Schneier: How Hackers Think


This is a bit technical, but it's a good window into the hacker mentality. This guy walks step by step through the process of figuring out how to exploit a Cisco vulnerability.

It has been identified a vulnerability in the Cisco IOS Web Server. An attacker can injec arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco. THERE'S NO NEED TO HAVE ACCESS TO THE WEB SERVER! Once the code has been injected, attacker must wait until the admin browses some of the affected web pages.

The Cisco HTTP Server is used to manage cisco routers via web browser. It's not an usual way of management, and as far I know, it is not enabled by default, but still there could be people doing management and/or monitoring tasks via HTTP protocol.
Schneier on Security: How Hackers Think

Linked by shanmuga Monday, 5th December 2005 9:18PM