Dailydave mailing list archives
RE: Tech reporting...
From: "Victor Chapela" <victor () sm4rt com>
Date: Tue, 2 Aug 2005 11:43:04 -0500
I did attend Lynn's talk and I do not remember him saying anything about Cisco getting sued, quite the opposite. Lynn did imply that there were many other non-patched problems and that he decided to talk about this when he learnt that the source code for IOS had been stolen. He said that what took him 6 months of research would take far less for anyone with access to the source code. At a certain point he emphasised by repeating three times "install the latest patch and you MAY be ok". I understand the problem is a lot larger then just disabling IPv6. Another thing he did say though, and that I have seen no comments on, is that by mistake he overwrote the boot sector of his roommate's Cisco Router rendering it useless until the EPROM was replaced. I do not know if this was already a known attack vector but it most definitely gives a whole new dimension to the impact of an orchestrated DoS attack. -Victor -----Original Message----- Subject: [Dailydave] Tech reporting... " Joseph Klein, senior security analyst at the aerospace electronic systems division for Honeywell Technology Solutions, said he helped arrange a meeting between government IT professionals and Lynn after the talk. Klein said he was furious that Cisco had been unwilling to disclose the buffer-overflow vulnerability in unpatched routers. "I can see a class-action lawsuit against Cisco coming out of this," Klein said. " (source:http://www.computerworld.com/securitytopics/security/story/0,10801,1 03539p2,00.html) So does this imply Cisco silently fixed bugs, and Lynn scorned them for that ? For all I see, the story is getting more and more confusing. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Tech reporting... halvar (Aug 02)
- RE: Tech reporting... Paul Melson (Aug 02)
- RE: Tech reporting... Victor Chapela (Aug 02)
- RE: Tech reporting... Paul Melson (Aug 02)