RE: Cisco Workaround

["Dozal, Tim" <tdozal () cisco com>]

If you were running 12.1 or 12.2T or any other of the various flavors of
IOS this patch did not bring them all in line.  They all have different
feature sets so that "theory" doesn't make much sense.  That's like
saying a MS patch could make Win95, Win98, Win ME, Win2k all into a
single product with a patch.  I'm not an IOS guru but I can say that
this theory is pretty silly.  Nobody likes to find flaws in there
products, but it is the responsibility of a company if they do find a
flaw that could impact customers, to do everything in their power to fix
the problem.

Tim

(the above is my personal view, not that of the company btw)

-----Original Message-----
From: Todd Mitchell - lists [mailto:lists () ciphin com] 
Sent: Wednesday, July 30, 2003 9:02 AM
To: 'Jac'; security-basics () securityfocus com
Subject: RE: Cisco Workaround

| As to support, I heard an interesting conspiracy
| theory related to Cisco support and the IOS flaw:
| 
| The theory is that Cisco had far to many IOS versions
| that they support in the field and in order to reduce
| support costs they "conveniently" found this flaw with
| the IOS software and used it to propel an upgrade of
| all IOS system. Thus reducing the overall costs of
| support and saving Cisco a large amount of $$$$$.
| 
| I have found it strange that such an easy and
| dangerous flaw has not given Cisco a black eye on
| this. Micro$oft constantly is getting beaten for less
| dangerous flaws in their OS and other softwares, but
| Cisco actually has gotten praise for having found and
| published the flaws details [as limited as those
| details were].
| 
| What do you think?

Interesting theory; however way to risky from a business point of view.
The bean counters might be happy now that they only have to support x
versions of IOS & in turn are saving x dollars.  But keep in mind the
negative ramifications from a massive security alert are/were unknown
and I doubt Cisco would risk their reputation or whatever to bring
everyone onto the same wave length just to save a few pennies.

Todd

--



| 
| Jac
| 
| 
| "I'm not paranoid, everyone is out to get me."
| 
| --- stephane nasdrovisky
| <stephane.nasdrovisky () uniway be> wrote:
| >
| > As far as this particular issue is concerned, Cisco
| > do provide a high quality of
| > support to its customers. What they don't provide is
| > free training for lazy
| > network administrators. If you're unable to apply
| > the IOS patch they freely
| > provide to any administrator who asks for it (as
| > stated in the advisory), why
| > would you complain and waste anybody's time?
| >
| >
| > > As for Wesley, don't you believe that cisco should
| > be responsible on providing
| > > a high quality of support to its customers since
| > they paid $$$$$$$$$$$$$
| >
| >
| >
|
------------------------------------------------------------------------
--
| -
| >
|
------------------------------------------------------------------------
--
| --
| >
| 
| 
| __________________________________
| Do you Yahoo!?
| Yahoo! SiteBuilder - Free, easy-to-use web site design software
| http://sitebuilder.yahoo.com
| 
|
------------------------------------------------------------------------
--
| -
|
------------------------------------------------------------------------
--
| --
| 



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------