Re: NANOG List Server on several BlockLists
Mikael Abrahamsson wrote: On Wed, 27 Jul 2005, Matthew Sullivan wrote: John Palmer wrote: FYI: The IP address of the mail server that sends out NANOG list messages (198.108.1.26) is once again on most of the major RBLs. Was a mistake and was removed promptly as soon as we were notified. What was the mistake? Would be informational to know how this happened (again) and how it's not going to happen again in the future? I'm not going to give the gory details, but part of it was a mistake with a mouse click that I personally made. Ironically the main part of the reason it happened was because I was modifying the scripts to help prevent this sort of thing occuring in the future. Regards, Mat
freeserve/wanadoo contact
Anyone with clue at Wanadoo UK, or can put me in touch with someone, will do at this point. Specifically to do with their website hosting arrangements.
Mozilla Implements TLD Whitelist for Firefox in Response to IDN Homogr aphs Spoofing
Not sure if anyone has seen this, or not... Via CircleID: [snip] Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities. [snip] http://www.circleid.com/article/1148_0_1_0_C/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Overhaul of U.S. telecom law to be introduced
Via the EE Times: [snip] A Republican senator will unveil a rewrite of U.S. telecommunications laws on Wednesday (July 27). Sen. John Ensign, R-Nev., said he will introduce the Broadband Consumer Choice Act of 2005 during a Capitol Hill press conference. The bill will improve consumers access to communication technology by rewriting outdated telecommunications laws, Ensign's office said in a statement. One of the bills goals is to reduce government obstacles to technological innovation and expansion. The proposed legislation would replace the Telecommunications Act of 1996. [snip] http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=166402650 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Overhaul of U.S. telecom law to be introduced
On 27/07/05, Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: The bill will improve consumers' access to communication technology by rewriting outdated telecommunications laws, Ensign's office said in a statement. One of the bill's goals is to reduce government obstacles to technological innovation and expansion. The proposed legislation would replace the Telecommunications Act of 1996. OK, which of the large telco / broadband outfits are lobbying for this one?
Extension For E911 Not as Good As... Rule
Following up from yesterday, Roy Mark writes this in internetnews.com: [snip] Voice over IP providers have another 30 days to inform customers of possible E911 emergency calling limitations -- or pull the plug on their service. After Aug. 30, VoIP providers will have to cut off subscribers who refuse to acknowledge the warning, according to the ruling by the Federal Communications Commission (FCC). The original deadline was Friday, July 29th. [snip] http://www.internetnews.com/infra/article.php/3523236 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Overhaul of U.S. telecom law to be introduced
On Wed, 27 Jul 2005, Suresh Ramasubramanian wrote: The bill will improve consumers' access to communication technology by rewriting outdated telecommunications laws, Ensign's office said in a statement. One of the bill's goals is to reduce government obstacles to technological innovation and expansion. The proposed legislation would replace the Telecommunications Act of 1996. OK, which of the large telco / broadband outfits are lobbying for this one? Based on who's introducing it, and past history -- CAN-SPAM, for one -- I'd put a suspicious bet on the large fiber-monopoly telcos pushing this to eradicate unbundled service requirements, so that they can push out resellers and remarketers through a competitive market. (We'll see for sure when the text is released, of course. ;) Another page from the man himself about it: http://ensign.senate.gov/issleg/issues/record.cfm?id=240526 -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Overhaul of U.S. telecom law to be introduced
On Wed, 27 Jul 2005, Todd Vierling wrote: Another page from the man himself about it: http://ensign.senate.gov/issleg/issues/record.cfm?id=240526 Excuse me, this was a general statement from two weeks ago, but it carries more loaded statements about the upcoming bill's sponsor with regard to telecom interests, and reads almost like a longer version of a bill's purpose text. -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Extension For E911 Not as Good As... Rule
On 27 Jul 2005, at 11:17, Fergie (Paul Ferguson) wrote: After Aug. 30, VoIP providers will have to cut off subscribers who refuse to acknowledge the warning, according to the ruling by the Federal Communications Commission (FCC). ... because if there's an emergency, a handset which gives no dialtone is better than one which might connect you to the wrong emergency response centre. If I lived in the US, I'm sure that would make me sleep more easily at night. Joe
Cisco IOS Exploit Cover Up
For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_hole_.html
Not exactly off-topic, but sooooo not operational.
http://www.woodynet.net/Message%20No.%20419.mp3 -Bill
RE: Cisco IOS Exploit Cover Up
For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M
Re: Cisco IOS Exploit Cover Up
On Jul 27, 2005, at 1:26 PM, James Baldwin wrote: http://blogs.washingtonpost.com/securityfix/2005/07/ mending_a_hole_.html Further information: http://www.crn.com/sections/breakingnews/breakingnews.jhtml? articleId=166403096
RE: Cisco IOS Exploit Cover Up
For what ot's worth, this story is running in the popular trade press: Cisco nixes conference session on hacking IOS router code http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Cisco IOS Exploit Cover Up
Damn he sure did cause a shit storm AGAIN.. from the crn article it looks like they might have him pinned on an NDA violation.. (taking a shot in the dark) quote below. Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners, the company said in a statement released Wednesday. It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained. Which i find is funny because i know that for years people have been beating up on him for more info into the cisco wireless cards that he had access to under NDA. He never once budged from what i know of and heard. Damn guess we will have to wait and see what happens, to bad i missed the talk. On 7/27/05, Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: For what ot's worth, this story is running in the popular trade press: Cisco nixes conference session on hacking IOS router code http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Cisco cover up
On Jul 27, 2005, at 4:48 PM, J. Oquendo wrote: On Wed, 27 Jul 2005, Dan Hollis wrote: This is looking like a complete PR disaster for cisco. They would have been better off allowing the talk to take place, and actually fixing the holes rather than wasting money on a small army of razorblade- equipped censors. Complete PR disaster? Maybe they're still working on the fix and didn't want those on the blackhat scene to have a glimpse of how they intended on fixing things. I wonder if this has exploit_foo_bar has anything to do with their code being stolen earlier this year was it, or late last year. Maybe for the geeks in you, it may be a PR disaster, but I doubt their stock price will come down much. Oddly I wonder if those in gov are watching closely to those who are running around shorting Cisco stock. Or should that be: sh0rt1ng c1sc0 [EMAIL PROTECTED] Cisco had initially approved this talk. My understanding is that this has been fixed and no current IOS images were vulnerable to the techniques he was describing. ISS, Lynn, and Cisco had been working together for months on this issue before the talk. This had _nothing_ to do with the source code that was stolen. I have dealt with Lynn professionally on many occasions and he has shown himself to have more than a fair share of integrity. It is uncalled for to take to disparate events and place them together in a way which smudges the name of a respected researcher.
RE: Cisco cover up
From: James Baldwin This had _nothing_ to do with the source code that was stolen. I have dealt with Lynn professionally on many occasions and he has shown himself to have more than a fair share of integrity. It is uncalled for to take to disparate events and place them together in a way which smudges the name of a respected researcher. I don't see any smearing of anybody's name. What I do see is speculation, which is to say, reasoning based on inconclusive evidence; conjecture or supposition. In otherwords, J offered a guess that the two might be related and certainly wasn't pointing fingers as if that was the definitive reason. It sometimes happens that seemingly disparate events are actually linked, so it was not an entirely illogical guess. -JFO Jason Feren Olsen DeVry, Inc. Senior Network Engineer One Tower Lane Em: [EMAIL PROTECTED] Oakbrook Terrace, IL 60181-4624 Ph: 630.645.1607 INOC-DBA: 19258*526 Fx: 630.382.2929
RE: Cisco IOS Exploit Cover Up
...and Wired News is running this story: Cisco Security Hole a Whopper Excerpt: [snip] A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. [snip] http://www.wired.com/news/privacy/0,1848,68328,00.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: For what ot's worth, this story is running in the popular trade press: Cisco nixes conference session on hacking IOS router code http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Cisco IOS Exploit Cover Up
..and of course: Cisco Denies Router Vulnerability Claims [snip] Cisco Systems is downplaying a news story that suggests new security flaws may have been discovered in some of its routers. [snip] http://www.varbusiness.com/components/weblogs/article.jhtml?articleId=166403151 So, until the _facts_ come out, this appears to be spin vs. spin (a play on spy v. spy, for all you Alfred E. Newman fans)... - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: ...and Wired News is running this story: Cisco Security Hole a Whopper Excerpt: [snip] A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. [snip] http://www.wired.com/news/privacy/0,1848,68328,00.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: For what ot's worth, this story is running in the popular trade press: Cisco nixes conference session on hacking IOS router code http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Cisco IOS Exploit Cover Up
and talk about closing the barn door after the horse has escaped!?? Haven't they just turned those 15 pages scanned as a pdf and distributed over a p2p file sharing system like bit torrent into likely one of the the most sought after documents on the planet? How long before they show up there? If they aren't there already. = The COOK Report on Internet Protocol, 431 Greenway Ave, Ewing, NJ 08618 USA 609 882-2572 (PSTN) 415 651-4147 (Lingo) [EMAIL PROTECTED] Subscription info: http://cookreport.com/subscriptions.shtml New report: The Only Sustainable Edge vs The Oligopoly at: http://cookreport.com/14.06.shtml = On Jul 27, 2005, at 11:50 PM, Fergie (Paul Ferguson) wrote: ...and Wired News is running this story: Cisco Security Hole a Whopper Excerpt: [snip] A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. [snip] http://www.wired.com//privacy/0,1848,68328,00.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: For what ot's worth, this story is running in the popular trade press: Cisco nixes conference session on hacking IOS router code http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Cisco IOS Exploit Cover Up
Cisco's response thus far: http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html Jeff
Re: Cisco IOS Exploit Cover Up
Since the talk was actually delivered - does anyone have a transcript or a torrent for audio/video? - Dan On 7/27/05 8:10 PM, Jeff Kell [EMAIL PROTECTED] wrote: Cisco's response thus far: http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html Jeff
Re: Cisco IOS Exploit Cover Up
I have been searching the net since this morning, for “The Holy Grail: Cisco IOS Shellcode Remote Execution”, or variations of such. This seems to be - at the moment - the most thought after torrent ... Stef Network Fortius, LLC On Jul 27, 2005, at 8:13 PM, Daniel Golding wrote: Since the talk was actually delivered - does anyone have a transcript or a torrent for audio/video? - Dan On 7/27/05 8:10 PM, Jeff Kell [EMAIL PROTECTED] wrote: Cisco's response thus far: http://www.cisco.com/en/US/about/security/intelligence/ MySDN_CiscoIOS.html Jeff
RE: Cisco IOS Exploit Cover Up
..and of course: Cisco Denies Router Vulnerability Claims [snip] Of course. That's how a broken vuln system works. :-) The major flaw is that the vendor decides who gets to know about a vulnerability. This causes an insecurity in the system because $vendor is dealing with people usually more qualified than themselves to make a decision on who needs to know and make one independant of revenue-- . $vendor is probably not the best person to decide who gets on the secret-15 lists et. al. -M