- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
Cisco's products will again come under scrutiny again at this year's Black Hat USA 2006 conference, which kicks off later this month in Las Vegas.
Conference organizers say that 15 new exploits will be discussed at this year's event and that two of them target Network Admission Control and VoIP vulnerabilities that affect products from a number of vendors, including Cisco.
Security researchers, no longer as focused on digging up bugs in core Windows components, are looking for green fields, said Black Hat Director Jeff Moss.
Last year Cisco sued Black Hat conference organizers after security researcher Michael Lynn demonstrated a method for running unauthorized code on a Cisco router. It was a difficult technical achievement that had been considered impossible by some, but Cisco saw it to be a dangerous disclosure of information that could be used to harm the Internet's infrastructure.
Black Hat and Cisco settled the lawsuit after conference organizers promised not to disseminate information on Lynn's research. Lynn is not listed among this year's presenters.
However, it is unlikely that Cisco will be suing the conference this year, given that neither of the exploits target Cisco specifically. Instead they relate to underlying technologies that are used by a large number of products, including Cisco's NAC and VoIP products.
One researcher, Ofir Arkin, the chief technology officer of Insightix, will be speaking about NAC technologies "and ways to bypass them," he said in an e-mail interview. Information on Arkin's presentation can be found here.
A second presentation, given by researchers at 3Com and SecureLogix will examine the SIP (Session Initiation Protocol) used by VoIP systems. "In it, we describe and demonstrate many real-world VOIP exploitation scenarios against SIP-based systems (Cisco, Avaya, Asterisk, etc.)," the presenters wrote in a description of their talk. This description can be found here.
Researchers will disclose three exploits that take advantage of bugs in the Linux-based Asterisk PBX telephony software, conference organizers said. And as previously reported, wireless security researchers David Maynor and Jon Ellch plan to show a way of running unauthorized software on a laptop computer by manipulating buggy code in the system's wireless device driver.
The Leader in Network Knowledge
Comment