IOS Rookit: the sky isn't falling (yet)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue May 27 17:54:19 UTC 2008
On Tue, 27 May 2008 10:47:08 PDT, goemon at anime.net said:
> What you want is cisco hardware that verifies firmware signatures in
> hardware.
Yes, but that requires new hardware. Understanding the security risk in
accepting an unsigned MD5 signature from the same place that you accepted the
file from is a wetware issue.
Granted, at many shops hardware upgrades are easier than wetware upgrades. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080527/49bb8229/attachment.sig>
More information about the NANOG
mailing list