CTI Keynote, Cliff Stoll – (Still) Stalking the Wily Hacker

In the off chance you’ve never read it, the book The Cuckoo’s Egg is an incredible read.  However what is more interesting with the passage of time, and with the revelations of various 3 letter agencies is understanding why they were so slow to react, and why they were ultimately dismayed with Stolls’ work to alert others is that they too were no doubt actively exploiting the same exploits that the Russian sponsored German hackers were using.  Much in the way that some vendor holes have remained pretty much during the products entire lifespan (Cisco PIX being one…).

10 thoughts on “CTI Keynote, Cliff Stoll – (Still) Stalking the Wily Hacker

  1. Indeed. Now what is the hole in the Cisco IPX setup?

    And there’s a reason why that happened. And we all know why it changed….

    • There is BENIGNCERTAIN, which Cisco just dismisses as the PIX is obsolete, however the whole line was defective. You have to wonder how much of it is from ineffectual security practises , stuff that is inserted by malicious parties with access, bit one thing is for sure by not disclosing these holes sit open for years, and are actively exploited.

      • I see.
        But Cisco doesn’t normally make items like that. And according to the linked blog, the exploit might be owned by the NSA….. Disturbing if true, and if Kapersky Labs can be believed. (I’m giving them the doubt.)

        • They are just reporting on the leaked CIA exploit kit. Search for it and you can download it.

          The sad truth is that Cisco along with plenty of other vendors have equipment on these lists.

          This was a massive story a few months ago, how did you miss it???

          • It was? I must have been regenerating then….

            Now about that list? Oh and wave to the badly dressed man in the van in front of your place, there’s a good chap.

        • Let me just follow up with the obvious that the CIA and NSA do not work on closing holes in domestic products.if you were to check say ars Technica, you’ll find plenty of domestic products and vendors to be exploited.

          And the takeaway is that even mighty Cisco has exploits running the entire product lifespan. And if you’ve ever done work in big companies and governments you’ll always be dismayed that obsolete platforms are left on public networks to defend unpopular/older projects that receive no budget love, as our account/MBA overlords can’t seem to grasp that if one thing on the edge is exploitable, they all are.

          • I agree with that last. I rescued a family of Cisco hardware that a friend of ours confirms is still useful despite being on someone else’s obsolete list….

            One can only hope that the hardware that replaced it happens to be more up to date then the seven or eight year old gear… One was a splendid looking Cisco Terminal Server that tells it was last used by my own building…..!?!?

            Oh and I don’t read Ars Techica all the time…..

          • Terminal server like a 2511? Those things still fetch a pretty penny!

            Speaking of old stuff, you have any white box Cisco, like an AGS?

    • Yeah. It’s not good.

      I just picked up a Cisco 7200 with a NPE-G2… I was going to use it on the internet, now I’m having second thoughts….. I may aw well do a transparent firewall in front of it.

Leave a Reply