HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 64 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Hardwarearrow Black Hat: Exploits found in Cisco routers law enforcement "backdoors".
EH-Net
May 21, 2013, 09:08:39 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Black Hat: Exploits found in Cisco routers law enforcement "backdoors".  (Read 14286 times)
0 Members and 1 Guest are viewing this topic.
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« on: February 05, 2010, 03:39:30 PM »
I first found some FUD on Yahoo and decided to search for the technical write-up which I found on Dark Reading (http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=222600993).  I also found Tom Cross' white paper (http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-wp.pdf) and PDF presentation (http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-slides.pdf) from Black Hat this week.

Honestly, I do not believe that these back doors need to exist.  Let law enforcement agencies obtain data the old fashion way, through a warrant.

What say you?
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
hayabusa
Hero Member
*****
Offline Offline

Posts: 1632



View Profile
« Reply #1 on: February 05, 2010, 03:59:50 PM »
Fully agreed, and it goes to show that to have 'backdoors' available, they've now subjected their customers to further security risks and breaches.  I'd read some info on this one, the other day, but hadn't had time to dive in.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #2 on: February 05, 2010, 04:45:22 PM »
I may not be considering the big picture properly, but I would have to agree.  I am not sure why the backdoors are necessary.   Like unsupported said, a warrant will get you access to the webmail account.   To me, backdoors are always an afterthought or an oversight in any piece of software.   They are never properly considered during security implementation.
Logged
~~~~~~~~~~~~~~
Ketchup
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« Reply #3 on: February 06, 2010, 08:50:02 AM »
I forgot to include a link to my favorite scene...

http://www.youtube.com/watch?v=ahcVp8vIicI
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #4 on: February 08, 2010, 09:25:33 AM »
Perfect.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Bane
Guest
« Reply #5 on: February 13, 2010, 12:45:08 AM »
There's currently some speculation that the recent google attack originating from china abused a law enforcement backdoor. I have yet to see any solid proof, but an interesting idea none the less.
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #6 on: February 15, 2010, 03:13:38 PM »
Or how about this article by Roger Grimes "Chinese government is innocent of cyber-attacks until proven guilty":

http://www.infoworld.com/d/security-central/chinese-government-innocent-cyber-attacks-until-proven-guilty-994

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« Reply #7 on: February 15, 2010, 08:44:42 PM »
I'd hate to place all the blame on China, I mean, come on.  How hard is it to setup a netcat relay through China?  But no.. seriously, I blame them.  What if these "backdoors" are not for LEO, but put in place because they are knock-off Chinese routers.
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.061 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.