This Russian website writes about hacking the Cisco IOS (the Internet Operating System—what their routers run on)..

In case you don’t speak Russian, we have translated the text (some potentially offensive text was removed):

On September 9th Andrey Vladimirov, security specialist, known as the co-author of “Wi-Foo: The Secrets Of Wireless Hacking” book, revealed information regarding the end of “brain storm” which targeted Cisco software vulnerabilities in his LiveJournal blog, where he goes by nick name “dr_nicodimus”.

Researches developed methods of injecting code in Cisco IOS and figured out how Exploits and Shellcode could be written for that platform. They created mechanisms that allowed implementing cross-platform worms for IOS. They detected a big number of vulnerabilities in EIGRP routing protocol. To demonstrate this they attacked one Cisco box from the other and as a result they were able to run IRC server on hijacked machine.

Therefore, we can certainly say that they succeeded in cracking Cisco router software and this demonstrates once again that overestimating the idea of “security through obscurity” leads to very dangerous consequences.

Hopefully, Cisco will take in account the lessons learned by Microsoft and will soon release their own “Cisco IOS SP2”.

I admittedly don’t have much sympathy for Cisco these days after watching their treatment of Michael Lynn and their frantic and bungling efforts to kill the information (one of the most mindboggling things I’ve seen was this video of Cisco employees tearing up his presentation at the BlackHat conference).

 

Alex Eckelberry
(Thanks to Olexiy for the translation)