WordPress database error: [Duplicate entry '62552' for key 1]
INSERT INTO wp_bas_visitors (visit_ip, referer, osystem, useragent, lasthere) VALUES (644300604, 1, 745, 3655, '2008-10-11 19:59:56');

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND referer = referer_id AND osystem = os_id AND useragent = ua_]
SELECT * FROM wp_bas_visitors, wp_bas_refer, wp_bas_ua, wp_bas_os WHERE visit_id = AND referer = referer_id AND osystem = os_id AND useragent = ua_id

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '2008-10-11 19:59:56', 0, 2281)' at line 1]
INSERT INTO wp_bas_log (visit, stamp, outbound, page) VALUES (, '2008-10-11 19:59:56', 0, 2281);

The Sys-Security Group » Blog Archive » Suspended for hacking Cisco Clean Access NAC
« IDS/IPS Vendors Jumpin’ on the NAC Bandwagon
More Hardware Issues with My MacBook Pro »

Suspended for hacking Cisco Clean Access NAC

Tim Green over at NetworkWorld has interviewed me for an article with an interesting story. A sophomore student over at the University of Portland was recently suspended for a year since he managed to find a way to circumvent Cisco’s Clean Access NAC. The student managed to find several vulnerabilities with Cisco’s CCA circumventing it to believe its operating system and A/V adhere to the network access policy, where in truth they were not.

Some more information can be read at The Beacon, the students paper over at the University of Portland.

This story, and others, that were published recently, demonstrates how a questionable device, that is not trusted as is, may falsify information part of a posture validation check. This proves one of the points I have raised during my summer BlackHat 2006 presentation were I have raised these same issues.

The first lesson you learn with information security is that there is no such thing as client-based security.

This entry was posted on Friday, April 27th, 2007 at 2:53 pm and is filed under NAC, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.