|
|
|
Cisco warns of new hacking tool kit
The Cisco Global Exploiter uses exploits for nine software
vulnerabilities
News Story by Paul Roberts
MARCH 29, 2004 (IDG NEWS SERVICE) - Cisco Systems Inc. has
warned customers about the public release of computer code that
exploits multiple security vulnerabilities in Cisco products.
Using exploits for nine software vulnerabilities, the program
could allow malicious hackers to compromise Cisco's popular
Catalyst switches or a wide variety of machines running versions
of the company's Internetwork Operating System (IOS), the
networking equipment vendor said Saturday.
Called the Cisco Global Exploiter, the program appears to give
users a menu of choices, depending on the system they are trying
to crack. It offers, for example, the "Cisco 677/678 Telnet
Buffer Overflow Vulnerability" or the "Cisco Catalyst
3500 XL Remote Arbitrary Command Vulnerability," according to
the Web site, www.k-otik.com. Computer code for a program matching
the description in the Cisco security notice was posted on the
French-language computer security exploit site yesterday.
While many of the exploits can be used only to shut down affected
Cisco devices in denial-of-service attacks, at least one enables
remote attackers to run malicious code on the affected system
without needing a username or password, according to the Cisco
security notice.
An Italian security research group calling itself BlackAngels took
responsibility for the new tool but disavowed any responsibility
for "incorrect or illegal use of this software or for
eventual damages to others['] systems," according to the post
on K-Otik.com and a statement on the group's Web page,
www.blackangels.it.
The group describes itself as a "group of Italian teenager
boys, expert in the network security field and programming,"
according to the BlackAngels Web site.
Members of the group didn't respond to requests for comment.
Cisco advised customers to patch software vulnerabilities
exploited by the program to protect against malicious hackers
using the new tool.
|
|
Security Products:
HIPAA
Step by Step Training
April
20th and 22nd in Hoffman Estates and Naperville
PestPatrol
is a powerful security and personal privacy tool that
detects and eliminates destructive pests like trojans, spyware,
adware and hacker tools. It complements your anti-virus and
firewall software, extending your protection against
non-viral malicious software that can evade your existing
security and invade your personal privacy. These pests often
lurk silently on your computer until something – or
someone – sets them off. When that happens, you could lose
passwords, personal data, credit card numbers, and - if you
telecommute and connect to your office via a VPN - open up a
back door for the hacker into your entire company network. Click
here for Pest Patrol
Intrusion
Detection Systems
Vulnerability
Scanners
Firewalls
 | Netscreen |
| Checkpoint |
Management
Virus
Control
| Mail Marshall |
Services
| Security audit |
| Perimeter Vulnerability Scan |
| Router/ switch optimization for
security |
| Firewall checking and configuration |
| VPN Design and Implementation |
| Network design |
| network based application analysis |
| Network Baselining |
| Security baselining |
|
|
This mailing has been performed by Aavex Technology
Corporation
42w588 Still Meadows Lane, Elburn IL 60119 USA, 630-365-0025 in compliance
with the "CAN-SPAM Act of 2003", approved and signed by
the president of The United States of America on Dec. 16, 2003. For this
reason, this email cannot be considered SPAM This newsletter contains
commercial advertisement.
|
|
