North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IOS worm clarification
Andre; Thanks for your review and language skills in this area, the article translated was even a mess on babelfish and left more questions than answers -Henry --- "J. Oquendo" <[email protected]> wrote: > > > ///////////////////////////////// > From: Andrei Mikhailovsky <[email protected]> > Reply-To: [email protected] > To: [email protected] > Subject: Re: [Full-disclosure] Cisco IOS hacked? > > Hello, > > Being a co-author of the "Hacking Exposed Cisco > Networks" book and one > of the co-founders of Arhont Ltd an Information > Security Company that is > doing the research for the book on Cisco Devices I > have to make the > following comments about the article in > SecurityLab.ru: > > The russian article > (http://www.securitylab.ru/news/240415.php) has been > badly paraphrased from the livejournal of one of the > authors/researchers > of the book. As a result of this outrageously > inaccurate paraphrasing of > the article many confusions and misunderstandings > have been circling on > the security related sources and mailing lists. > > > Some of the issues addressed in the article are true > and Arhont is > currently preparing a formal advisory that will be > sent to PSIRT. > > > Among the discovered issues are multiple > vulnerabilities in EIGRP > implementation. Also, authors have addressed the > _theoretical_ aspects > of an algorithm for cross-platform worm that could > spread in IOS based > devices. The existence of the practical > implementation of such warm is a > complete lie. Let me assure that there has been no > development nor the > desire to develop such code by the authors of the > book. The theoretical > methodology and algorithms will be also discussed > with PSIRT at the > appropriate time. > > > In addition, there has been some minor > inconsistencies of the > livejournal postings that will be soon addressed and > edited. > > If you have any comments on this topic we would be > glad to address them. > > -- > Andrei Mikhailovsky > Arhont Ltd - Information Security > ///////////////////////////////// > > > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > J. Oquendo > GPG Key ID 0x97B43D89 > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 > > "Just one more time for the sake of sanity tell me > why > explain the gravity that drove you to this..." > Assemblage >
|