Full Disclosure mailing list archives
(no subject)
From: "J. Oquendo" <sil () infiltrated net>
Date: Sun, 14 Aug 2005 20:22:04 -0400 (EDT)
On Sun, 14 Aug 2005, n3td3v wrote:
I think its pathetic the way everyone has handled the whole affair. I don't blame Cisco for anything. To see these self proclaimed hackers goto Blackhat and Defcon is a complete joke.
You don't blame Cisco for knowing for years they'd been shipping cruddy products and keeping a "don't ask won't tell" policy when it comes to their products? Silly you.
Then we had the self procalimed hackers saying they would target Cisco products and make a 0-day disclosure to give Cisco Systems Inc a black eye for pulling their planned coordinated speech with this dude M.Lynn. What a joke the security community is being right now.
Whom stated this. The purpose of Lynn's presentation which can be seen at: www.infiltrated.net/cisco/holygrail.pdf was to provide those in the industry a glimpse at a huge problem in the making. A huge problem Cisco had not been disclosing.
Its a classic case of jumping on the bandwagaon. Before the summer most hadn't given Cisco any thought, but suddenly their public enemy number one.
They are public enemy number one right now. I would say 75% plus of the networks online right now are running Cisco products. For Cisco to take a lackadaisical attitude in fixing their problems is irresponsible.
I suggest that the majority of those attending these conferences are indeed script kiddies, not hackers.
Indeed. You should have followed suit and replaced that line with "3y3 sUgGeST,..." sInCeReLy n3td3v!@ Seriously though, for anyone in the industry who's been in "the game" for some time, many know that this entire industry has gone from "fixing holes for fun and fame", to "fsck that hole and just get the profits". Far too many in the field have "sold out" and forgotten what security was, due to too many "mega corps" (Symantec, Cisco, NAI, etc) dishing out money and skirting responsibilities. When it comes to Cisco, kudos to Lynn and others who speak out about vulnerabilities. Especially in the case of Lynn who disclosed this to Cisco way beforehand. Heck it was disclosed in a previous briefing, why the lenghty time to produce patches... Cisco's attitude seemed to be that of Microsoft's old attitude: "The vulnerability is theoretical" until it bit them in the ass. As for the feds bullying Mr. Lynn under the guise of "National Security" why not dish out fines to Cisco for everyday they have not released a fix for it. Did Team Cisco lobby that many in congress to make people turn a blind eye. Kudos to Mr. Lynn, and kudos to others who disclose (appropriately) security holes when vendors solely want to appease investors. (Hey Team Oracle and Larry Ellis... Hope someone over there is reading this too...) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 To conquer the enemy without resorting to war is the most desirable. The highest form of generalship is to conquer the enemy by strategy." - Sun Tzu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- (no subject) kartoffelguru (Aug 09)
- <Possible follow-ups>
- (no subject) kartoffelguru (Aug 09)
- Re: (no subject) KF (lists) (Aug 09)
- Re: (no subject) Stan Bubrouski (Aug 09)
- Re: (no subject) KF (lists) (Aug 09)
- (no subject) J. Oquendo (Aug 14)
- (no subject) Donato Ferrante (Aug 24)