Get a grip, Michael. Any black hat who reads this list already knows this information (if indeed it exists; acting mysterious isn't gaining you any credibility with the cynical among us, and of course you aren't even providing enough detail for people with clues to discern what the bloody heck you're referring to). All you're doing is withholding data from the non-black-hats.
*sigh* I have no special sources of info. One Monday morning I saw the traffic on this list about Lynn's presentation. None of the posted URL's worked. One of them led to a legal document ordering that the slides not be posted. So what did I do? That's right, I turned to Google. I found articles written by people who attended the presentation. One person had posted a zip file with photos of all of Lynn's slides as presented at BlackHat. I even managed to find the PDF file with the edited version of the slides that was the target of the lawyers. But I found more. It seems that a guy using the name FX has been publishing stuff about Cisco heap exploits for years now. I found his slides from a presentation made at BlackHat Las Vegas in 2002. Lots of juicy detail. And I found a long document translated from Chinese about modern information/economic warfare. I really didn't think this stuff was all that hard to find because it took me all of 30 minutes. The big question in my mind is why did Cisco freak out when somebody wanted to present an overview of exploits that have been worked on by hackers for the past 3 years? Especially when Lynn is giving them some valuable free advice, i.e. don't make it easier for hackers to use heap exploits. Thank's to Drew's posting I now know that FX presented again at BHLV a year later pointing out a UDP exploit that can be used to facilitate building the correct heap exploit for a specific IOS release and architecture. It seems to me that Cisco has a fundamental communications problem in regards to security. Their actions against Lynn did not stop people from reading his slides and his slides were not nearly as informative as the older slides from FX. Also, Cisco seems stuck in the traditional vendor-customer communications cycle that causes them to ignore or deprioritize security related communications unless it comes to them through a major customer. In fact, the people who REALLY know this stuff may not work for a major Cisco customer or if they do, they may not have access to the privileged communications channels within their company. --Michael Dillon Give a man a fish and you feed him for a day, teach him how to fish and you feed him for a lifetime.