Cisco IOS Exploit Cover Up
Fergie (Paul Ferguson)
fergdawg at netzero.net
Wed Jul 27 23:50:26 UTC 2005
...and Wired News is running this story:
"Cisco Security Hole a Whopper"
Excerpt:
[snip]
A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.
Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.
[snip]
http://www.wired.com/news/privacy/0,1848,68328,00.html
- ferg
-- "Fergie (Paul Ferguson)" <fergdawg at netzero.net> wrote:
For what ot's worth, this story is running in the
popular trade press:
"Cisco nixes conference session on hacking IOS router code"
http://www.networkworld.com/news/2005/072705-cisco-ios.html
- ferg
-- "Hannigan, Martin" <hannigan at verisign.com> wrote:
>
> For those who like to keep abreast of security issues, there are
> interesting developments happening at BlackHat with regards to Cisco
> IOS and its vulnerability to arbitrary code executions.
>
> I apologize for the article itself being brief and lean on technical
> details, but allow me to say that it does represent a real problem
> (as in practical and confirmed):
>
> http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
> hole_.html
>
Yes, practical _and_ confirmed, but you'll never get $vendor to
admit it, which is the problem to begin with.
-M<
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg at netzero.net or fergdawg at sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the NANOG
mailing list