Cisco IOS Exploit Cover Up

Andre Ludwig andre.ludwig at gmail.com
Wed Jul 27 20:16:58 UTC 2005


Damn he sure did cause a shit storm AGAIN..

from the crn article it looks like they might have him pinned on an
NDA violation.. (taking a shot in the dark)

quote below.

"Cisco respects and encourages the work of independent research
scientists; however, we follow an industry established disclosure
process for communicating to our customers and partners," the company
said in a statement released Wednesday. "It is especially regretful,
and indefensible, that the Black Hat Conference organizers have given
Mr. Lynn a platform to publicly disseminate the information he
illegally obtained."


Which i find is funny because i know that for years people have been
beating up on him for more info into the cisco wireless cards that he
had access to under NDA.  He never once budged from what i know of and
heard.

Damn guess we will have to wait and see what happens, to bad i missed the talk. 



On 7/27/05, Fergie (Paul Ferguson) <fergdawg at netzero.net> wrote:
> 
> 
> For what ot's worth, this story is running in the
> popular trade press:
> 
> "Cisco nixes conference session on hacking IOS router code"
> http://www.networkworld.com/news/2005/072705-cisco-ios.html
> 
> - ferg
> 
> 
> -- "Hannigan, Martin" <hannigan at verisign.com> wrote:
> 
> >
> > For those who like to keep abreast of security issues, there are
> > interesting developments happening at BlackHat with regards to Cisco
> > IOS and its vulnerability to arbitrary code executions.
> >
> > I apologize for the article itself being brief and lean on technical
> > details, but allow me to say that it does represent a real problem
> > (as in practical and confirmed):
> >
> > http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
> > hole_.html
> >
> 
> 
> Yes, practical _and_ confirmed, but you'll never get $vendor to
> admit it, which is the problem to begin with.
> 
> 
> -M<
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg at netzero.net or fergdawg at sbcglobal.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>



More information about the NANOG mailing list