Security Basics mailing list archives
RE: Cisco Workaround
From: "Dozal, Tim" <tdozal () cisco com>
Date: Wed, 30 Jul 2003 10:04:48 -0700
If you were running 12.1 or 12.2T or any other of the various flavors of IOS this patch did not bring them all in line. They all have different feature sets so that "theory" doesn't make much sense. That's like saying a MS patch could make Win95, Win98, Win ME, Win2k all into a single product with a patch. I'm not an IOS guru but I can say that this theory is pretty silly. Nobody likes to find flaws in there products, but it is the responsibility of a company if they do find a flaw that could impact customers, to do everything in their power to fix the problem. Tim (the above is my personal view, not that of the company btw) -----Original Message----- From: Todd Mitchell - lists [mailto:lists () ciphin com] Sent: Wednesday, July 30, 2003 9:02 AM To: 'Jac'; security-basics () securityfocus com Subject: RE: Cisco Workaround | As to support, I heard an interesting conspiracy | theory related to Cisco support and the IOS flaw: | | The theory is that Cisco had far to many IOS versions | that they support in the field and in order to reduce | support costs they "conveniently" found this flaw with | the IOS software and used it to propel an upgrade of | all IOS system. Thus reducing the overall costs of | support and saving Cisco a large amount of $$$$$. | | I have found it strange that such an easy and | dangerous flaw has not given Cisco a black eye on | this. Micro$oft constantly is getting beaten for less | dangerous flaws in their OS and other softwares, but | Cisco actually has gotten praise for having found and | published the flaws details [as limited as those | details were]. | | What do you think? Interesting theory; however way to risky from a business point of view. The bean counters might be happy now that they only have to support x versions of IOS & in turn are saving x dollars. But keep in mind the negative ramifications from a massive security alert are/were unknown and I doubt Cisco would risk their reputation or whatever to bring everyone onto the same wave length just to save a few pennies. Todd -- | | Jac | | | "I'm not paranoid, everyone is out to get me." | | --- stephane nasdrovisky | <stephane.nasdrovisky () uniway be> wrote: | > | > As far as this particular issue is concerned, Cisco | > do provide a high quality of | > support to its customers. What they don't provide is | > free training for lazy | > network administrators. If you're unable to apply | > the IOS patch they freely | > provide to any administrator who asks for it (as | > stated in the advisory), why | > would you complain and waste anybody's time? | > | > | > > As for Wesley, don't you believe that cisco should | > be responsible on providing | > > a high quality of support to its customers since | > they paid $$$$$$$$$$$$$ | > | > | > | ------------------------------------------------------------------------ -- | - | > | ------------------------------------------------------------------------ -- | -- | > | | | __________________________________ | Do you Yahoo!? | Yahoo! SiteBuilder - Free, easy-to-use web site design software | http://sitebuilder.yahoo.com | | ------------------------------------------------------------------------ -- | - | ------------------------------------------------------------------------ -- | -- | ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Cisco Workaround, (continued)
- Re: Cisco Workaround joshua sahala (Jul 28)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 29)
- Re: Cisco Workaround stephane nasdrovisky (Jul 29)
- Re: Cisco Workaround Jac (Jul 30)
- RE: Cisco Workaround Todd Mitchell - lists (Jul 30)
- Re: Cisco Workaround James Fields (Jul 30)
- Re: Cisco Workaround Jac (Jul 31)
- RE: Cisco Workaround Adam Overlin (Jul 31)
- RE: Cisco Workaround Paul Benedek (Jul 31)
- Re: Cisco Workaround stephane nasdrovisky (Jul 29)