What techniques are you referencing? The technique Lynn demonstrated has not been seen anywhere in the wild, as far as I know. He, nor ISS, ever made the source code available to anyone outside of Cisco, or ISS. What publication are you referring to?
Didn't Lynn come out and say flat out that he'd found a lot of information on a Chinese website (with the implication that the website had even more information than what he presented)?
A black hat who is not Chinese has published some slides with far more explicit step-by-step details of how to crack IOS using the techniques that Lynn glossed over in his presentation. This person also claims to have source code available on his website for download but I didn't look to know for sure. As for the Chinese connection, there is a fairly long document circulating on the net from a couple of years back. It is translated from Chinese and it is about modern techniques of information warfare. I think a lot of people interested in network security are aware that lots of Chinese hackers are at work out there and that they are good at what they do. Since all blackhats tend to communicate with each other to share ideas and to brag about their exploits, it is entirely possible that this Cisco exploit began in China. It is a nice myth to believe that a company like ISS does all their own work in-house and that their employees are all super gurus. But I would hope that most of you realize this is not true. Companies like ISS leverage the work of blackhats just like any hacker does. That's why I don't think gagging Lynn or ISS or the Blackhat conference will have any positive effect whatsoever. In fact, I would argue that this legal manouevering has had a net negative effect because it has now been widely published that Cisco exploits are possible. This means that many more hackers are now trying to craft their own exploits and own Cisco routers. Of course, in the end, Juniper is also vulnerable. Nortel is vulnerable. Every manufacturer of routing/switching equipment is vulnerable. Modern electronic devices are all built around embedded computers with complex software running on them. The root of all these vulnerabilities is our inability to write complex software that is free of bugs. Now I believe that Open Source software techniques can solve this root problem because many eyes can find more bugs. This doesn't just mean *BSD and Linux. There are also systems like OSKit http://www.cs.utah.edu/flux/oskit/ and RTAI http://www.rtai.org/ that are more appropriate for building things like routers. --Michael Dillon