Re: Cisco IOS Exploit Cover Up

• From: Gordon Cook
• Date: Wed Jul 27 20:10:22 2005

...and Wired News is running this story:

"Cisco Security Hole a Whopper"

Excerpt:

[snip]

A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.

Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.

[snip]

http://www.wired.com//privacy/0,1848,68328,00.html

- ferg

-- "Fergie (Paul Ferguson)" <[email protected]> wrote:


For what ot's worth, this story is running in the
popular trade press:

"Cisco nixes conference session on hacking IOS router code"
http://www.networkworld.com/news/2005/072705-cisco-ios.html

- ferg


-- "Hannigan, Martin" <[email protected]> wrote:

For those who like to keep abreast of security issues, there are
interesting developments happening at BlackHat with regards to Cisco
IOS and its vulnerability to arbitrary code executions.

I apologize for the article itself being brief and lean on technical
details, but allow me to say that it does represent a real problem
(as in practical and confirmed):

http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
hole_.html

Yes, practical _and_ confirmed, but you'll never get $vendor to
admit it, which is the problem to begin with.


-M<

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [email protected] or [email protected]
 ferg's tech blog: http://fergdawg.blogspot.com/

• References:
  • RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson)

• Prev by Date: RE: Cisco IOS Exploit Cover Up
• Next by Date: Re: Cisco IOS Exploit Cover Up
• Date Index
• Thread Index
• Author Index
• Historical