Bit9

Earlier this year at EuSecWest 08, Sebastian Muñiz of Core Security has demonstrated how to unpack and repackage Cisco IOS binaries. Effectively this showcases how rootkits can be embedded inside a valid Cisco IOS image. There are valid uses for this, especially when it comes to debugging, troubleshooting or penetration testing. But the upside potential is staggering, especially given the proliferation of fake Cisco hardware sporting fake CISCO software. Even US Government is aware of tainted hardware that has made it into Government purchasing streams.

In their defense, Cisco has published a guide for Network Administrators urging them to double check MD5 hashes of their router software. Now what happens if Cisco OS components are customized?

Given that the encryption is moving into firmware of embedded chips and devices, it is just the matter of time that this types of attacks will become a common place. Researchers at Cambridge University have used paperclips and needles to tap into chip and pin terminals to record a magnetic stripe data and PIN from ATM cards. Needless to say, you do not need to break into an ATM, a typical cash register would do just fine.

Connecting onto pin terminals harks back to attacks and investigations of the past, but just as MBR Rootkits is making a comeback.

It has been touted that Virtualization is a more secure alternative to today's physical real estate approach to coming.

Yet X-Force ISS Report tells us to be prepared for new attacks against the Virtualization infrastructure. For one, discovered vulnerabilities against virtualization software are at all time high.

Report claims that "although virtual machine breakout vulnerabilities tend to get a lot of attention from the press, they are rare" and they target solutions that predominantely require a fulling blown operating system.

Hypervisor solutions are cure for this as they remove, for example, a RedHat Service Console (in VMWare's case) from the mix. Similarly Microsoft's implementation tries to remove all the unnecessary components from the stripped down OS as not to be affected by any fringe vulnerability.

It is very likely that new hypervisor compromising malware, attacks on management infrastructure, and other malicious activity will make headlines very soon. Yet, hypervisors are a very safe today. After studying their structure, we can safely challenge the world to break it and evaluate it. It will not be easy.