My first presentation of the conference was by Michael Lynn's Cisco IOS Security talk, "The Holy Grail: Cisco IOS Shellcode and Remote Execution." This was a funny and controversial talk, partly because of the light-hearted and continuous references to having his "ass sued off" and partly because he had to quit his ISS research job to give the talk. Apparently, Cisco wasn't happy with him giving the talk (among others), and ISS pulled their support for him giving the talk. So now it seems that Mr. Lynn has been thrown to the lions, here at Ceasar's. At one point he said, (I am paraphrasing, poorly), "politicians keep talking about a digital Pearl Harbor, and I don't know if they know what they are talking about, but I do know what it could look like -- it's a worm that can take out all of the Cisco routers on the Internet." One of his main points is that people are complacent about IOS, and often treat it as if it were merely hardware. Though vulnerabilities are rare in IOS there are avenues for exploitation. He demonstrated his non-0-day (Cisco has had it patched for some time) to a packed Salon here at Ceasar's, and was met by applause, head shaking, and amusement, when he ran his exploit and the call back gave him a prompt on his demo router. He also showed how he used IDA to reverse engineer a lot of the memory handling functions, with certain parts blacked out. Since IOS source code has been stolen twice, he believes it's ridiculous to keep believing IOS is impenetrable. If there is no disclosure at some point, who is going to tell people to upgrade, the vuln faerie? He finished off saying, that he wants people to know that if they stay up to date with IOS they'll probably be fine.
Since his talk, Cisco and ISS have filed a request for a temporary restraining order against Michael Lynn and the organizers of the Black Hat Conference.