Last years model this year
Had to chuckle reading GCN tonight reporting from Black Hat Federal. Seems our friend Ofir Arkin is still pushing last years model talking about how he "looked at the entire range of network access control products and found that all offered weaknesses that could be used to bypass them." This is the same spiel he gave last year at Black Hat Vegas. The good news is Ofir still has a few months to get something new to say in Vegas this year.
I wonder if he mentioned how you can bypass ARP twiddling and ARP poisoning as well, since his product uses it. But then again I think that Insightix claims they are the UnNAC NAC. What should also be interesting is whether any companies with a patent on ARP twiddling for NAC might consider Insightix's use of this a violation. Just wondering.
To be fair to Ofir, who is actually a very likable guy, I was not at the show and am getting this second hand from GCN. Maybe he did have something on this stuff. If he did I stand ready to be corrected and give him equal position here on my blog.
Comments