Damn he sure did cause a shit storm AGAIN.. from the crn article it looks like they might have him pinned on an NDA violation.. (taking a shot in the dark) quote below. "Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners," the company said in a statement released Wednesday. "It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained." Which i find is funny because i know that for years people have been beating up on him for more info into the cisco wireless cards that he had access to under NDA. He never once budged from what i know of and heard. Damn guess we will have to wait and see what happens, to bad i missed the talk. On 7/27/05, Fergie (Paul Ferguson) <fergdawg@netzero.net> wrote:
For what ot's worth, this story is running in the popular trade press:
"Cisco nixes conference session on hacking IOS router code" http://www.networkworld.com/news/2005/072705-cisco-ios.html
- ferg
-- "Hannigan, Martin" <hannigan@verisign.com> wrote:
For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions.
I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed):
http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html
Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with.
-M<
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/