Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Networking IT

Wired Interviews Mike Lynn 194

ndansmith writes "Wired has got an interview with Mike Lynn, who revealed a major vulnerability in Cisco IOS at Black Hat 2005 in Las Vegas, and who has subsequently become the subject of an FBI investigation. A quote from Mike Lynn: 'Cisco said, "You guys are lying. It is impossible to execute shell code on Cisco IOS." At that point (ISS) management was annoyed.... They were like, "Mike, your new research project is Cisco IOS. Go find out how to exploit bugs on Cisco IOS so we can prove these people wrong."'"
This discussion has been archived. No new comments can be posted.

Wired Interviews Mike Lynn

Comments Filter:
  • its easy to get investigated by the FBI.
    there has been a pizza van outside my house for weeks.. no wait its a flower delivery van now.. wait now the telephone repair man.
    • Quick! Put the image of a pink golfball on a field of half eaten hohos in your mind to block t3h m1nd r34d3rz!

      *hands over tinfoil hat*

      Seriously, though. If a company goes to the FBI and says "We think so and so has broken a law." they are supposed to look into it if a crime could have plausably been comitted. Kinda like calling the cops and reporting 'suspicious' activity. Its nearly always harmless.

      Cisco is using this to try to shut him up, but its not the FBIs fault.

      10:1 acouple weeks from now
  • I still fail to see how this story relates to Google. Slashdot must be slipping. :)
  • Start.com has been known for ages. Its a sandbox experiment, and theyve already released 1 [start.com] and 2 [start.com] already, along with "My web" [start.com] Editors messed up again? o.O
  • by Zweideutig ( 900045 ) on Tuesday August 02, 2005 @09:26PM (#13227769)
    I am tired of hearing about people basically volunteering to audit software and find problems, and then get accused for it. Lets go after the crackers that just read securityfocus for the latest exploit, and then exploit it so they can "vandalize." UNIX (the kind under the UNIX trademark) had many weaknesses that made it luaghably insecure in its day, but dedicated hackers (not crackers, I mean skilled creators) found many vulnerabilities, which of course were fixed and UNIX (including the *BSD derivatives and branded UNIX such as Solaris) has become quite secure today thanks to this. I apprieciated the effort of those who contributed their findings. There is a difference between reporting a broken safe lock in a bank, and exploiting it to obtain the contents (robbery.) This ignorance irritates me.
    • I agree. 1 person discovers most of the hacks that are around. 10 people spread the news around. 100 web sites write about it. 1,000 people create automatic tools based on this information. 10,000 people post those on their web sites. 100,000 people eventually use those tools and consider themselves hackers.

      You can call this the Integer Effect.
    • uummmmmm, this is the opposite it "you must be new here."

      Whay haven't you been posting here longer?

  • So where is Cisco in all of this? Have they released patches yet? I am hoping they will do a wide sweep of patches for all users (even those without support contracts) as they did back in 2004. [cisco.com]

    Juniper is looking better all the time.
    • The article is a bit long, but you'll find this vulnerability was patched 6 months ago. The issue here is that Cisco wasn't upfront about the seriousness of the flaw.
      • Cisco is never upfront about the seriousness of any bugs... It hurts their stock price -- which is the ONLY thing Cisco cares about.
        • To be fair, public companies make their decisions from the top to the bottom; engineers can always be told, "Yeah thats true, but its bad for our capital base .. "

          I've never understood the desire to make a company public. Its tantamount to placing the decisions in the hands of people who may not have any vested interest in success tommorow if they pull their money out. Its terribly short sighted and only makes sense VERY simple industries.
          • I've never understood the desire to make a company public.
            Two words: cash money.
            One priority: Money is all that matters.
          • The law of the land states that when a company exceeds a certain size($10 million in assets and more than 500 shareholders) it must go public with all its finances. This kind of forces them to trade publicly unless they want to exist with all the disadvantages of publicity and none of the advantages.

