..and of course: "Cisco Denies Router Vulnerability Claims" [snip] Cisco Systems is downplaying a news story that suggests new security flaws may have been discovered in some of its routers. [snip] http://www.varbusiness.com/components/weblogs/article.jhtml?articleId=166403... So, until the _facts_ come out, this appears to be spin vs. spin (a play on spy v. spy, for all you Alfred E. Newman fans)... - ferg -- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote: ...and Wired News is running this story: "Cisco Security Hole a Whopper" Excerpt: [snip] A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. [snip] http://www.wired.com/news/privacy/0,1848,68328,00.html - ferg -- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote: For what ot's worth, this story is running in the popular trade press: "Cisco nixes conference session on hacking IOS router code" http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- "Hannigan, Martin" <hannigan@verisign.com> wrote:
For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions.
I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed):
http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html
Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M< -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
Cisco's response thus far: http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html Jeff
Since the talk was actually delivered - does anyone have a transcript or a torrent for audio/video? - Dan On 7/27/05 8:10 PM, "Jeff Kell" <jeff-kell@utc.edu> wrote:
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
Jeff
I have been searching the net since this morning, for “The Holy Grail: Cisco IOS Shellcode Remote Execution”, or variations of such. This seems to be - at the moment - the most thought after torrent ... Stef Network Fortius, LLC On Jul 27, 2005, at 8:13 PM, Daniel Golding wrote:
Since the talk was actually delivered - does anyone have a transcript or a torrent for audio/video?
- Dan
On 7/27/05 8:10 PM, "Jeff Kell" <jeff-kell@utc.edu> wrote:
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/ MySDN_CiscoIOS.html
Jeff
On 7/27/05, Jeff Kell <jeff-kell@utc.edu> wrote:
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
Jeff
More fuel on the fire... Cisco and ISS are suing Lynn now... http://news.zdnet.co.uk/internet/security/0,39020375,39211011,00.htm -- Jason 'XenoPhage' Frisvold XenoPhage0@gmail.com
On Thu, 28 Jul 2005, Jason Frisvold wrote:
On 7/27/05, Jeff Kell <jeff-kell@utc.edu> wrote:
Cisco's response thus far: http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html More fuel on the fire... Cisco and ISS are suing Lynn now... http://news.zdnet.co.uk/internet/security/0,39020375,39211011,00.htm
Not the first time Cisco has had a highly questionable attitude toward security issues, even recently: http://kerneltrap.org/node/5382 (cisco, lawyers, and patents). Is this the start of a new pattern of behavior for cisco, or just more of the same? -Dan
participants (6)
-
Dan Hollis
-
Daniel Golding
-
Fergie (Paul Ferguson)
-
Jason Frisvold
-
Jeff Kell
-
Network Fortius