Educause Security Discussion mailing list archives
Re: furor over Cisco IOS router exploit erupts at Black Hat
From: Steve Bernard <sbernard () GMU EDU>
Date: Thu, 28 Jul 2005 20:58:53 -0400
Good points. From what I have read, the underlying vulnerabilities have been fixed in the latest versions of IOS, although this may just be PR talk. In any case, it highlights the need to stay abreast of current developments with your critical infrastructure components and to patch/upgrade your hardware's software/firmware, not just your Windows boxes ;-) Steve On Jul 28, 2005, at 4:32 PM, Randy Marchany wrote:
Based upon Cisco's reaction, I'm rather concerned about this material thathas >been shared with the hacker community. While I completely agree with Cisco's reaction to this, let's not forget a couple of things: 1. Black Hat is NOT the only venue that hackers use to exchange info. 2. By the time it gets to Black Hat, it's been in the "underground" hacker forums for quite some time. The word was out already. This wasn't a "i just discovered this hole the day before Black Hat!" situation. Black Hat is like any other conference nowadays --- you have submission deadlines in advance of the event. So, we're talking a 2-6 month window where the exploit was known already. 3. Would we have heard of the problem any earlier if it hadn't been for the flap over this disclosure? -r.
Current thread:
- furor over Cisco IOS router exploit erupts at Black Hat Scott Genung (Jul 28)
- <Possible follow-ups>
- Re: furor over Cisco IOS router exploit erupts at Black Hat Randy Marchany (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Parker, Ron (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Steve Bernard (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Matthew Keller (Jul 29)