nanog mailing list archives
Re: Cisco IOS Exploit Cover Up
From: Jared Mauch <jared () puck nether net>
Date: Thu, 28 Jul 2005 13:48:57 -0400
On Thu, Jul 28, 2005 at 01:36:01PM -0400, James Baldwin wrote:
On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:While I do think it's obnoxious to try to censor someone, on the other hand if they have proprietary internal information somehow that they aren't supposed to have to begin with, I don't think it is in security's best interested to commit a crime in order to get tighter security.Lynn developed this information based on publicly available IOS images. There were no illegal acts committed in gaining this information nor was any proprietary information provided for its development. Reverse engineering, specifically for security testing has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/ DVD/1201.html). That being said, what information is he not supposed to have? All the information he had is available to anyone with a disassembler, an IOS image, and an understanding of PPC assembly. If anything, the only "crime" he may or may not have committed is violation of an NDA with ISS, which should a contractual, civil issue not a criminal one.
I think that's why it was a restraining order and not damanges in the amounts of billions, but IANAL. Same way people were asked to not disclose who the half-blooded prince was. I'm not saying it's right, but that's up for the judge(s) involved to decide. As far as Cisco goes, I know it takes them some time to fix bugs, but generally speaking they need to "fix them faster". But this can be said for most vendors. - jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- Re: Cisco IOS Exploit Cover Up, (continued)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
- Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jared Mauch (Jul 28)
- Re: Cisco IOS Exploit Cover Up Stephen Sprunk (Jul 28)
- Re: Cisco IOS Exploit Cover Up Gordon Cook (Jul 27)
- Re: Cisco IOS Exploit Cover Up Jeff Kell (Jul 27)
- Re: Cisco IOS Exploit Cover Up Daniel Golding (Jul 27)
- Re: Cisco IOS Exploit Cover Up Network Fortius (Jul 27)
- Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
- Re: Cisco IOS Exploit Cover Up Dan Hollis (Jul 28)