{"title":"不要相信供应商的软件分发方法","authors":"Andrew Storms","doi":"10.1201/1086.1065898X/45782.14.6.20060101/91858.8","DOIUrl":null,"url":null,"abstract":"Abstract Weeks prior to a scheduled maintenance window, a network administrator at Cable and Wireless navigated to Cisco's Web site and downloaded new IOS code for their 12000 series gig routers. Days of rigorous testing resulted in an expected smooth installation of the new software. Unknown to the network administrator or anyone at Cable and Wireless, the IOS code had been Trojaned. Via Lawful Intercept, weeks went by where packets were sent to previously hijacked SOHO systems, which in turn forwarded said information to various sources, eventually making their way to a global terrorist group.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2006-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Don't Trust Your Vendor's Software Distribution Methodology\",\"authors\":\"Andrew Storms\",\"doi\":\"10.1201/1086.1065898X/45782.14.6.20060101/91858.8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Weeks prior to a scheduled maintenance window, a network administrator at Cable and Wireless navigated to Cisco's Web site and downloaded new IOS code for their 12000 series gig routers. Days of rigorous testing resulted in an expected smooth installation of the new software. Unknown to the network administrator or anyone at Cable and Wireless, the IOS code had been Trojaned. Via Lawful Intercept, weeks went by where packets were sent to previously hijacked SOHO systems, which in turn forwarded said information to various sources, eventually making their way to a global terrorist group.\",\"PeriodicalId\":36738,\"journal\":{\"name\":\"Journal of Information Systems Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1201/1086.1065898X/45782.14.6.20060101/91858.8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/1086.1065898X/45782.14.6.20060101/91858.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
Don't Trust Your Vendor's Software Distribution Methodology
Abstract Weeks prior to a scheduled maintenance window, a network administrator at Cable and Wireless navigated to Cisco's Web site and downloaded new IOS code for their 12000 series gig routers. Days of rigorous testing resulted in an expected smooth installation of the new software. Unknown to the network administrator or anyone at Cable and Wireless, the IOS code had been Trojaned. Via Lawful Intercept, weeks went by where packets were sent to previously hijacked SOHO systems, which in turn forwarded said information to various sources, eventually making their way to a global terrorist group.