![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Cisco IOS Exploit Cover Up
From: Gordon Cook <cook () cookreport com>
Date: Wed, 27 Jul 2005 20:09:13 -0400
and talk about closing the barn door after the horse has escaped!?? Haven't they just turned those 15 pages scanned as a pdf and distributed over a p2p file sharing system like bit torrent into likely one of the the most sought after documents on the planet?
How long before they show up there? If they aren't there already. =============================================================The COOK Report on Internet Protocol, 431 Greenway Ave, Ewing, NJ 08618 USA 609 882-2572 (PSTN) 415 651-4147 (Lingo) cook () cookreport com Subscription info: http://cookreport.com/subscriptions.shtml New report: The Only Sustainable Edge
vs The Oligopoly at: http://cookreport.com/14.06.shtml ============================================================= On Jul 27, 2005, at 11:50 PM, Fergie (Paul Ferguson) wrote:
...and Wired News is running this story: "Cisco Security Hole a Whopper" Excerpt: [snip]A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.[snip] http://www.wired.com//privacy/0,1848,68328,00.html - ferg -- "Fergie (Paul Ferguson)" <fergdawg () netzero net> wrote: For what ot's worth, this story is running in the popular trade press: "Cisco nixes conference session on hacking IOS router code" http://www.networkworld.com/news/2005/072705-cisco-ios.html - ferg -- "Hannigan, Martin" <hannigan () verisign com> wrote:For those who like to keep abreast of security issues, there are interesting developments happening at BlackHat with regards to Cisco IOS and its vulnerability to arbitrary code executions. I apologize for the article itself being brief and lean on technical details, but allow me to say that it does represent a real problem (as in practical and confirmed): http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_ hole_.htmlYes, practical _and_ confirmed, but you'll never get $vendor to admit it, which is the problem to begin with. -M< -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- Re: Cisco IOS Exploit Cover Up, (continued)
- Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
- Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jared Mauch (Jul 28)
- Re: Cisco IOS Exploit Cover Up Stephen Sprunk (Jul 28)
- Re: Cisco IOS Exploit Cover Up Gordon Cook (Jul 27)
- Re: Cisco IOS Exploit Cover Up Jeff Kell (Jul 27)
- Re: Cisco IOS Exploit Cover Up Daniel Golding (Jul 27)
- Re: Cisco IOS Exploit Cover Up Network Fortius (Jul 27)
- Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
- Re: Cisco IOS Exploit Cover Up Dan Hollis (Jul 28)