Dear David Chastain,
DC Has anyone heard of Proof-of-Concept material
DC out of DEFCON on the CISCO fiasco?
No, as far as I know they didn't go far, maybe the blackwhite ball
somehow distracted them, or maybe it simply was the fact that not much
poeple understand cisco ios the way lynn does? who
Kohl's owns the Internet?
Kohl's reserves the right to read my email I send my mom just because
it's on the Internet?
You bet! .. as it pertains to anything past their demarc at their
properties, they're entirely free to log and review every packet that
comes/goes.
That means they can
Has anyone heard of Proof-of-Concept material out of DEFCON on the CISCO fiasco?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
hi to all
can someone send me the famous Cisco IOS Shellcode Presentation ??
please..
my mail is [EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
you didn't search a lot , do you know of google ? because I'm not
sure fd is owning the searching market :
http://www.google.com/search?hl=enlr=q=lynn+cisco+pdf
At 14:55 01/08/05, [EMAIL PROTECTED] wrote:
hi to all
can someone send me the
anyone got the new cindy_nip_slip.rar with that blurry nip slip?
OMFG d00d itz 2lm0st lik3 sh3 1z da [EMAIL PROTECTED]
anyone getting a K:D ratio of 75%?? Damn my new razer mouse is
p0wning with an awp...
Anyone got links to the l33t chinese h4x0rz websites?
D to da motha fuckin r to da 3
CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves
the
right to retrieve and read any message created, sent and received.
Kohl's owns the Internet?
Kohl's reserves the right to read my email I send my mom just because
it's on the Internet?
maybe you
Technica Forensis wrote:
CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the
right to retrieve and read any message created, sent and received.
Kohl's owns the Internet?
Kohl's reserves the right to read my email I send my mom just because
it's on the
you can find it here
http://www.cryptome.org/
On 8/1/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
hi to all
can someone send me the famous Cisco IOS Shellcode Presentation ??
please..
my mail is [EMAIL PROTECTED]
___
can someone send me the famous Cisco IOS Shellcode Presentation ??
please..
my mail is [EMAIL PROTECTED]
WTF? Just what kind of lazy, stupid, IGNORANT motherfucker are you? Go
spend 15 seconds of YOUR OWN FUCKING TIME, and FETCH IT YOURSELF.
--
Yours,
J.A. Terranson
[EMAIL
On Mon, 01 Aug 2005 13:37:34 -1000, Jason Coombs said:
Technica Forensis wrote:
CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves
the
right to retrieve and read any message created, sent and received.
The crucial word ---^^^
Kohl's reserves
persuasion by possible threat of action/retaliation is still
persuasion. You aren't forced to do it. Children world-wide are
taught right from wrong under this edict.
Given Lynn's statements to the press regarding his reasons to
cooperate, who's to say the level of coercion applied or required?
On Fri, 29 Jul 2005, Frank Knobbe wrote:
That means that the once thought-to-be-invulnerable boxes running IOS
are in fact as vulnerable as a Windows boxes. Once you get process
control, you can do whatever you like.
Hmm...the fact Cisco uses general purpose CPUs (e.g. PowerPC 4xx) in their
It was Lynn's choice based on his statement to the press - and it was
still his choice no matter what the coercion might have been.
Larry had no right to take take that choice away, and I doubt anyone
here has the right nor the first-hand knowledge in order to pass
judgement on the reasons for
On Sat, Jul 30, 2005 at 12:53:49PM -0400, Micheal Espinola Jr wrote:
It was Lynn's choice based on his statement to the press - and it was
still his choice no matter what the coercion might have been.
This is a strange conflation of choice and coercion; most thoughtful
people consider some
On Sat, Jul 30, 2005 at 05:16:15PM -0400, Micheal Espinola Jr wrote:
Coercion is simply influence. You can be coerced into a choice, but
its still your choice - regardless if people like it or not.
This obliterates any distinction between coercion and persuasion,
so why bother to have separate
Larry Blumenthal wrote:
Information wants to be free.
Time to free it!
So next you'll be posting your full name, address, SSN, MMN, CC #, bank
account details, etc??
H -- thought not...
Regards,
Nick FitzGerald
___
Full-Disclosure - We
That was a real dickhead thing to do. The guy that wrote that made an
agreement with Cisco of his own free will. Who do you think you are
to go against an agreement he made, with his own information?
I sincerely hope it bites you in the arse.
On 7/29/05, Larry Blumenthal [EMAIL PROTECTED]
Trying to Stifle information is a real dickhead thing to do also...
I'm just waiting for someone to toss the DMCA into all of this. =]
-KF
Micheal Espinola Jr wrote:
That was a real dickhead thing to do. The guy that wrote that made an
agreement with Cisco of his own free will. Who do you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 19:40 29/07/05, KF (lists) wrote:
Trying to Stifle information is a real dickhead thing to do also...