            The big-time financiers like the underwriters(who are get to underwrite them for their IPO) and the central-bankers like this law of course. Nice insurance too because you wouldn't want private individuals who
    • Announcement [cisco.com] is here. It includes instructions on how to get a fix, but it does not appear to be available for download.
    • The folks on NANOG certainly are up in arms about it. Apparently the patch was slipstreamed into a release, but it wasn't in the notes, and very few people seem to have applied the fix for various reasons (including some that involve images that are too big to fit on common memory cards).
      • I don't think I've seen NANOG buzzing this much about one topic since the infamous Verisign .com wildcard.

        This kind of turned into a worst-case PR situation for Cisco -- they screwed up on their product, they tried to cover it up, and then they hassled the guy that released the information.
  • Yesterday I was like drooling when I like saw this girl like. And I like couldn't get over it. Man I was like in heaven like.

    How about we cut the teen speak?
  • I don't know about the Cisco thing, but I know I'll never forgive him for The Herschel Walker trade [sportingnews.com].
    • You shouldn't have linked to the archive, somebody might know WTF you were talking about.

      These days (and I don't really care, either) it seems like Lynn and his collection of co-investors were brilliant compared to the used car salesmen and other tinpot business "moguls" running the show.
  • They were like, "Mike, your new research project is Cisco IOS. Go find out how to exploit bugs on Cisco IOS so we can prove these people wrong."

    Like, not only speech, but even our writing has like sunk to the level of the California valley girl, like.
  • One of Cisco's arguments, or at least so I heard on a CBC radio program that's name escapes me, is that he discovered this flaw through reverse engineering which is specifically banned in the license agreement. They seem to be implying that the flaw would be no danger since it is a closed source product, had he not 'illegally' reverse engineered their code and that the threat therefore only exists because of him. Security through obscurity, and a good example of why closed source solutions should not be u
    • Ah, it wasn't CBC, it was American Public Media, Future Tense. http://www.publicradio.org/columns/futuretense [publicradio.org]
    • Don't you just love that logic?

      WhiteHat> Err, you guys have a problem...
      Cisco> No we don't.
      WhiteHat> No really, it's there. I can prove it.
      Cisco> Ohh, so you violated the DMCA to hack us, huh? Well that is ILLEGAL mr. security guru. We're calling our lawyers.
      * WhiteHat scratches his head. *
      WhiteHat> Err, guys? If I didn't tell you about it, BlackHat would find out, keep it a secret and exploit it on every device he could. Wouldn't you rather know so you can fix it and prevent wid
    • Yes, the presumption being that any interested blackhats wouldn't dream of illegally reverse-engineering any Cisco code. Not to mention the fact that in many countries it wouldn't be illegal anyway. Cisco is full of hooey.
  • The bastard ruined the Minnesota Vikings for YEARS with that damned Herschel Walker trade!
    • The bastard ruined the Minnesota Vikings for YEARS with that damned Herschel Walker trade!

      Hey, but at least you guys went to the Super Bowl in 98...oh wait. No. You got beat by the Falcons.

      (Nelson voice:)Ha ha!

  • Lady Justice is not just blindfolded, she is actually blind.
  • Here is the Cisco information on the bug and patches [cisco.com]

    But this particular bug may not be the real news. The real news is running shell code on Cisco via an exploit. Or as Cisco puts it "Upon successful exploitation, the device may reload or be open to further exploitation." If this technique is not tied to this specific exploit but to architectural problems in IOS, Cisco worms could become a problem.

    Given that Cisco had source code stolen [arstechnica.com], there is almost no limit to what a worm could do. Spyware on
  • by imuffin ( 196159 ) on Tuesday August 02, 2005 @10:50PM (#13228215)
    Does anyone think it's odd that of the last seven stories, not a single one has a comment modded higher than 3? What's up?

    ---
    funny commercials [tubespot.com]
  • because this guy knows his shit. They want this guy working for them....
  • Well informative, though I know very little about cisco or routers in general. I quite enjoyed this article.
  • by djrogers ( 153854 ) on Tuesday August 02, 2005 @11:24PM (#13228356)
    He didn't reveal ANY vulnerabilities in IOS. I'm going to say this again, slowly: Micheal ... Lynn ... did ... not ... reveal ... any ... new ... vulnerabilities ... in ... IOS.

    What he did was prove that existing and future vulnerabilities in IOS _could_ be exploited to run shellcode, while it was previously thought that a DoS was the 'best' a hacker could do to an IOS box. He used a 4-5 month old (patched) vulnerability to demonstrate this...
  • Google: mike lynn blackhat cisco ios and have a good time.

    If you understand both IOS and assembler pcode, you can catch his drift. These are chinks in the otherwise solid armor that Cisco has.

    The exposure of this, along with other security bugs that organizations have, ranging from Microsoft down to Linus's best code, are important to know at the second of apparency. That's when both the good guys and the bad guys can get to work. I hope the bad guys lose, and they usually do. But prevention of exposure is
  • Cisco's 'solid armour' as you put it has been based on two concepts:

    1) There was no known way to execute shellcode due to the idle process responsible for doing heap pointer 'validation'. Thnsis prevented the possibility of executing shell code and essentially limited the attack vectors for overflows to DoS.
    2) Some level of obscurity regarding the IOS inner workings.

    Is that what you consider solid armour?

    While Lynns presentation was mostly old news, it did something very important. It eliminated point #1 ab
    • Creating a DoS condition is fine, but has no real value to a hacker other than the few obvious ones used by packet warriors. Being able to fully compromise a router and install your software is much more interesting and valuable.

      No argument about it being way more usefull to get full control over a router, but being able to DOS it is quite usefull to a hacker, esp. when there happen to be some nameservers behind the router for example

  • Mike Lynn sounds like a good guy, his point of view is very understandable. He wanted to alert people that Cisco is just as hackable as others. The other stories were villifying him but his own words explained why he did what he did. I must say, Kudos to him.

    Honestly He's the kind of Admin I respect, rather then play ball only with the corporation, he lets everyone know the problem so everyone can handle the situation. He claims there was a fix out in six monthes ago for his bug? I don't see why Cisco
    • Computer/Network Systems Engineer would be a more accurate description. He's designed his own, and the very first, wireless intrusion detection and prevention system (Intrusion prevention? Yep- AirIDS was designed to chaff and other things to make it very difficult for a snooper to obtain a solid lock on an AP's WEP key without needing WPA upgrades...). I remember having numerous conversations with him about it while we were working on projects at Coollogic when they were still just doing set-top boxes.
  • I find Cisco and Posse's attempt to corral copies of the report amusing. Besides the fact that they are making a scene in front of a crowd which relishes just such a challenge, haven't they heard of the multitudes of software developed for exactly this kind of response - distributed, anonymous, encrypted file storage and distribution?
    From the sidelines it is quite entertaining.
  • Goto http://www.cisco.com/cgi-bin/login [cisco.com]
    Let the authentication fail and read the following:

    IMPORTANT NOTICE:
    • Cisco has determined that Cisco.com password protection has been compromised.
    • As a precautionary measure, Cisco has reset your password. To receive your new password, send a blank e-mail, from the account which you entered upon registration, to cco-locksmith@cisco.com. Account details with a new random password will be e-mailed to you.
    • If you do not receive your new password within five minutes, please contact the Technical Support Center.
    • This incident does not appear to be due to a weakness in Cisco products or technologies.
  • by MECC ( 8478 ) * on Wednesday August 03, 2005 @10:34AM (#13230826)
    Whether or not Mike Lynn did what he did out of ego, altruism, professional integrity, or whether or not it fell within the normal bounds of how to disclose a vulnerability, while interesting discussions, are perhaps less interesting than the possibility that Cisco wanted to spin their way out, rather than code their way out.

    If [cC]isco adopts the spinout method of handling vulnerabilities, or if that mentality takes hold within their corporate culture, the impact on the internet will without question be swift and negative. True, they'll get also get swiftly eclipsed by competitors, but in the meantime there would be Internet-wide trouble.

A physicist is an atom's way of knowing about atoms. -- George Wald

Working...