HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 25 guests and 1 member online
EH-Net Donations

Enter Amount:
$
EH-Net News Feeds
Latest Additions
Google Ads
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Hardwarearrow Black Hat: Exploits found in Cisco routers law enforcement "backdoors".
EH-Net
March 13, 2010, 05:05:41 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Black Hat: Exploits found in Cisco routers law enforcement "backdoors".  (Read 4860 times)
0 Members and 1 Guest are viewing this topic.
unsupported
Sr. Member
****
Offline Offline

Posts: 294


Unofficial Newbie Moderator


View Profile
« on: February 05, 2010, 03:39:30 PM »
I first found some FUD on Yahoo and decided to search for the technical write-up which I found on Dark Reading (http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=222600993).  I also found Tom Cross' white paper (http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-wp.pdf) and PDF presentation (http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-slides.pdf) from Black Hat this week.

Honestly, I do not believe that these back doors need to exist.  Let law enforcement agencies obtain data the old fashion way, through a warrant.

What say you?
Logged
-Un
CISSP, GCIH, C|EH, Sec+, Net+, MCP
hayabusa
Sr. Member
****
Offline Offline

Posts: 289



View Profile
« Reply #1 on: February 05, 2010, 03:59:50 PM »
Fully agreed, and it goes to show that to have 'backdoors' available, they've now subjected their customers to further security risks and breaches.  I'd read some info on this one, the other day, but hadn't had time to dive in.
Logged
~~ hayabusa ~~ 

"If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself but not the enemy, for every victory gained you will also suffer a defeat." - Sun Tzu, 'The Art of War'
Ketchup
Hero Member
*****
Offline Offline

Posts: 696



View Profile
« Reply #2 on: February 05, 2010, 04:45:22 PM »
I may not be considering the big picture properly, but I would have to agree.  I am not sure why the backdoors are necessary.   Like unsupported said, a warrant will get you access to the webmail account.   To me, backdoors are always an afterthought or an oversight in any piece of software.   They are never properly considered during security implementation.
Logged
~~~~~~~~~~~~~~
Ketchup
unsupported
Sr. Member
****
Offline Offline

Posts: 294


Unofficial Newbie Moderator


View Profile
« Reply #3 on: February 06, 2010, 08:50:02 AM »
I forgot to include a link to my favorite scene...

http://www.youtube.com/watch?v=ahcVp8vIicI
Logged
-Un
CISSP, GCIH, C|EH, Sec+, Net+, MCP
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3112


Editor-In-Chief


View Profile WWW
« Reply #4 on: February 08, 2010, 09:25:33 AM »
Perfect.

Don
Logged
CISSP, MCSE, CEH, Security+ SME
Bane
Jr. Member
**
Offline Offline

Posts: 50


View Profile
« Reply #5 on: February 13, 2010, 12:45:08 AM »
There's currently some speculation that the recent google attack originating from china abused a law enforcement backdoor. I have yet to see any solid proof, but an interesting idea none the less.
Logged
MSIA, CISSP, GPEN, GCIH, GCFW, GSEC, RHCT... And more alphabet soup..
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3112


Editor-In-Chief


View Profile WWW
« Reply #6 on: February 15, 2010, 03:13:38 PM »
Or how about this article by Roger Grimes "Chinese government is innocent of cyber-attacks until proven guilty":

http://www.infoworld.com/d/security-central/chinese-government-innocent-cyber-attacks-until-proven-guilty-994

Don
Logged
CISSP, MCSE, CEH, Security+ SME
unsupported
Sr. Member
****
Offline Offline

Posts: 294


Unofficial Newbie Moderator


View Profile
« Reply #7 on: February 15, 2010, 08:44:42 PM »
I'd hate to place all the blame on China, I mean, come on.  How hard is it to setup a netcat relay through China?  But no.. seriously, I blame them.  What if these "backdoors" are not for LEO, but put in place because they are knock-off Chinese routers.
Logged
-Un
CISSP, GCIH, C|EH, Sec+, Net+, MCP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.057 seconds with 24 queries.
 
Polls
Best Career Move in 2010:
 
Support EH-Net

eh-net_amazonstore.jpg
Help Support EH-Net with Our Amazon Store

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2010 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.