Totally right :)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2rc2 (MingW32)
Trying to Stifle information is a real dickhead thing to do also...
Well said.
Now all of us that have Ciscoworks (and it's version management which
will keep old IOS images lying around) can go about reproducing Lynn's work.
Godspeed to all of you lucky enough to live in a country where
It was done of his own free will. Have you heard/read his public
statement about it?
I think I did the right thing. It was pretty scary, but the real
important thing was there was the potential of serious problem, Lynn
said. I did not think the nation's interest was served by waiting
another
There was no added benefit to the public by posting that slideshow.
Especially considering that the latest versions of the IOS are not
vulnerable.
Then what's the harm in it?
As a general rule, anything the government (or industry) doesn't want us
to see, is something we should *definitely*
On Fri, 2005-07-29 at 13:52 -0400, Micheal Espinola Jr wrote:
Especially considering that the latest versions of the IOS are not
vulnerable.
Read the advisory a bit closer. Here the relevant lines:
Products that are not running Cisco IOS are not affected.
Products running any version of Cisco
Michael Holstein wrote:
Secrecy and censorship are contrary to the ideals of a democratic society.
Mike,
You don't live in a democratic society. You have representatives and
laws to make decisions and impose rules of order on others on your
behalf. Like it or not, if the rules you allow to
On Fri, 29 Jul 2005, Jason Coombs wrote:
Likewise, anyone with information that would show that Cisco is
knowingly faking it by exaggerating their appearance as a victim can
be instrumental in having Cisco prosecuted for abuse of process, or at
the very least any possible criminal charges
Frank Knobbe wrote:
What he has done is not say Here's a bug that I can exploit. He has
said This IOS is capable of exploitation beyond current belief. And it
will be for the foreseeable future.
Precisely. And Lynn pointed out that Cisco routers use general purpose
CPUs -- therefore Cisco's
This is getting good
---runs to get popcorn
BRING ON THE DRAMA!
Original Message
Subject: Re: [Full-disclosure] Cisco IOS Shellcode Presentation
From: J.A. Terranson [EMAIL PROTECTED]
Date: Fri, July 29, 2005 2:26 pm
To: Jason Coombs [EMAIL PROTECTED]
Cc: full-disclosure
J.A. Terranson wrote:
Do I hear a faint echo of Adobe???
No, Lynn reportedly quit his job, so he is not going to have the my
company did it, so you can't prosecute me defense...
If we assume Lynn knew about this defense given that he is quoted as
referencing the Adobe case in his
Cisco is responsible for this entire mess. Had they engineered a secure
product around a CPU that was not general purpose, none of this would be
happening now.
Okay .. so we write 'special purpose' shellcode then. Cisco could have
designed the CPU as a ASIC, at the expense of being able to
So mutch fussits all so new ..
http://www.phrack.org/phrack/56/p56-0x0a
-elz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Steve Friedl wrote:
So you're suggesting that Cisco should have adopted security by
obscurity for its hardware design?
How about adopting an architecture that incorporates special-purpose
security safeguards into the CPU? Routers and switches don't need to
execute arbitrary code, Cisco knows
How about adopting an architecture that incorporates special-purpose
security safeguards into the CPU? Routers and switches don't need to
execute arbitrary code, Cisco knows ahead of time, before they deploy a
product, what code that product should be allowed to execute.
But how many times
On Fri, 29 Jul 2005, Eric Lauzon wrote:
:
:So mutch fussits all so new ..
:
:
:http://www.phrack.org/phrack/56/p56-0x0a
:
:
:-elz
I don't get your point; it obviously seems you're trying to be sarcastic.
I think, if you realize what you're talking about, the point of the talk
was the idea
On Fri, 29 Jul 2005 08:29:35 -1000, Jason Coombs said:
Precisely. And Lynn pointed out that Cisco routers use general purpose
CPUs -- therefore Cisco's own engineers chose purposefully to build a
vulnerable device.
All von Neumann architecture processors are equally vulnerable in theory.
How about adopting an architecture that incorporates special-purpose
security safeguards into the CPU? Routers and switches don't need to
execute arbitrary code, Cisco knows ahead of time, before they deploy a
product, what code that product should be allowed to execute.
Do you think
Read the advisory a bit closer. Here the relevant lines:
Products that are not running Cisco IOS are not affected.
Products running any version of Cisco IOS that do not have IPv6
configured interfaces are not vulnerable.
Yes, IOS versions that have the fix, or that don't even run IPv6 are not
:Intel screwed up their design of hyperthreading with caches, and as a
:result, local users can steal data from one another.
