Company

Technical Security Consulting

Managing Risk

Research & Development

Forensics

Security Management

Media Centre

PCI DSS

• Home
• Overview
• Press Releases
• Index
• IRM is now a PABP
• IRM Comments on the Computer Weekly PCI Article of 12 June 2007
• IRM Has Become a QFI
• IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
• IRM is awarded Qualified Forensics Investigator (QFI) status by MasterCard
• IRM In The News

IRM Demonstrates Multiple Cisco IOS Exploitation Techniques

London - October 10th, 2007 

For months the software security team within the R&D department at IRM have been collaborating with Cisco, investigating the security of Cisco IOS - the software that runs on the networking devices that control the majority of the Internet. In the course of the research several serious vulnerabilities were discovered and three new techniques were developed, which if used to exploit Cisco networking devices could have a significantly negative impact on the Internet as a whole.

IRM have an active R&D department which is constantly testing the security of different systems and software - everything from ATM machines and biometric devices to trading floor technologies. The latest achievement is one which is not only exciting and innovative but also one which highlights responsible ways for security researchers and software developers to work together in collaboration to have a positive impact upon future technology development.

As a result of this collaboration IRM and Cisco will today at 12:00 EST (17:00 BST) release a joint advisory and security patch.

Chief Research Officer, Andy Davis, comments "Cisco was great to work with. They've been extremely professional and engaged with us throughout the research project. What was striking was the commitment they demonstrated to improving the security of their product and protecting those who use it by taking security seriously."

Sanitised videos of the techniques in action can be viewed on the IRM website at the link below.

http://www.irmplc.com/index.php/153-Embedded-Systems-Security

Should you like more information about the research performed, please contact research@irmplc.com

About IRM:
Information Risk Management Plc (IRM) is a vendor independent information risk consultancy, founded in 1998. IRM has become a leader in client side risk assessment, technical level auditing and in the research and development of security vulnerabilities and tools. IRM is headquartered in London with Technical Centres in Europe and Asia as well as Regional Offices in the Far East and North America.