RE: Lynn / Cisco shellcode

["Thor Larholm" <thor () pivx com>]

> From: Dowd, Mark (ISS Atlanta) [mailto:MDowd () iss net] 
> > While Lynn worked at ISS he was doing a source code analysis for
Cisco.

> uh, no he didn't. where did you pull this idea from?

> From the press, from the rumour mill, from everybody who was actually
talking about it.

It made a lot of sense that Lynn would have done a source code analysis
and thus simply have broken his NDA. I choose to believe this as it
would mean Cisco and ISS were not trying to silence security research,
especially considering that the people attending the show did not talk
about any new vulnerabilities being disclosed, just OIS system
internals. In other words, I'm giving you the benefit of doubt, trusting
that you simply handled the press situation badly.

Cisco and ISS didn't talk about any specifics, but I would love to hear
you explain what actually happened. Or at least point us to copies of
the lawsuit. We're all just curious about what could necessitate the
need for silence.



Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
23 Corporate Plaza #280
Newport Beach, CA 92660
http://www.pivx.com
thor () pivx com
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
PGP: 0x4207AEE9
B5AB D1A4 D4FD 5731 89D6  20CD 5BDB 3D99 4207 AEE9

PivX defines a new genre in Desktop Security: Proactive Threat
Mitigation. 
<http://www.pivx.com/qwikfix>  
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave