nanog mailing list archives
RE: Boing Boing: Michael Lynn's controversial Cisco security presentation
From: "Buhrmaster, Gary" <gtb () slac stanford edu>
Date: Fri, 29 Jul 2005 08:56:40 -0700
Would this not be a great way to infect thousands of network operations systems due to a PDF exploit? It is like "free beer" to many network operators, they just *have* to consume it. One could take control of the "network" by taking control of the systems of the people operating it and silently watch for the passwords, names, ip addresses that will enable one to take control later. I know, I am just being paranoid. There has never been an exploitable PDF exploit. Oh, wait, there has been :-) One has to admit it would be one hell of a combined social engineering and technical exploit if it could be pulled off. Gary
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Fergie (Paul Ferguson) Sent: Friday, July 29, 2005 7:19 AM To: nanog () merit edu Subject: Boing Boing: Michael Lynn's controversial Cisco security presentation Over on Boing Boing: [snip] Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities ("The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques"), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post and Scheneier's take for more). 1.9MB PDF Link [snip] http://www.boingboing.net/2005/07/29/michael_lynns_contro.html I think these guys better prepare for the "slashdot effect"... :-) - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- Boing Boing: Michael Lynn's controversial Cisco security presentation Fergie (Paul Ferguson) (Jul 29)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Brad Knowles (Jul 29)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Brad Knowles (Jul 29)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Simon Lyall (Jul 29)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Dan Hollis (Jul 29)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Valdis . Kletnieks (Jul 30)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation sthaug (Jul 30)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Brad Knowles (Jul 29)
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Brad Knowles (Jul 29)
- <Possible follow-ups>
- RE: Boing Boing: Michael Lynn's controversial Cisco security presentation Buhrmaster, Gary (Jul 29)
- Message not available
- Re: Boing Boing: Michael Lynn's controversial Cisco security presentation Jay R. Ashworth (Jul 29)
- Message not available