Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco IOS Shellcode Presentation

From: Jason Coombs <jasonc () science org>
Date: Fri, 29 Jul 2005 08:29:35 -1000
Frank Knobbe wrote:

What he has done is not say "Here's a bug that I can exploit". He has
said "This IOS is capable of exploitation beyond current belief". And it
will be for the foreseeable future.
Precisely. And Lynn pointed out that Cisco routers use general purpose CPUs -- therefore Cisco's own engineers chose purposefully to build a vulnerable device.
Cisco is responsible for this entire mess. Had they engineered a secure product around a CPU that was not general purpose, none of this would be happening now.
No company that intentionally engineers a computing device around a general purpose programmable CPU should have the ability to press charges against security researchers who disclose security flaws in those devices.
Cisco is wrong to conclude that they can engineer a defective product and then allow the criminal prosecution of a person who simply asks the pointed question "Why did Cisco do this? It renders their product permanently defective, and here's the proof." 

Somebody needs to explain this clearly to the FBI.
Cisco should be criminally prosecuted for telling lies to their customers and for abuse of process. 

Regards,

Jason Coombs
jasonc () science org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: