Cisco learns from China operation
Angered and inspired by Cisco's attempts to suppress news of the flaw earlier in the week, several computer security experts at the Defcon computer-security conference worked past midnight Saturday to discover and map out the vulnerability.
"The reason we're doing this is because someone said you can't," said one hacker, who like the others spoke to Reuters on condition of anonymity.
Cisco's routers direct traffic across at least 60 percent of the Internet and the security hole has dominated a pair of conferences that draw thousands of security researchers, U.S. government employees and teenage troublemakers to Las Vegas each summer.
The hackers said they had no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw.
Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities. Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet.
Security researcher Michael Lynn first described the flaw on Wednesday at the Black Hat conference over the objections of Cisco and his former employer, Internet Security Systems Inc..
Lynn helped Cisco develop a fix but wanted to discuss it publicly to raise awareness of the problem, according to associates, going so far as to quit his job with ISS so he could talk freely.
"What (Lynn) ended up doing was describing how to build a missile without giving all the details. He gave enough (details) so people could understand how a missile could be built, and they could take their research from there," said a security expert who gave his name only as Simonsaz and who said he is not involved in the hacking effort. Read more
db: There is no intention of going techie on db - just that considering most of the worlds information - including governments' - is routed around the globe on Cisco kit - and is vulnerable to this flaw unless fixed - you would think that they would want as many people as possible to know all about it and get patched up. Maybe it's just too embarrassing for Cisco - and makes a mockery of their plug on '24' - whereby Cisco products basically saved the human race from extinction. I am also down on Cisco because of their approach to human rights in China - they really don't have one beyond a quarterly quota on some 'special' items designed and implemented to crush the Chinese further.
Anyone who is interested in the more technical how-to side of this story can go here to find out about The Process of Hacking a Cisco IOS based router