iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Rumor: Cisco Rootkit Coming To EuSecWest
Search:
[ insider_reports_insider ]

Rumor: Cisco Rootkit Coming To EuSecWest



David Utter
Staff Writer
2008-05-15

SecurityProNews: Insider Reports Insider Reports RSS Feed


A researcher at Core Security allegedly created a rootkit for the widely-used Cisco brand of routers, and will reveal his research next week in London.

Rumor: Cisco Rootkit Coming To EuSecWest
Rumor: Cisco Rootkit Coming To EuSecWest

We're reminded immediately of Michael Lynn's saga at the Black Hat conference when he wanted to present a discussion of threats to the Cisco IOS. A brief firestorm erupted over his presentation, with notes for it being forcibly ripped from the conference documents.

Sebastian Muniz's work poses another headache for Cisco, assuming his research isn't 'all hat and no cattle', as the saying goes. That happens a lot in security; someone hypes up a threat, then it turns out their real-life version of Neuromancer's black ice ends up being the technology equivalent of two cans and a length of string.

Network World posted a discussion with Muniz about the Cisco rootkit. Muniz's concept would work differently than Lynn's and other's Cisco IOS attacks.

Previous threats were tailored to go after specific versions of the IOS. Muniz's rootkit needs someone to actively place it on a Cisco device, but once it's in there, well, it's a rootkit and can be used to do all the typically nefarious things a rootkit enables.

We aren't dismissing the nature of the threat. Cisco devices run a lot of the Internet. For years they really had the playing field to themselves, especially at the corporate level. Their hardware works well and shows excellent design execution.

But if there are any security pros out there who are going to push strange code into the flash memory of their routers, the only way this supposed rootkit will be able to access them, those folks may wish to consider a career change.

Network World also raised the possibility Cisco could smack Muniz and the EuSecWest conference with the usual cease and desist lawsuit to stop his presentation. Also, as Cisco and Muniz chat about the rootkit ahead of the conference, there's always the possibility the presentation could be canceled willingly.

A fear exists about someone in the supply chain dropping a rootkit onto Cisco hardware, or a counterfeit piece sold as the legitimate article, and having access to a router when it is brought into service. We expect Cisco will address that with some type of diagnostic solution it will distribute to legitimate customers.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds