back to article Cisco confirms two of the Shadow Brokers' 'NSA' vulns are real

It's looking increasingly likely that the hacking tools put up for auction by the Shadow Brokers group are real – after Cisco confirmed two exploits in the leaked archive are legit. The two exploits, listed in the archive directory as EPICBANANA and EXTRABACON, can be used to achieve remote code execution on Cisco firewall …

  1. elDog

    This is an obvious ploy to get us to expose ourselves

    Just by commenting on this fish-bait we are letting the REAL fiends, SPECTRE know we exist. The NSA and all other supposedly spy groups are tadpoles in the ocean and they are allowed to play, until...

    Whatever you do, don't read this!

    1. Anonymous Coward
      Thumb Up

      Re: This is an obvious ploy to get us to expose ourselves

      Or, worse, comment on it!

      1. Mark 85

        Re: This is an obvious ploy to get us to expose ourselves

        Or, worse, comment on it!

        Is upvoting ok? Rats... I just... I'm doomed.

        1. Dr Spork
          Black Helicopters

          Re: This is an obvious ploy to get us to expose ourselves

          Is upvoting ok?

          Very much doubt it. You'd really have to be a bit deficient to go anywhere near an obvious elephant trap like this.

          1. Dr Spork
            Coat

            Re: This is an obvious ploy to get us to expose ourselves

            Bugger! :-|

  2. Anonymous Coward
    Paris Hilton

    "Meanwhile, some believe it was an inside job by a disgruntled NSA staffer – because there is simply no way the agency would allow this material to fall in hackers' hands. ®"

    WTF?

    Who the hell are these "some"? Trump and one or two of the "people" who vote for him?

    Need a Keystone Cops icon --->

    1. Dr Spork
      Facepalm

      Perhaps NSA were using NSA Cisco firewalls?

      Oopsie!

  3. Syntax Error

    IT Security

    CISCO leave their firewalls and routers un patched for years and allow government agencies (and maybe others) to exploit these holes.

    Just shows you cannot trust the IT security "experts".

    1. Anonymous Coward
      Anonymous Coward

      Re: IT Security

      Just shows you cannot trust the IT security "experts"

      A proper security specialist would never stick to one brand anyway - a mono culture in your defences is risky as you are in principle begging on your knees for a cascade breach (a sort of domino effect because your defences are all vulnerable to the same problem).

      As they're US, I wonder if adding a Huawei layer would mean you'd have two spy agencies battling to keep information from each other, and so keep it all safe :).

      1. Karl Vegar
        Big Brother

        Re: IT Security

        Nah, you'd just get two sets of back doors, and two sets of agencies trying to breach you instead of just the one you'd get anyway.

        1. Anonymous Coward
          Boffin

          Re: IT Security

          I suspect (the other) AC was contemplating fitting them in series, rather than parallel!

          (AC for impenetrable protection from SPECTRE&NSA&GCHQ&c.)

          1. Anonymous Coward
            Anonymous Coward

            Re: IT Security

            I suspect (the other) AC was contemplating fitting them in series, rather than parallel!

            :) Indeed. Oh, and another thing - a proper security specialist plans ahead for a breach too. Someone who doesn't do that has *way* too much (usually misplaced) confidence that they're smarter than the people out there, and makes the terminal mistake about forgetting the insider threat.

            By planning ahead you can minimise impact - if you have to start thinking up mitigation strategies when you're breached you're way too late. That's ordering fire extinguishers with the building already on fire.

  4. Anonymous Coward
    Anonymous Coward

    Another possibility I heard

    Was that the hackers had compromised some sort of command and control server out on the internet that the Equation Group was using. If it was able to be commanded "hack server X" it would have to have a decent exploit library available locally - though surely not all their crown jewels the best of which they probably keep very very tight control over.

    As for its age, either it was compromised a long time ago and it was kept secret until it was no longer useful (i.e. many of the exploits were getting stale) or it was somehow lost/abandoned long ago. If they had infiltrated someone's server to turn it into their unwitting C&C server (it isn't like they'd use their own servers for that) and the server's owner had later taken it off the net or shut it down when they realized how it was being used, they'd preserve a snapshot in time of what the server looked like. Then the hackers wouldn't need to hack the NSA, only whatever party(ies) got hold of the goods off that C&C server back in 2013.

  5. Mystic Megabyte
    Black Helicopters

    Russians?

    Nope, it was Lisbeth Salander. Every fule kno that.

    Also, ooops! (see above)

    1. Anonymous Coward
      Anonymous Coward

      Re: Russians?

      Yes, that was a very enjoyable series by Stieg Larsson, may he rest in peace.

      Personally, I think the movies with Noomi Rapace were best, adding simply superb acting to a brilliant story line. Thoroughly enjoyable. Another reason to prefer the early versions is because the website for the newer (2014) version insists you should install Flash :).

  6. phuzz Silver badge
    Thumb Up

    This might come in handy next time I have to administer an ASA that the customer has lost the password to.

  7. Matt Bryant Silver badge
    Happy

    EXTRABACON!

    Because you can never have too much bacon!

  8. Anonymous Coward
    Facepalm

    Cisco Adaptive Security Appliance

    "A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code." ref

    A security device that is itself vulnerable to remote exploitation, who would ever have though that. What we need here is a device to monitor the security appliance and another device to monitor both ..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like