 Email this article Printer friendly page Previous Page
|
|
|
||||||||||||||||||||||||||||
| All content © Contractor UK Limited | [Register for News Letter] | [Privacy Statement] | [Terms of Use] | [Top of Page] |