Exploit Available for Cisco IOS Vulnerability 277
GNUman writes "Cisco's IOS vulnerability, posted by Slashdot and CERT, has now a published exploit available, as reported recently by CERT. While there are some some articles claiming that the Internet survived a major flaw, maybe with a publicly available exploit could script kiddies start creating havock?. jerw134 wanted to start a pool to find out when the exploit would be publicly available, here's the answer."
Great... (Score:4, Interesting)
Anyone else gone through hell today trying to get the patch from Cisco?
Grrr... >-/
Exploits et al., (Score:0, Interesting)
During these difficult economic times I've had to branch out and do some "web programming" along with my real programming contract work (mostly low level 4Q multi-threaded kernel hacking, etc.) and after doing some cursory studying and testing of various techniques I'm amazed at how badly most of the sites on the web are designed and how most of them use the wrong tool for the job.
For instance I was able to reduce the load time of a very well known and heavily traveled Fortune 500 website by moving all the graphics to black and white only, as they load on an average of Olog(n) faster than color graphics (where n is the number of pixels in the color graphic) thusly improving their UHCRF (unique hit customer retention factor) ratio by 35%!! I won't brag about the $10,000 bonus check I received from hitting that benchmark... heh. Other simple techniques like removing all interpreted languages (java, Visual Basic, c# etc.) and replacing them with low level compiled code (C, of course) has generated speed increases upwards of 25% and also increase the security of the site as a side effect.
It's a shame we don't teach IT people to spend some time to learn their trade inside and out instead of always forcing them to jump on the "flavour of the month" and use abstracted high level tools. As Leon Brooks sums it up in his famous book "The Mythical Man Month" - You'll never properly solve a programming problem by using tools that are not mature. Leon hit's the nail right on the head with that one.
Warmest regards,
--Jack
Re:Exploits et al., (Score:5, Interesting)
The Cisco situation is not due to bleeding edge issues though. They should have found this problem sooner.
Re:Great... (Score:3, Interesting)
Re:Exploits et al., (Score:2, Interesting)
Re:Exploits et al., (Score:3, Interesting)
Unless you're talking about high quality TIF's B&W vs. Color should not be making a difference in your load times.
tried it... works quite well (Score:2, Interesting)
-orbit0r
Is this a problem of feature inflation? (Score:3, Interesting)
Wanna check your routers? (Score:3, Interesting)
It's
Easy way to do it.. (Score:1, Interesting)
Assuming you're using debian.
apt-get install hping2
ping
Subtract x in ttl=x from 255
then run:
hping2 -t -H 55 -d 128 -E
enjoy...
and remember.. if you take down your ISPs gateway first you won't be able to do further damage.. start from the outside in.
Just how long has Cisco known about this? (Score:2, Interesting)
Re:The code (Score:3, Interesting)
Re:Contact your network company (Score:3, Interesting)
They may use Juniper routers, but if your contract with them includes their maintenance of CPE they provided for you, and the CPE is Cisco, you're still screwed, aren't you?