lawful intercept/IOS at BlackHat DC, bypassing and recommendations
andrew.wallace
andrew.wallace at rocketmail.com
Thu Feb 4 23:58:44 UTC 2010
On Thu, Feb 4, 2010 at 11:25 PM, <a.harrowell at gmail.com> wrote:
> -original message-
> Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
> From: "andrew.wallace" <andrew.wallace at rocketmail.com>
> Date: 04/02/2010 11:09 pm
>
> On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge at linuxbox.org> wrote:
>> "That peer-review is the basic purpose of my Blackhat talk and the
>> associated paper. I plan to review Cisco’s architecture for lawful intercept
>> and explain the approach a bad guy would take to getting access without
>> authorization. I’ll identify several aspects of the design and
>> implementation of the Lawful Intercept (LI) and Simple Network Management
>> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
>> to the interface, and provide recommendations for mitigating those
>> vulnerabilities in design, implementation, and deployment."
>>
>> More here:
>> http://blogs.iss.net/archive/blackhatlitalk.html
>>
>> Gadi.
>
> For the sake of clarity and transparency,
>
> Gadi Evron has absolutely no connection to this research whatsoever.
>
> He is famous in the security community for piggybacking off other peoples research.
>
> We are frustrated with him as much as we are annoyed.
>
> Andrew
>
> Security consultant
>
> CITATION NEEDED
>
You can goto Full-disclosure mailing list
http://www.grok.org.uk/full-disclosure/ and ask about "Gadi Evron".
There will be plenty folks there who will tell you he is involved in
plagiarism.
Andrew
Security consultant
More information about the NANOG
mailing list