eWeek: Cisco Comes Clean on Extent of IOS Flaw
http://www.eweek.com/article2/0,1759,1841669,00.asp - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
Fergie (Paul Ferguson) wrote:
Cisco still seems to be spinning it, though. The important part of Lynn's presentation wasn't the IPv6 exploit, but how future exploits can be used to execute arbitrary code on Cisco equipment. By making a big deal about the "IPv6 exploit" they are in effect trying to reassure people that run IPv4-only networks that this is not a big problem, and that it doesn't effect them.
Cisco still seems to be spinning it, though. The important part of Lynn's presentation wasn't the IPv6 exploit, but how future exploits can be used to execute arbitrary code on Cisco equipment. By making a big deal about the "IPv6 exploit" they are in effect trying to reassure people that run IPv4-only networks that this is not a big problem, and that it doesn't effect them.
Important part of Lynn's presentation is that there will be buffer overflows and they can be exploited, this is vendor independent. And the threat was there 10 years ago and the threat will be there 10 years from now. Some people were also surprised by the 'late' ICMP 'vulnerabilities' and some even found time to bash $vendor about it. I guess someone has to yell wolf every now and then to interest people in maintaining their systems. -- ++ytti
On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote:
Like I said, PR disaster. As more information comes out, the levels of misbehavior on behalf of Cisco and ISS are reaching comical levels. I mean really, someone at ISS filed a _criminal complaint_ over the _presentation_? ISS' integrity has been questioned before, and this only seems to confirm peoples' worst fears. -Dan
participants (4)
-
Dan Hollis -
Fergie (Paul Ferguson) -
Janet Sullivan -
Saku Ytti