Well, no shit sherlock

Aug. 18th, 2006 10:07 am
[identity profile] ihateemo.livejournal.com posting in [community profile] techrecovery
I'm posting this without passing comment on the obvious kicker at the end of the article.

Cisco can't reproduce Black Hat flaw

Cisco Systems has been unable to reproduce a security flaw reported in its PIX firewall appliance earlier this month, the networking company said Tuesday.

The alleged flaw was discovered by Hendrik Scholz, a developer with Freenet Cityline, who discussed it during Aug. 2 presentation at the Black Hat USA conference in Las Vegas. Freenet is a German VOIP (voice over Internet Protocol) service provider.

Scholz claimed that if someone sent the PIX device a specially crafted SIP (Session Initiation Protocol) message, the firewall would then allow attackers to send traffic to any device on the network. SIP is a protocol used to set up telephone calls and other communication sessions over the Internet.

...

During his Black Hat presentation, the security researcher said that exploiting the flaw was "really easy to do." But in an e-mail interview conducted two weeks ago, Scholtz said that a hacker would first need to know "intimate details" about the network being attacked and have control of a device on the inside in order to pull off the attack.
  • Current Mood: amused
  • Current Music: Hanawa - Core Of Soul
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Date: 2006-08-18 05:23 pm (UTC)
From: [identity profile] susano-otter.livejournal.com
So basically, this hack only works if you've already hacked the network some other way, and already have god rights on the network?

Cisco should be able to replicate that real easy: It's called "being a network administrator".

Date: 2006-08-18 05:32 pm (UTC)
From: [identity profile] xforge.livejournal.com
Hee. That's just like the recent Mac scare: "It's easy to hack a Mac!!! See, we did it here. All you gotta do is have a user account on the Mac, then you...."

Date: 2006-08-18 06:56 pm (UTC)
jecook: (Default)
From: [personal profile] jecook
::facepalm::

Date: 2006-08-18 09:53 pm (UTC)
From: [identity profile] neferde.livejournal.com
I'll second that ::facepalm:: and raise you a ::headdesk::

Date: 2006-08-19 02:50 am (UTC)
ext_8716: (Default)
From: [identity profile] trixtah.livejournal.com
OMG those evul H@x0Rz can get access to ANYTHING... especially when they already have admin rights over it!!111!!! OMGWTFLAIL!!

Date: 2006-08-19 08:39 pm (UTC)
From: [identity profile] loosechanj.livejournal.com
"Intimate details" and "control of a device" do not automatically equal "admin" or "root". The article is pretty vague, it doesn't really spell out what exactly exploiting this would get you. If it means bypassing the firewalls settings, I can imagine a few situations one might want to use this. Not all security threats are incoming, don'tcha know. Suppose your company blocked everything but port 80, and you like to IRC? This might come in handy.
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Profile

techrecovery: (Default)
Elitist Computer Nerd Posse
Tech Comedy (Reddit)

April 2017

S M T W T F S
      1
2345678
91011121314 15
16171819202122
23242526272829
30      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 20th, 2026 08:25 pm
Powered by Dreamwidth Studios