IOS Rookit: the sky isn't falling (yet)

• Previous message (by thread): IOS Rookit: the sky isn't falling (yet)
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 27 May 2008, Valdis.Kletnieks at vt.edu wrote:
> On Tue, 27 May 2008 11:24:19 MDT, Chris Grundemann said:
>> Like MD5 File Validation? - "MD5 values are now made available on
>> Cisco.com for all Cisco IOS software images for comparison against
>> local system image values."
> That does wonders for catching a corruption in the FTP that wasn't caught
> by the relatively weak TCP checksumming.
> But if the attacker has the wherewithal to cause a modified file to be
> downloaded (either by replacing it on the real server, or getting you to
> visit a fake server), they can also present you with a webpage that has an
> MD5 hash that matches the modified file.
> Now, if they provided a PGP signature of the file, done with a key that I
> have reason to trust, *that* raises the bar significantly...

What you want is cisco hardware that verifies firmware signatures in 
hardware.

-Dan

• Previous message (by thread): IOS Rookit: the sky isn't falling (yet)
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]