nanog mailing list archives
Re: Cisco IOS Exploit Cover Up
From: Andre Ludwig <andre.ludwig () gmail com>
Date: Wed, 27 Jul 2005 16:16:58 -0400
Damn he sure did cause a shit storm AGAIN.. from the crn article it looks like they might have him pinned on an NDA violation.. (taking a shot in the dark) quote below. "Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners," the company said in a statement released Wednesday. "It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained." Which i find is funny because i know that for years people have been beating up on him for more info into the cisco wireless cards that he had access to under NDA. He never once budged from what i know of and heard. Damn guess we will have to wait and see what happens, to bad i missed the talk. On 7/27/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:
For what ot's worth, this story is running in the popular trade press: "Cisco nixes conference session on hacking IOS router code" http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- "Hannigan, Martin" <hannigan () verisign com> wrote:For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.htmlYes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M< -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- Cisco IOS Exploit Cover Up James Baldwin (Jul 27)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 27)
- <Possible follow-ups>
- RE: Cisco IOS Exploit Cover Up Hannigan, Martin (Jul 27)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
- Re: Cisco IOS Exploit Cover Up Andre Ludwig (Jul 27)
- RE: Cisco IOS Exploit Cover Up Dan Hollis (Jul 27)
- RE: Cisco IOS Exploit Cover Up Neil J. McRae (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
- Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)