Black Hat Opens with Intrigue, Then Gets Interesting
Posted by Andrew Brandt | Wednesday, July 27, 2005 5:01 PM PT
In Las Vegas, the Black Hat Briefings computer security conference got off to an unusual start this morning, when conference presenter Michael Lynn announced to a startled audience that he had to quit his job with a security company in order to deliver his presentation about Cisco routers.
The presentation illustrates the means by which an Internet user could wreak havoc with virtually every model of Cisco router, potentially bringing down large portions of the Internet. Cisco routers are commonly used to operate the backbone of the Internet and large networks.
Lynn's research sparked a threat of a lawsuit by Cisco Systems against Lynn's former employer, Internet Security Systems (ISS). At the last minute, conference organizers literally tore pages from the conference proceedings book, and had to rush new CDs of the conference proceedings, sans Lynn's presentation slides, into print. Lynn resigned his position at ISS before the morning session, and announced to the audience that he may face a lawsuit as a result of giving the presentation.
The fascinating topics covered at the annual conference didn't stop with the morning session, though: In a session titled "Plug and Root: The USB Key to the Kingdom," Darrin Barrall, David Dewey, and Caleb Sima of SPI Dynamics demonstrated a custom-built USB device (handmade by Barrall in his garage) that can fool an operating system into believing the device is any form of USB peripheral, such as a mouse, keyboard, or flash storage drive.
The trio conducted research into how the USB drivers common to all modern versions of Windows could be exploited, and described two methods by which hackers could use a specially designed USB key to load malicious software, such as a keystroke logger, onto a target system within a few seconds, simply by plugging the device into the target PC's USB port, bypassing virtually all of Windows' built-in security. The same technique could be used to retrieve a file of stored passwords after a few days or a week, simply by plugging the device into an active USB port.
The afternoon sessions included a talk about how the Russian telecommunications networks are linked together, combined with a social analysis of Russian hackers and hacking gangs; a discussion about the security weaknesses in antivirus tools, and how these loopholes can provide a hacker with access to your files even if you believe your PC is protected; surveys of the tech-legal landscape, as well as a summary of the key computer security legal cases over the past year; a session about security problems in hardware, beginning with security devices, and moving to a discussion of security issues in PocketPCs, Palm devices, and video games; and a look at RFID, including a demonstration of reading RFID tags from very long distances, and an overview of the repercussions of RFID's inherent insecurities.
Wow!
Imagine all the headaches we could avoid if an earthquake had swallowed up that conference and every pea-brain in it!
Those "pea-brains" actually protect you from criminals and other malcontents, you tard.
no they dont
hey anonymous, guys like milksop (milkSAP?) don't think, they react defensively and emotionally
The pea brains were the ones who tried to burn the books. Well, tear out pages and "sanitize" CDs anyway, but effectively, it's burning books. It seems to me that Cisco and ISS are trying to hide the truth about a badly designed, poorly tested OS. Holy shades of Micro$ucks, Mr. Bill! As if suppressing or burying information is going to make you safe. Works for an Ostrich, I guess, so why not us.
Cisco is dishonest, for they have been trying to hide the vulnerabilty from customers. It's the fact that true hackers, people at ISS for example, already aware of those secretly kept vulnerabilities. They can attack any Cisco routers they like, while FBI and clients have no idea what was happen to them.
Customers have right to aware and protect themselves from all vulnerabilities regardless of degree of impact. Otherwise, their networks are left vulnerable for hackers.
If this vulnerability is left hidden for the next two months, the net (even the world) would be in real chaos for sure. Hackers hack into banks and steal billions of dollar, hack into government computers and steal top-secret info. If there is a worm, then we will be all doom! Millions of server are taken down, no internet, no phone, no bank service, no pcworld.com, no nothing.
You name the company that has ever voluntarily given any information up?
and None ever will!
tracyv
Just because you "true hackers " KNOW IT, does not make it OK to broadcast so THE MASSES OF OUR ENEMIES CAN TEACH THE WORLD, SO MANY,MANY MORE PEOPLE CAN USE THEM FOR DESTRUCTION AND MAYHAM BEFORE A FIX OR PATCH IS EVEN FOUND!,SO DON'T TRY THAT CRAP ON ME! THIS GUY DESERVES CIVILIAN AND MILITARY DISCIPLINE AND NEEDS A SEVERE TERM OF AT LEAST 60 YEARS, AND MAYBE PAROLE AFTER TWENTY + FIVE MAYBE DEPENDING ON LAWS. EVERY COMPANY HAS PROBLEMS WE DO NOT KNOW ABOUT AND YOU ARE PRE-SUPPOSING THEY ARE NOT TRYING TO FIX THEM. GIVEN THE FIRES HE CREATED, HE VERY WELL HAS UNDERMINED EVERY ROUTER OUR MILITARY AND GOVERNMENTS HAVE BOUGHT! TO DO THIS ,ESPECIALLY IN A TIME OF WAR, LET ALONE A NEW KIND OF WAR (THAT LAME DEMOCRATS AND LIBERALS REFUSE TO RECOGNIZE), IS DESPICABLE AND CAUSING UNECESSAR DEATHS WITH YOUR EVERY PROTEST THAT ONLY EMBOLDENS OUR ENEMY BECAUSE WE ARE TOO STUPID AND IRRESPONSIBLE WITH ANY TRUTHS AS ALL WE DO IS BLAB BLAB BLAB ANYTHING AND ANY RUMOR! WITHOUT THE HELP OF FELOW AMERICANS, LET ALONE ACTIVELY DAMAGING OUR COUNTRY IS THE NUMBER ONE #1 TERRORISM THREAT!! ASK ANY GOVN'T OFFICIAL, IT IS THE CRAZY GROUPS AND PEOPLE LIVING HERE THAT ARE THE BIGGEST THREAT! AND THIS GUY IS AND SHOULD BE THE POSTER BOY OF IRRREASPONSIBLE, TREASONEOUS BEHAVIOR!
By that logic, PC World, and anyone else reporting on this, should also be considered criminal and treasonous for further publicizing it. Do you consider all spread of information to be dangerous, and ignorance a virtue?