![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Computer Security Conspiracies
Jul. 27th, 2005 10:28 amRight now in Las Vegas is the annual BlackHat Briefings security conference. Alas, I didn't get to go, though some of my coworkers are there.
However, there's some interesting conspiracy-theory-inspiring things going on there. The rumor had been that someone was going to present the first ever remote root exploit in Cisco IOS, the operating system used on Cisco networking hardware. There was even a section of the handout (handouts at secuirity conferences are often 1000 or more pages in a binder) that the table of contents lists as a security flaw in Cisco Systems routers.
However, the handout itself has approximately 30 pages missing, apparently ripped out of every copy at the last minute. In addition, Mike Lynn of ISS was supposed to be presenting right after the keynote... and now the conference organizers say they don't even know if he's going to show up.
Now, isn't that interesting. So, what happened? I can see a few possibilities:
1.) Lynn discovered some flaw in his research that means that his discovery is not, in fact, a remote root exploit in Cisco IOS, or is very limited in scope and impact, and has basically withdrawn it all in embarassment.
2.) Cisco figured out the issue and paid Lynn and/or BlackHat a Lot Of Money to shut the hell up.
3.) The government is leaning on Lynn and/or BlackHat to keep this quiet for reasons of national security.
4.) It's a publicity stunt to make peope like me wonder.
#3 might at first seem wildly implausible in its conspiratorial-ness... but really, if this actually is what people think it is (a way to gain full control of Cisco network hardware, remotely, with no authentication required), it actually does have potential national secuirty implications.
Cisco hardware is wildly popular and has little competition -- they have an overwhelming market share in routers. Routers are the devices that determine where Internet traffic goes. Most of them are well-protected, but their protection comes primarily from other routers. If someone really did have the ability to compromise any Cisco IOS-based device at will, they could direct any Internet traffic anywhere they wanted, modify it, insert themselves into traffic streams, even shut down the whole thing.
The actual vulnerability discovered is probably a lot more limited than that -- an ability to compromise an IOS device "under certain conditions" that don't hold true for most of the Internet. But it's very curious that the planned documents and presentation have disappeared...
However, there's some interesting conspiracy-theory-inspiring things going on there. The rumor had been that someone was going to present the first ever remote root exploit in Cisco IOS, the operating system used on Cisco networking hardware. There was even a section of the handout (handouts at secuirity conferences are often 1000 or more pages in a binder) that the table of contents lists as a security flaw in Cisco Systems routers.
However, the handout itself has approximately 30 pages missing, apparently ripped out of every copy at the last minute. In addition, Mike Lynn of ISS was supposed to be presenting right after the keynote... and now the conference organizers say they don't even know if he's going to show up.
Now, isn't that interesting. So, what happened? I can see a few possibilities:
1.) Lynn discovered some flaw in his research that means that his discovery is not, in fact, a remote root exploit in Cisco IOS, or is very limited in scope and impact, and has basically withdrawn it all in embarassment.
2.) Cisco figured out the issue and paid Lynn and/or BlackHat a Lot Of Money to shut the hell up.
3.) The government is leaning on Lynn and/or BlackHat to keep this quiet for reasons of national security.
4.) It's a publicity stunt to make peope like me wonder.
#3 might at first seem wildly implausible in its conspiratorial-ness... but really, if this actually is what people think it is (a way to gain full control of Cisco network hardware, remotely, with no authentication required), it actually does have potential national secuirty implications.
Cisco hardware is wildly popular and has little competition -- they have an overwhelming market share in routers. Routers are the devices that determine where Internet traffic goes. Most of them are well-protected, but their protection comes primarily from other routers. If someone really did have the ability to compromise any Cisco IOS-based device at will, they could direct any Internet traffic anywhere they wanted, modify it, insert themselves into traffic streams, even shut down the whole thing.
The actual vulnerability discovered is probably a lot more limited than that -- an ability to compromise an IOS device "under certain conditions" that don't hold true for most of the Internet. But it's very curious that the planned documents and presentation have disappeared...
