Black Hat: Cisco caught in crossfire
The first day wasn't even finished at the Black Hat Conference and network device maker Cisco was already left out in the rain: Hendrik Scholz from Freenet Cityline used his lecture on "SIP Stack Fingerprinting and Stack Difference Attacks" to point out a previously unpublished security hole in the manufacturer's software. It is likely that Scholz and Cisco have agreed to confidentiality on the details while Cisco looks into the situation. The flaw is supposedly located in Cisco's Voice over IP applications that support the Session Initiation Protocol (SIP).
Also drawing fire was Cisco's Network Access Control framework (NAC) for protecting networks. In his lecture on "Bypassing Network Access Control", Ofir Arkin from Insightix explained how easily NAC can be circumvented. Along the way, he excoriated the specific solutions offered by Microsoft and Symantec, among others. Several of the solutions only function if the clients draw their IP addresses via DHCP, for example. As soon as a computer had a static address, the NAC could no longer impose security guidelines on it. Parts of the corporate network could hence remain completely invisible to NAC. On top of that, the currently available products contain too many vulnerabilities to prevent a hacker from gaining access to an NAC protected network. A spoofing of MAC and IP addresses is sufficient at the moment. Cisco responded from the fringe of the conference only to say that NAC probably still has a long road ahead of it before it can offer comprehensive protection.
Unlike in past years, Cisco is taking the criticism much more in its stride. A year ago, a lecture by Michael Lynn on exploits for Cisco systems led to uproar at the Black Hat convention – this ended in Lynn and the conference's organisers being served with temporary injunctions. This year, Cisco is serving as a conference sponsor. This is part of the network giant's attempts to put a positive spin on a shady game, even hosting a party for the event's participants at Pure, the Caesars Palace nightclub. Michael Lynn was also sighted at the party.
Alongside Cisco, Microsoft is also sponsoring the Black Hat conference, raising questions about the future course of this event. What was once a cosy circle of participants engaged in an intensive exchange of information has now swollen to 3,000 conference attendees. Many observers have long mocked the fact that the conference has mutated into a job fair, with representatives of manufacturers, service providers and even the FBI and NSA pressing the flesh. The trolling for security specialists generally leads to a situation where they only provide information about holes they've located to their employers. The rest of the public misses out on important information of the kind published in mailing lists like Full Disclosure, among others.
- Black Hat: MacBook hacked via WLAN, report from heise Security
- Black Hat Conference: Much of Microsoft and a blue pill, report from heise Security