- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Cisco this week asked that a presentation on how to hack its IOS router software be pulled from a security conference in Las Vegas.
More: Furor over Cisco IOS router exploit erupts at Black Hat
Researcher at center of Cisco router-exploit controversy speaks out
Cisco, ISS, Michael Lynn and Black Hat sign legal accord
Forum: Who's right?
A presentation called “The Holy Grail: Cisco IOS Shellcode Remote Execution” was slated to run at the Black Hat conference in Las Vegas this week. But Internet Information Systems and Cisco, the companies presenting the segment, decided to pull the presentation after discussions between the two firms.
“Based on our discussions, both companies felt that it was premature to present this research at this time,” said a Cisco spokesman. Cisco and ISS “decided to pull the presentation and requested that the conference material be pulled. We don’t have a date on when it will be presented next.”
ISS confirmed that after discussion with Cisco, it was decided that presenting the materials about exploration of shellcode on IOS would be premature and that they wanted to conduct further research.
“The research was to understand if IOS is exploitable with shellcode and buffer overflows,” says Chris Rouland, CTO for ISS. “We were expecting to validate this.”
Shellcode is a program that can be used to execute commands on remote systems. A shellcode exploit on a remote machine, such as a server or router, could allow a user to take over that machine and execute commands.
The IOS Black Hat presentation does not discuss any new or previously unreported flaws in IOS, the Cisco spokesman said. The research that was to be presented “involves how to make additional impacts on existing vulnerabilities” in IOS that are known to Cisco and the security community.
According to Jeff Moss, CEO of the Black Hat Conference, Cisco on Monday said it would go to court for a restraining order to stop Black Hat from distributing materials on the IOS presentation already submitted by ISS and Cisco and published in the 1,000-page conference program. Moss said that Cisco supplied personnel, with razorblades in hand, to cut out 15 pages of material from 2,500 Black Hat conference show guides that detailed the company’s research.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment