- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Cisco's products will again come under scrutiny again at this year's Black Hat USA 2006 conference, which kicks off later this month in Las Vegas.
Conference organizers say that 15 new exploits will be discussed at this year's event and that two of them target Network Admission Control and VoIP vulnerabilities that affect products from a number of vendors, including Cisco.
Security researchers, no longer as focused on digging up bugs in core Windows components, are looking for green fields, said Black Hat Director Jeff Moss.
Last year Cisco sued Black Hat conference organizers after security researcher Michael Lynn demonstrated a method for running unauthorized code on a Cisco router. It was a difficult technical achievement that had been considered impossible by some, but Cisco saw it to be a dangerous disclosure of information that could be used to harm the Internet's infrastructure.
Black Hat and Cisco settled the lawsuit after conference organizers promised not to disseminate information on Lynn's research. Lynn is not listed among this year's presenters.
However, it is unlikely that Cisco will be suing the conference this year, given that neither of the exploits target Cisco specifically. Instead they relate to underlying technologies that are used by a large number of products, including Cisco's NAC and VoIP products.
One researcher, Ofir Arkin, the chief technology officer of Insightix, will be speaking about NAC technologies "and ways to bypass them," he said in an e-mail interview. Information on Arkin's presentation can be found here.
A second presentation, given by researchers at 3Com and SecureLogix will examine the SIP (Session Initiation Protocol) used by VoIP systems. "In it, we describe and demonstrate many real-world VOIP exploitation scenarios against SIP-based systems (Cisco, Avaya, Asterisk, etc.)," the presenters wrote in a description of their talk. This description can be found here.
Researchers will disclose three exploits that take advantage of bugs in the Linux-based Asterisk PBX telephony software, conference organizers said. And as previously reported, wireless security researchers David Maynor and Jon Ellch plan to show a way of running unauthorized software on a laptop computer by manipulating buggy code in the system's wireless device driver.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment