Network World "hype machine" presses on

At Blackhat 2009, Felix Lindner (F/X) delivered a quality presentation on "Router Exploitation".  This is a continuation of a theme with F/X as he has long focused on IOS vulnerabilities with the Internet Routing Protocol Attack Suite (IRPAS) being one such example.

Network World treats this information as if there has been new ground broken in the area of IOS exploitation which is not accurate.  However, stating that these "attacks" are nothing new and that they require a high level of sophistication to accomplish, does not advance Network World's action line of the sky is falling and that IOS is unsafe to use.

h/t Ivan Pepelnjak:  Cisco IOS hints and tricks: Blackhat 2009 Router Exploitation presentation

Network World "hype machine" presses on

At Blackhat 2009, Felix Lindner (FX) delivered a quality presentation on "Router Exploitation".  This is a continuation of a theme with FX as he has long focused on IOS vulnerabilities with the Internet Routing Protocol Attack Suite (IRPAS) being one such example.

Network World treats this information as if there has been new ground broken in the area of IOS exploitation which is not accurate.  However, stating that these "attacks" are nothing new and that they require a high level of sophistication to accomplish, does not advance Network World's action line of the sky is falling and that IOS is unsafe to use.

h/t Ivan Pepelnjak:  Cisco IOS hints and tricks: Blackhat 2009 Router Exploitation presentation

New SSL attacks

Moxie Marlinspike releases new version of sslsniff.  This tool incorporates the capability for null-prefix attacks which allows for silent MITM attack on SSL.  As researchers continue to uncover flaws in the inner works of SSL, it may be time to rethink or even reconsider using it for applications like enterprise remote access VPN.