[122062] in North American Network Operators' Group
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
daemon@ATHENA.MIT.EDU (a.harrowell@gmail.com)
Thu Feb 4 18:26:20 2010
From: a.harrowell@gmail.com
To: "andrew.wallace" <andrew.wallace@rocketmail.com>
Date: Thu, 4 Feb 2010 23:25:32 +0000
Cc: nanog@nanog.org
Reply-To: a.harrowell@gmail.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
-original message-
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and =
recommendations
From: "andrew.wallace" <andrew.wallace@rocketmail.com>
Date: 04/02/2010 11:09 pm
On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge@linuxbox.org> wrote:
> "That peer-review is the basic purpose of my Blackhat talk and the
> associated paper. I plan to review Cisco=E2=80=99s architecture for =
lawful intercept
> and explain the approach a bad guy would take to getting access =
without
> authorization. I=E2=80=99ll identify several aspects of the design =
and
> implementation of the Lawful Intercept (LI) and Simple Network =
Management
> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain =
access
> to the interface, and provide recommendations for mitigating those
> vulnerabilities in design, implementation, and deployment."
>
> More here:
> http://blogs.iss.net/archive/blackhatlitalk.html
>
> Gadi.
For the sake of clarity and transparency,=20
Gadi Evron has absolutely no connection to this research whatsoever. =
He is famous in the security community for piggybacking off other peoples =
research.
We are frustrated with him as much as we are annoyed.
Andrew
Security consultant
CITATION NEEDED
=20
