Don't Trust Your Vendor's Software Distribution Methodology

  title={Don't Trust Your Vendor's Software Distribution Methodology},
  author={Andrew Storms},
  journal={Information Systems Security},
  pages={38 - 43}
  • Andrew Storms
  • Published 1 January 2006
  • Computer Science
  • Information Systems Security
Abstract Weeks prior to a scheduled maintenance window, a network administrator at Cable and Wireless navigated to Cisco's Web site and downloaded new IOS code for their 12000 series gig routers. Days of rigorous testing resulted in an expected smooth installation of the new software. Unknown to the network administrator or anyone at Cable and Wireless, the IOS code had been Trojaned. Via Lawful Intercept, weeks went by where packets were sent to previously hijacked SOHO systems, which in turn… Expand