Re: [Full-disclosure] Cisco IOS hacked?

To: ciscoioshehehe@xxxxxxxxx
Subject: Re: [Full-disclosure] Cisco IOS hacked?
From: Andrei Mikhailovsky <mlists@xxxxxxxxxx>
Date: Mon, 19 Sep 2005 20:55:39 +0100
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <432E602A.000001.18360@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Arhont Ltd - Information Security
References: <432E602A.000001.18360@xxxxxxxxxxxxxx>
Reply-to: andrei@xxxxxxxxxx

Hello,

Being a co-author of the "Hacking Exposed Cisco Networks" book and one
of the co-founders of Arhont Ltd an Information Security Company that is
doing the research for the book on Cisco Devices I have to make the
following comments about the article in SecurityLab.ru:

The russian article (http://www.securitylab.ru/news/240415.php) has been
badly paraphrased from the livejournal of one of the authors/researchers
of the book. As a result of this outrageously inaccurate paraphrasing of
the article many confusions and misunderstandings have been circling on
the security related sources and mailing lists.

Some of the issues addressed in the article are true and Arhont is
currently preparing a formal advisory that will be sent to PSIRT. 

Among the discovered issues are multiple vulnerabilities in EIGRP
implementation. Also, authors have addressed the _theoretical_ aspects
of an algorithm for cross-platform worm that could spread in IOS based
devices. The existence of the practical implementation of such warm is a
complete lie. Let me assure that there has been no development nor the
desire to develop such code by the authors of the book. The theoretical
methodology and algorithms will be also discussed with PSIRT at the
appropriate time.

In addition, there has been some minor inconsistencies of the
livejournal postings that will be soon addressed and edited.

If you have any comments on this topic we would be glad to address them.

-- 
Andrei Mikhailovsky
Arhont Ltd - Information Security

On Mon, 2005-09-19 at 10:52 +0400, ciscoioshehehe wrote:
> today news on SecurityLab.ru (only in russian):
> 
> http://www.securitylab.ru/news/240415.php
> 
> * break CRC on CISCO IOS
> * Desgin Mechanism of cross-platform worm for IOS device.
> *  Run IRC server on 2600 CISCO.
> * Found more vulnerabilities in EIGRP protocol.
> 
> and some more...
> 
> Online translate from Russian:
> 
> http://www.translate.ru/url/tran_url.asp?lang=ru&url=http%3A%2F%2Fwww.securitylab.ru%2Fnews%2F240415.php&direction=re&template=General&cp1=NO&cp2=NO&autotranslate=on&transliterate=on&psubmit2.x=45&psubmit2.y=17
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Cisco IOS hacked?
  - From: ciscoioshehehe

Prev by Date: Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability
Next by Date: [security bulletin] SSRT5999 rev.0 HP OpenVMS Secure Web Browser Mozilla Application Node Spoofing
Previous by thread: Cisco IOS hacked?
Next by thread: [ GLSA 200509-10 ] Mailutils: Format string vulnerability in imap4d
Index(es):
- Date
- Thread