Subject : RE: Cisco IOS Exploit Cover Up On Thu, 28 Jul 2005, Geo. wrote:
I think there is also a LOT concern about all the unpatched routers that remain unpatched simply because the admins don't feel like spending a week running the cisco gauntlet to get patches when you don't have a support contract with cisco. Its like cisco doesn't want you to patch or they would make it easy.
Geo.
This is oh so true - contracts in order to patch your equipment. Normally I would never mention the need for an authority to intervene on things related to the Internet but how long will it be before the term "Digital Pearl Harbor" is a reality. Maybe it is time an authority figure steps in and makes some form of rules for vendors to distribute fixes under some form of law. If this flaw of Cisco's could lead to the kind of severe damage as Mr. Lynn claims, shouldn't it fall on the shoulders of Cisco to get their act together and provide a fix as opposed to sending in the hounds (legal shmoes via lawsuit) to quash their problems. I'm sort of taking a look at it from the tobacco company lawsuit stance where the tobacco bigwigs would bury the truth in legal trash as opposed to making things right. It's rather irresponsible behaviour on the part of Cisco to avoid coming clean on this issue. On matters of a public exploit and or the skill level necessary to create an attack via whatever flaw Mr. Lynn spoke of: It is only a matter of time before something is out there, so for some to criticize Mr. Lynn for being a whistleblower, shame on you. I think he did a courageous thing. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo sil @ infiltrated . net | http://www.infiltrated.net GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 To conquer the enemy without resorting to war is the most desirable. The highest form of generalship is to conquer the enemy by strategy." - Sun Tzu