* James Baldwin:
A fix had been generated with the vendor and it was time that the information to become public so network operators understood that the remote execution empty world we had lived in until now was over.
Huh? Remote code injection exploits on Cisco routers have been demonstrated before, haven't they? Previous ones were rather fragile, and the amount of knowledge and experimentation needed was rather high. Actually, this is the type of exploit I would expect to be unavailable to the general public (read: network operators) for a long, long time. If there was a perception in the community that remote code injection exploits were a non-issue on routers, then this incident was long overdue, and Cisco should be thankful because their customers can assess risks in a more realistic way. ISS is probably the real loser here because these days, their business is based to a large extent on selling access to relevant strategic information, and dissemination of any background information reduces the value of their service (or the exclusiveness of the offerrings, at the least).