RE: Cisco IOS Exploit Cover Up
...and Wired News is running this story: "Cisco Security Hole a Whopper" Excerpt: [snip] A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. [snip] http://www.wired.com/news/privacy/0,1848,68328,00.html - ferg -- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote: For what ot's worth, this story is running in the popular trade press: "Cisco nixes conference session on hacking IOS router code" http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- "Hannigan, Martin" <hannigan@verisign.com> wrote:
For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions.
I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed):
http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html
Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M< -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
and talk about closing the barn door after the horse has escaped!?? Haven't they just turned those 15 pages scanned as a pdf and distributed over a p2p file sharing system like bit torrent into likely one of the the most sought after documents on the planet? How long before they show up there? If they aren't there already. ============================================================= The COOK Report on Internet Protocol, 431 Greenway Ave, Ewing, NJ 08618 USA 609 882-2572 (PSTN) 415 651-4147 (Lingo) cook@cookreport.com Subscription info: http://cookreport.com/subscriptions.shtml New report: The Only Sustainable Edge vs The Oligopoly at: http://cookreport.com/14.06.shtml ============================================================= On Jul 27, 2005, at 11:50 PM, Fergie (Paul Ferguson) wrote:
...and Wired News is running this story:
"Cisco Security Hole a Whopper"
Excerpt:
[snip]
A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.
Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.
[snip]
http://www.wired.com//privacy/0,1848,68328,00.html
- ferg
-- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote:
For what ot's worth, this story is running in the popular trade press:
"Cisco nixes conference session on hacking IOS router code" http://www.networkworld.com/news/2005/072705-cisco-ios.html
- ferg
-- "Hannigan, Martin" <hannigan@verisign.com> wrote:
For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions.
I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed):
http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.html
Yes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with.
-M<
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
participants (2)
-
Fergie (Paul Ferguson)
-
Gordon Cook