Cisco Blogs


Cisco Blog > Cisco Interaction Network

Protecting the Internet Edge

June 5, 2009 at 12:00 pm PST

Jimmy Ray hosted one of his ‘white hat hacking master classes’ as one viewer termed it. Massive response yesterday to a great webex based security chat complete with video and application sharing. Record numbers registered and showed up. Here are some notes and helpful links that were asked for. The full replay of the event is available here: (COMING SOON)imageNotes and helpful links: Read More »

Passionate about Security

June 2, 2009 at 12:00 pm PST

imageWe are having another ‘Technology Workshop’ this Thursday and the title is ‘Protecting the Internet Edge’ featuring our own Jimmy Ray Purser. As I was chatting with JR about this one, I am firmly convinced you DO NOT want to miss this. Assuming of course the subject of security is of interest. JR loves to share his passion for white hat hacking and teaching the ‘offensive’ maneuvers you should be making with your own networking resources. We have spoken numerous times about the defenders dilemma and a pure defensive approach is always going to fail to some degree at some point. If you are even remotely technical you will get something of value here. These workshop sessions are done via WebEx so that we can be interactive and a bit more casual.. The end result is a head full of knowledge, new ideas, new tools, etc. Hope you can make it. I will be there. Robb

Security Questions

May 24, 2009 at 12:00 pm PST

What a fantastic show last week -- “Crime Still Pays” featuring Patrick Peterson and Kevin Kennedy taped LIVE from the RSA 2009 show. (You can catch the recording right now with no waiting). We had questions and some consistency with ‘requests for clarification’ that I promised we would follow up on in the blog here. Several people inquired about a tool that Jimmy Ray referred to in rather loving fashion…it was ‘Maltego’ -- an open source forensics application that can assist in drawing out hard to define relationships. * * * * * *Another common question we received was around MD6. What is it? In a nutshell…its new cryptography that although it had not had time to make it into any real products yet…it was already being used in Conficker B. This fact, plus the speed in which it was updated is fascinating. Here is a great explanation straight from the SRI International Analysis under the ‘implications of Variant C:In evaluating this mechanism, we find that the Conficker authors have devised a sophisticated encryption protocol that is generally robust to direct attack. All three crypto-systems employed by Conficker’s authors (RC4, RSA, and MD-6) also have one underlying commonality. They were all produced by Dr. Ron Rivest of MIT. Furthermore, the use of MD-6 is a particularly unusual algorithm selection, as it represents the latest encryption hash algorithm produced to date. The discovery of MD-6 in Conficker B is indeed highly unusual given Conficker’s own development time line. We date the creation of Conficker A to have occurred in October 2008, roughly the same time frame that MD-6 had been publicly released by Dr. Rivest (see http://groups.csail.mit.edu/cis/md6). While A employed SHA-1, we can now confirm that MD-6 had been integrated into Conficker B by late December 2008 (i.e., the authors chose to incorporate a hash algorithm that had literally been made publicly available only a few weeks earlier).Unfortunately for the Conficker authors, by mid-January, Dr. Rivest’s group submitted a revised version of the MD-6 algorithm, as a buffer overflow had been discovered in its implementation. This revision was inserted quietly, followed later by a more visible public announcement of the buffer overflow on 19 February 2009, with the release of the Fortify report (http://blog.fortify.com/repo/Fortify-SHA-3-Report.pdf). We confirmed that this buffer overflow was present in the Conficker B implementations. However, we also confirmed that this buffer overflow was not exploitable as a means to take control of Conficker hosts. Nevertheless, the Conficker developers were obviously aware of these developments, as they have now repaired their MD-6 implementation in Conficker C, using the identical fix made by Dr. Rivest’s group. Clearly the authors are aware of, and adept at understanding and incorporating, the latest cryptographic advances, and are actively monitoring the latest developments in this community.* * * * * * iACL’s or ‘Infrastructure ACL’s’ were also a hot topic in this show. Read More »

Network Testing Reaches Breaking Point

May 15, 2009 at 12:00 pm PST

Jimmy Ray caught up with Phil Trainor from BreakingPoint while at the RSA Conference…and then I happended to sit next to Kyle Flaherty, their Marketing Director on the plane ride home…(they are based in Austin, TX). Chance? I think not -- shrewed marketers who realize that we have easy access to at lest 12 to 15 geeks…. Are you familiar with them? Jimmy Ray loves them and as you will see gives them high marks for their blog. http://www.breakingpointsystems.com.Good technology. Great Guys. Texans. What more do you need?

Episode 45 – Crime Still Pays – Show Notes

May 14, 2009 at 12:00 pm PST

image

 This show airs on Thursday, May 21 @ 10 AM PST.Register Now!Check out the preview:

SHOWNOTES!

 One of the first things you may notice about this show is that we did it 100% at the RSA conference…that is new for us and I was initially concerned about our ability to deliver the detail we would normally. It was certainly different, I could not always hear, Jimmy Ray and I juggle a bit physically with guests on the stage -- but I really liked that JR could work with the plasma and physically walk us through what he was speaking to.  It really makes me want to push harder on how we can improve our whiteboarding technology on the show.  I think Valerie St. John did an outstanding job with her usual ‘classing up.’

Don’t miss Jimmy Ray’s Hands on Security Workshop Schedule for June 4

So what all did we/will we cover? Read More »