[Crime] was (Fwd: ISS vs. Cisco: Chapter 2.) is now Slides?

From: Jeff Bryner (jbryner1@private)
Date: Mon Aug 15 2005 - 14:09:46 PDT


Have the slides from last week's crime presentation been posted?

Interesting related message attached. 

Jeff.
CISSP, GCIH, GCFA

attached mail follows:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear list reader,

this morning I found to my complete surprise the following email in my inbox,
which sheds some light from a different angle on the whole ISS and Cisco
story:

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FX,

I heard you have got shell code working against IOS.  Can you share
any details, or provide the code? 

Thanks,

Chris


- - --------------------------------------------------------------
Chris Rouland
CTO
Internet Security Systems, Inc.
http://xforce.iss.net
crouland@private  

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQvpqDd/TKefTUYbMEQJ2FACg6qOo57klGccK7GEu7KIB2t6ZXQMAoKv8
tYeVt00aKfZ6eLDGTEIcPhG4
=B6fL
- -----END PGP SIGNATURE-----

The inclined reader may verify Mr. Rouland's signature using his key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD35186CC

I appreciate Mr. Rouland acknowledges the work Phenoelit has done 
on Cisco IOS and actually realises that Michael Lynn build on this work
for his exploit, while the actual shellcode was entirely different from 
codes we were using. 

According to various sources, Michael Lynn was supposed to give copies 
of his hard drive content to ISS and Cisco
(http://blogs.washingtonpost.com/securityfix/2005/07/ciscogate_updat.html),
which leaves the question why ISS needs our shellcodes.

Mr. Rouland, the information you are looking for is posted at
http://www.phenoelit.de/ultimaratio/index.html since 2002 and was 
presented at the BlackHat USA Briefings in the same year:
http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#FX

Phenoelit continues to look for and find bugs in Cisco IOS. We will also
continue our excellent relationship to the people at PSIRT to help fixing
these vulnerabilities and may release advisories covering those when, and 
only when the respective fixes are available, tested and released by Cisco.

I leave the ethical aspects of this request by ISS for the consideration 
of the inclined reader.

cheers
FX

- -- 
         FX           <fx@private>
      Phenoelit   (http://www.phenoelit.de)
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC+yaqwMGiQm1jtWQRAsAYAKCKT3H7cBkGwkcL0qdUEr1LKLt+9wCgobou
eGVJIm5dz5Hb3jlHMxDun6Y=
=mgeG
-----END PGP SIGNATURE-----


_______________________________________________
Crime mailing list
Crime@private
http://lists.whiteknighthackers.com/mailman/listinfo/crime



This archive was generated by hypermail 2.1.3 : Mon Aug 15 2005 - 16:16:29 PDT