Top Security News Microsoft Fixes Long-Standing MDB Flaw Remote code execution vulnerabilities received attention from Microsoft in its most recent edition of Patch Tuesday updates; one has been publicly known for seven... America's Botnet Needed, Says AF Colonel An Air Force colonel's suggestion that American needs a botnet provokes a strange idea: that the military and intelligence communities don't have one now. Maybe the Department of Homeland Security can get a... Gas Savings Spam Fills Inboxes The inevitable attention of spammers turned to soaring gas prices, with one set of junk messages promising a way to save at the pump. What would you give to... Rumor: Cisco Rootkit Coming To EuSecWest Security vendors had a stealth competitor enter the marketplace when Google announced it would offer a product that provides web security; Google recently extended security coverage to roaming enterprise... Thursday:05.15.08 A researcher at Core Security allegedly created a rootkit for the widely-used Cisco brand of routers, and will reveal his research next week in London. We're reminded immediately of Michael Lynn's saga at the Black Hat conference when he wanted to present a discussion of threats to the Cisco IOS. A brief firestorm erupted over his presentation, with notes for it being forcibly ripped from the conference documents. Sebastian Muniz's work poses another headache for Cisco, assuming his research isn't 'all hat and no cattle', as the saying goes. That happens a lot in security; someone hypes up a threat, then it turns out their real-life version of Neuromancer's black ice ends up being the technology equivalent of two cans and a length of string. Network World posted a discussion with Muniz about the Cisco rootkit. Muniz's concept would work differently than Lynn's and other's Cisco IOS attacks. Previous threats were tailored to go after specific versions of the IOS. Muniz's rootkit needs someone to actively place it on a Cisco device, but once it's in there, well, it's a rootkit and can be used to do all the typically nefarious things a rootkit enables. We aren't dismissing the nature of the threat. Cisco devices run a lot of the Internet. For years they really had the playing field to themselves, especially at the corporate level. Their hardware works well and shows excellent design execution. But if there are any security pros out there who are going to push strange code into the flash memory of their routers, the only way this supposed rootkit will be able to access them, those folks may wish to consider a career change. Network World also raised the possibility Cisco could smack Muniz and the EuSecWest conference with the usual cease and desist lawsuit to stop his presentation. Also, as Cisco and Muniz chat about the rootkit ahead of the conference, there's always the possibility the presentation could be canceled willingly. A fear exists about someone in the supply chain dropping a rootkit onto Cisco hardware, or a counterfeit piece sold as the legitimate article, and having access to a router when it is brought into service. We expect Cisco will address that with some type of diagnostic solution it will distribute to legitimate customers. About the Author: David Utter is a business and technology writer for SecurityProNews and WebProNews. SecurityProNews is brought to you by: SecurityConfig.com NetworkingFiles.com ITmanagementNews.com NetworkNewz.com DatabaseProNews.com SQLProNews.com ITcertificationNews.com SysAdminNews.com LinuxProNews.com WirelessProNews.com About SecurityProNews SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security. Advertising Newsletters Corporate Info Site Map Support © 2008 SecurityProNews. An email newsletter. , Inc. 2549 Richmond Rd. Lexington KY, 40509 All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us. SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.