North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco IOS Exploit Cover Up

  • From: Andre Ludwig
  • Date: Wed Jul 27 16:20:34 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fnILPYHzQgT8C8WFT9WaqXLn3pRNt1It0q5rj1XJa6+zyL3TmhYutrNNxTurkSrlyuu8BxF7DCFrikE+pQE+oTQzKF+YOAxf8Af7sGIkLiWw4yioKHOBC+zjt2CgYPBQWOSpZR7n9k0o+1CdEyQxjfL8HwNOC9wbsiAK9XNDJDY=

Damn he sure did cause a shit storm AGAIN..

from the crn article it looks like they might have him pinned on an
NDA violation.. (taking a shot in the dark)

quote below.

"Cisco respects and encourages the work of independent research
scientists; however, we follow an industry established disclosure
process for communicating to our customers and partners," the company
said in a statement released Wednesday. "It is especially regretful,
and indefensible, that the Black Hat Conference organizers have given
Mr. Lynn a platform to publicly disseminate the information he
illegally obtained."


Which i find is funny because i know that for years people have been
beating up on him for more info into the cisco wireless cards that he
had access to under NDA.  He never once budged from what i know of and
heard.

Damn guess we will have to wait and see what happens, to bad i missed the talk. 



On 7/27/05, Fergie (Paul Ferguson) <[email protected]> wrote:
> 
> 
> For what ot's worth, this story is running in the
> popular trade press:
> 
> "Cisco nixes conference session on hacking IOS router code"
> http://www.networkworld.com/news/2005/072705-cisco-ios.html
> 
> - ferg
> 
> 
> -- "Hannigan, Martin" <[email protected]> wrote:
> 
> >
> > For those who like to keep abreast of security issues, there are
> > interesting developments happening at BlackHat with regards to Cisco
> > IOS and its vulnerability to arbitrary code executions.
> >
> > I apologize for the article itself being brief and lean on technical
> > details, but allow me to say that it does represent a real problem
> > (as in practical and confirmed):
> >
> > http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
> > hole_.html
> >
> 
> 
> Yes, practical _and_ confirmed, but you'll never get $vendor to
> admit it, which is the problem to begin with.
> 
> 
> -M<
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  [email protected] or [email protected]
>  ferg's tech blog: http://fergdawg.blogspot.com/
>