IOS Rookit: the sky isn't falling (yet)

• Previous message (by thread): IOS Rookit: running hacked binaries certainly places you at risk!
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This seems like such a non-event because what is the exploit 
> path to load the image? There needs to be a primary exploit 
> to load the malware image.

Hmmm. Get a job servicing/installing data centre HVAC systems,
wait until you get called out to a mostly empty data center,
lift some floor tiles or change a flash with tongs through a
wire cage, or whatever. Maybe make some "fog" in the room to
block the security cameras while you do your work. Maybe bribe 
the security guard to look the other way, or just bribe the 
NOC employees.

There are hundreds of ways for a primary exploit to happen.
The Internet data center may not be the primary target of the
people who try these things, i.e. Cisco's main customer base
is the enterprise, not the ISP. 

The fact is that there are more and more reasons why someone
would go to all the trouble of exploiting one or two routers
in this way. Do you have the processes and systems to demonstrate
that it has not happened already?

--Michael Dillon

• Previous message (by thread): IOS Rookit: running hacked binaries certainly places you at risk!
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]