Educause Security Discussion mailing list archives
Re: furor over Cisco IOS router exploit erupts at Black Hat
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Fri, 29 Jul 2005 10:10:02 -0400
I would much rather things like this be outted publicly, then sold to the highest black-market bidder privately and quietly. Given Cisco's downplaying of the significance, it obvious that it takes this kind of pressure to force them to correct problems they've known about for some time. On Thu, 2005-07-28 at 15:25 -0500, Scott Genung wrote:
All, I just read this article. Based upon Cisco's reaction, I'm rather concerned about this material that has been shared with the hacker community. I have asked my account manager if Cisco will be releasing to it's customer base what vulnerabilities we need to be aware of to defend our infrastructure. It could be a very interesting fall semester.Date: Thu, 28 Jul 2005 12:18:59 -0500 From: NW Cisco News Alert <CiscoAlert () nwfnews com> Subject: Cisco News Alert Special Issue: Furor over Cisco IOS router exploit erupts at Black Hat _______________________________________________________________ Furor over Cisco IOS router exploit erupts at Black Hat By Ellen Messmer, Network World, 07/28/05 Although Cisco and Internet Security Systems had abruptly cancelled a planned technical talk and demo at the Black Hat Conference to reveal how unpatched Cisco routers can be remotely compromised, the researcher who had originally uncovered the problem went ahead with the talk anyway, igniting a spate of lawsuits against himself and the Black Hat Conference. Michael Lynn, the research analyst at ISS who was asked to resign after his presentation detailing how an attacker can exploit flaws in unpatched Cisco routers to gain total control over them, said he felt compelled to reveal the information because "I felt I had to do what's right for the country and the national infrastructure." Cisco and ISS, claiming it was premature to release the research, saw it differently and immediately filed a lawsuit aimed at compelling him not to discuss the subject further. The Black Hat Conference was also served with a lawsuit by the two companies for allowing Lynn to discuss the exploits associated with Cisco routers. Full story: http://www.networkworld.com/news/2005/072805-cisco-black-hat.html?nlScott Genung Manager of Networking Systems Telecommunications and Networking Illinois State University 124 Julian Hall Normal, IL 61790-3500 sagenung () ilstu edu Phone: (309)438-7258 Web: http://www.tel.ilstu.edu
-- Matthew Keller signat-url: http://mattwork.potsdam.edu/signat-url/ "Would you have banned the Internet to save the libraries?" -I, Robot
Current thread:
- furor over Cisco IOS router exploit erupts at Black Hat Scott Genung (Jul 28)
- <Possible follow-ups>
- Re: furor over Cisco IOS router exploit erupts at Black Hat Randy Marchany (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Parker, Ron (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Steve Bernard (Jul 28)
- Re: furor over Cisco IOS router exploit erupts at Black Hat Matthew Keller (Jul 29)