Su SecurityFocus è stata pubblicata un’intervista realizzata da Federico Biancuzzi a FX, membro della crew di hacker Phenoelit.
FX è stato il primo a scoprire un exploit per IOS, il sistema operativo embedded che equipaggia i router Cisco, molto prima che la notizia dello shell code di Mike Lynn generasse un putiferio da parte di Cisco all’ultima Black Hat conference.
Ecco un estratto del botta e risposta fra Biancuzzi e FX a proposito del bug trovato da Mike Lynn:
D.// What is your opinion on Lynn’s work with exploiting IOS? Is it something really new and hot?
R.// I didn’t see his talk personally (see above). For this particular bug, he apparently found an elegant way to not guess as many pointers as I did before when doing heap exploits on IOS. He also managed to get a VTY (non-Cisco people call it [a] shell), which is pretty cool. I would say it’s an evolutionary step based on previous work, which it always is, even if people claim they invented something completely new. I have been waiting years for people to pick up the IOS hacking where others and myself left it, and I’m happy it finally happened.
Post correlati:
Se ti è piaciuto questo articolo condividilo!
