[ISN] Black Hat: Cisco to be under scrutiny again

From: InfoSec News (alerts@private)
Date: Wed Jul 19 2006 - 22:31:25 PDT


By Robert McMillan
IDG News Service

Cisco's products will again come under scrutiny again at this year's Black 
Hat USA 2006 conference, which kicks off later this month in Las Vegas.

Conference organizers say that 15 new exploits will be discussed at this 
year's event and that two of them target Network Admission Control and 
VoIP vulnerabilities that affect products from a number of vendors, 
including Cisco.

Security researchers, no longer as focused on digging up bugs in core 
Windows components, are looking for green fields, said Black Hat Director 
Jeff Moss.

Last year Cisco sued Black Hat conference organizers after security 
researcher Michael Lynn demonstrated a method for running unauthorized 
code on a Cisco router. It was a difficult technical achievement that had 
been considered impossible by some, but Cisco saw it to be a dangerous 
disclosure of information that could be used to harm the Internet's 

Black Hat and Cisco settled the lawsuit after conference organizers 
promised not to disseminate information on Lynn's research. Lynn is not 
listed among this year's presenters.

However, it is unlikely that Cisco will be suing the conference this year, 
given that neither of the exploits target Cisco specifically. Instead they 
relate to underlying technologies that are used by a large number of 
products, including Cisco's NAC and VoIP products.

One researcher, Ofir Arkin, the chief technology officer of Insightix, 
will be speaking about NAC technologies "and ways to bypass them," he said 
in an e-mail interview. Information on Arkin's presentation can be found 

A second presentation, given by researchers at 3Com and SecureLogix will 
examine the SIP (Session Initiation Protocol) used by VoIP systems. "In 
it, we describe and demonstrate many real-world VOIP exploitation 
scenarios against SIP-based systems (Cisco, Avaya, Asterisk, etc.)," the 
presenters wrote in a description of their talk. This description can be 
found here.

Researchers will disclose three exploits that take advantage of bugs in 
the Linux-based Asterisk PBX telephony software, conference organizers 
said. And as previously reported, wireless security researchers David 
Maynor and Jon Ellch plan to show a way of running unauthorized software 
on a laptop computer by manipulating buggy code in the system's wireless 
device driver.

Products from perennial favorites Microsoft and Oracle will also be 
discussed, with three Oracle exploits and four Microsoft exploits being 
disclosed, Black Hat said. There will also be discussion of two Linux 
exploits and one relating to Xerox's products.

Researchers will also demonstrate 25 new hacking tools at the show, which 
will also be noteworthy for its degree of friendly cooperation with 
technology vendors. Cisco itself is a platinum sponsor at the show, and 
Microsoft employees will be speaking at a track devoted entirely to the 
company's upcoming Windows Vista operating system.

Black Hat's Moss credits Lynn with inspiring new research work in the area 
of embedded devices, which be one of the hottest areas of research at this 
year's conference. By showing how Cisco's routers could be hacked and made 
to run unauthorized code just like a PC, Lynn helped change the way 
researchers think about many of these devices. "Once he did that, it 
really opened people's eyes," Moss said. "The amount of people who are now 
beating up on embedded devices has changed. Now the floodgates are 

The IDG News Service is a Network World affiliate.

All contents copyright 1995-2006 Network World, Inc.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Wed Jul 19 2006 - 22:48:52 PDT