Intel did? How's that? This cache issue has been a problem before at
different levels. You're stating that it's the CPU's job to determine
scheduling of what
-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Cisco IOS Shellcode Presentation
Read the advisory a bit closer. Here the relevant lines:
Products that are not running Cisco IOS are not affected.
Products running any version of Cisco IOS that do not have IPv6
configured interfaces
On Fri, Jul 29, 2005 at 05:10:12PM -0400, [EMAIL PROTECTED] wrote:
On Fri, 29 Jul 2005 15:33:19 CDT, Randall Perry said:
Even for producing less than 500 units there are vendors ready to jump at
the
chance to replace FPGA setups (because we are talking about complex 2k+
gate count).
On Fri, 29 Jul 2005, KF (lists) wrote:
Trying to Stifle information is a real dickhead thing to do also...
I'm just waiting for someone to toss the DMCA into all of this. =]
CERT and DHS are bigger cards in the game then DMCA.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because
On Fri, 29 Jul 2005, Jason Coombs wrote:
Madison, Marc wrote:
Am I missing something here, because it seems that two vulnerabilities
are being discussed, one is the IPv6 DOS
http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml. And
the other is Lynn presentation on
On Fri, Jul 29, 2005 at 08:07:20AM -0700, Larry Blumenthal said something to
the effect of:
Information wants to be free.
Time to free it!
Okay!! you first!
Settle down, Cowboy. Speak for yourself. ;)
Fuck Cisco!
Repeat previous comment. :D
yPIImv,
--ra
You shall be corrected.
On Fri, 29 Jul 2005, J. Oquendo wrote:
:
:
:Correct me if I'm wrong, obviously I wasn't at the presentation, but
:Lynns' assertion of an attack (uploading and running things via the
:router) is no different from a POC tool released a few years back called
:Ultima Ratio
On Fri, 29 Jul 2005 23:17:48 +0200, Jochen Kaiser said:
maybe I am wrong, but with high end switchrouter I thought that routing
protocols are handled by IOS by the cpu - after calculated, the topology
is programmed in e.g. TCAM memory.
That's the *point* - the CPU is what's vulnerable here.
On Fri, 29 Jul 2005 [EMAIL PROTECTED] wrote:
On Fri, 29 Jul 2005 16:38:26 CDT, Ron DuFresne said:
being that we'll all be retired and all this equipment replaced by the
time IPv6 becomes standard the threat is not as great then as it was first
made out to be then, correct?
Part of the
Correct me if I'm wrong, obviously I wasn't at the presentation, but
Lynns' assertion of an attack (uploading and running things via the
router) is no different from a POC tool released a few years back called
Ultima Ratio http://www.phenoelit.de/ultimaratio/UltimaRatioVegas.c
probably just
On Fri, 2005-07-29 at 18:57 -0500, J.A. Terranson wrote:
They fucked up. They'll have to fix it then. But thats not the same
as
the gross negligence they're being accused of.
I'm not sure that can fix that. Unless they add canaries to the stack
and include other OpenBSD style W^X type checks.
On Fri, 29 Jul 2005 18:57:15 CDT, J.A. Terranson said:
This has nothing to do with the choice of a general purpose CPU, it is a
result of a specific architecture within the CPU chosen. There is a real
difference here.
Actually, although I've flamed Jason quite a bit, he *is* right in that
On Fri, 29 Jul 2005, Frank Knobbe wrote:
On Fri, 2005-07-29 at 18:57 -0500, J.A. Terranson wrote:
They fucked up. They'll have to fix it then. But thats not the same
as
the gross negligence they're being accused of.
I'm not sure that can fix that. Unless they add canaries to the stack
On Fri, 29 Jul 2005 [EMAIL PROTECTED] wrote:
or go with some exotic
architecture like Intel's iAXP432(*) or the IBM S/38, which are both tagged
architectures, but hardly qualify as general purpose.
S/38 (aka IBM's Future Program) was both a great idea, and every bit a
general purpose
J.A. Terranson wrote:
Also, that Cisco must fix was not the point of my argument. I was trying
to point out that Jason's basic premise that this was a grossly negligent
act by Cisco is pure fiction.
Not at all -- you're simply constraining the discussion to all known
CPUs and I'm referring
[EMAIL PROTECTED] wrote:
On Fri, 29 Jul 2005 15:02:51 -1000, Jason Coombs said:
redesign, fundamentally, the turing machine so that before each
operation is performed a verification step is employed to ensure that
Ahem. No. You *can't* ensure it (although you *can* do things like bounds
On Fri, 29 Jul 2005 16:28:31 -1000, Jason Coombs said:
We're not talking about proving/disproving the result of computation
here, we're talking about a simple logical step inserted prior to
transmission of operating instructions and data to a turing machine.
It does not invoke the Turing
54 matches
Mail list logo
