Dailydave mailing list archives
RE: Lynn / Cisco shellcode
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 28 Jul 2005 16:19:29 -0500
This is true, but right before the conference Cisco changed their mind (a Cisco person was going to co-present the information even) and didn't want the information released (because they were still working on the problem, so they say). All the pages were removed from the bulk information given to attendees and he was told to talk about another subject. He then decided he wasn't going to do this...it would seem. This is how I understand it anyways.
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of ET LoWNOISE Sent: Thursday, July 28, 2005 3:35 PM To: Steve Lord Cc: dailydave () lists immunitysec com Subject: Re: [Dailydave] Lynn / Cisco shellcode I dont know but this issue isnt something like someone sending an email to everybody with propietary information. Even the bh-usa-05-speakers list specified what Lynn was going to do. "Michael Lynn will provide an architectural overview of IOS and explore the feasibility of code execution against Cisco routers." This things are not published and prepared one day before the conference, its hard to think that ISS didnt have a clue about what was going to happen. On Thu, 28 Jul 2005, Steve Lord wrote:Mordy Ovits wrote:On Thursday 28 July 2005 09:14 am, Thor Larholm wrote:While Lynn worked at ISS he was doing a source code analysis for Cisco.If that's true, than the biggest loser in this incident isISS. Lynnmay suffer, but ISS is ruined. MordyI'm not sure I agree with that last sentence Mordy.Depending upon howthey handle it they may never see Cisco again, but there'sa world ofdifference between X-Force losing major clients and ISS worldwide going down the pan, at least that's how I see it (not thatI'd shed atear for ISS if they did go down the pan, but that's besidethe point).If ISS were doing a source code analysis, I do hope they have the right to sue the bejesus out of the guy. I'd also suggestthat Ciscopoint the finger at ISS, rather than Lynn as he was underISS's employat the time he wrote the talk, even though he wasn't whenhe gave itand ultimately ISS is liable for his breach of NDA. However, if this turns into a DMCA job or a wacky piracy/terrorist-type criminal issue, it just gives meanother reasonnot to return to the U.S. and remain in my undersea lair with my home-grown PVR, open-source systems and TOR-ified tin-foil-covered Internet connection ;) Steve _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lynn / Cisco shellcode, (continued)
- Re: Lynn / Cisco shellcode Halvar Flake (Jul 28)
- RE: Lynn / Cisco shellcode Thor Larholm (Jul 28)
- Re: Lynn / Cisco shellcode Mordy Ovits (Jul 28)
- Re: Lynn / Cisco shellcode Steve Lord (Jul 28)
- Re: Lynn / Cisco shellcode ET LoWNOISE (Jul 28)
- Re: Lynn / Cisco shellcode Alex Stamos (Jul 28)
- Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 28)
- Re: Lynn / Cisco shellcode Michael Silk (Jul 28)
- Re: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
- Re: Lynn / Cisco shellcode Mordy Ovits (Jul 28)
- Re: Lynn / Cisco shellcode Pukhraj Singh (Jul 29)
- RE: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
- Re: Lynn / Cisco shellcode Ron Guerin (Jul 29)
- Re: Lynn / Cisco shellcode Anthony Zboralski (Jul 29)