Cisco IOS Exploit Cover Up
Gordon Cook
cook at cookreport.com
Thu Jul 28 00:09:13 UTC 2005
and talk about closing the barn door after the horse has escaped!??
Haven't they just turned those 15 pages scanned as a pdf and
distributed over a p2p file sharing system like bit torrent into
likely one of the the most sought after documents on the planet?
How long before they show up there? If they aren't there already.
=============================================================
The COOK Report on Internet Protocol, 431 Greenway Ave, Ewing, NJ
08618 USA
609 882-2572 (PSTN) 415 651-4147 (Lingo) cook at cookreport.com
Subscription
info: http://cookreport.com/subscriptions.shtml New report: The Only
Sustainable Edge
vs The Oligopoly at: http://cookreport.com/14.06.shtml
=============================================================
On Jul 27, 2005, at 11:50 PM, Fergie (Paul Ferguson) wrote:
>
>
> ...and Wired News is running this story:
>
> "Cisco Security Hole a Whopper"
>
> Excerpt:
>
> [snip]
>
> A bug discovered in an operating system that runs the majority of
> the world's computer networks would, if exploited, allow an
> attacker to bring down the nation's critical infrastructure, a
> computer security researcher said Wednesday against threat of a
> lawsuit.
>
> Michael Lynn, a former research analyst with Internet Security
> Solutions, quit his job at ISS Tuesday morning before disclosing
> the flaw at Black Hat Briefings, a conference for computer security
> professionals held annually here.
>
> [snip]
>
> http://www.wired.com//privacy/0,1848,68328,00.html
>
> - ferg
>
> -- "Fergie (Paul Ferguson)" <fergdawg at netzero.net> wrote:
>
>
> For what ot's worth, this story is running in the
> popular trade press:
>
> "Cisco nixes conference session on hacking IOS router code"
> http://www.networkworld.com/news/2005/072705-cisco-ios.html
>
> - ferg
>
>
> -- "Hannigan, Martin" <hannigan at verisign.com> wrote:
>
>
>>
>> For those who like to keep abreast of security issues, there are
>> interesting developments happening at BlackHat with regards to Cisco
>> IOS and its vulnerability to arbitrary code executions.
>>
>> I apologize for the article itself being brief and lean on technical
>> details, but allow me to say that it does represent a real problem
>> (as in practical and confirmed):
>>
>> http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
>> hole_.html
>>
>>
>
>
> Yes, practical _and_ confirmed, but you'll never get $vendor to
> admit it, which is the problem to begin with.
>
>
> -M<
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg at netzero.net or fergdawg at sbcglobal.net
> ferg's tech blog: http://fergdawg.blogspot.com/
>
>
>
More information about the NANOG
mailing list