Re: Lynn / Cisco shellcode

["Halvar Flake" <HalVar () gmx de>]

Hey all,


please correct me if my summary is incorrect, but:

 1) Lynn talked about exploitation methods, not about 0day bugs
 2) A significant amount of what he talked about was already known
    if one had read/studied what had previously been published by FX
 3) Cisco and ISS are suing him ?

A few comments come into my mind:

1) My "friends don't let friends" slide from an old Blackhat talk
2) This is nutty. Instead of trying to go after Mr. Lynn, Cisco should
   perhabs do some changes to their heap implementation focusing more
   on security and less on heap integrity. Ah, did I mention being 
   more vigorous in auditing their own code ?
3) I don't know the specifics, but I have the impression that the risk
   of all this is a bit hyped.
4) What "weaknesses" were really presented ? I mean it is a given that
   if you corrupt memory on any computer, you can do shit you should not
   be able to do. Anybody who disputes this is living in a different
   world. So there is nothing that "needs fixing" - what needs fixing
   is the fact that attackers can corrupt memory. Mr. Lynn has presented
   a methodology do utilize the tools (a memory corruption) provided by
   Cisco. But the important part is that the memory corruption is some-
   thing that Cisco put into the software - and it is hard to imagine
   that finding a way to make use of an (unintentionally included)
   feature is anything to be sued over.

I just came off of a very long flight, so I might not be 100% coherent.
But all in all, I think the security industry has gotten to the point
of believing it's own hype. Never a good thing. So on what grounds
are ISS/Cisco suing ?

Cheers,
Halvar

-- 
GMX DSL = Maximale Leistung zum minimalen Preis!
2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave