Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Lynn / Cisco shellcode

From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 28 Jul 2005 16:19:29 -0500
This is true, but right before the conference Cisco changed their mind
(a Cisco person was going to co-present the information even) and didn't
want the information released (because they were still working on the
problem, so they say). All the pages were removed from the bulk
information given to attendees and he was told to talk about another
subject. He then decided he wasn't going to do this...it would seem.

This is how I understand it anyways.


-----Original Message-----
From: dailydave-bounces () lists immunitysec com 
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of 
ET LoWNOISE
Sent: Thursday, July 28, 2005 3:35 PM
To: Steve Lord
Cc: dailydave () lists immunitysec com
Subject: Re: [Dailydave] Lynn / Cisco shellcode


I dont know but this issue isnt something like someone 
sending an email to everybody with propietary information. 
Even the bh-usa-05-speakers list specified what Lynn was going to do.

"Michael Lynn will provide an
architectural overview of IOS and explore the feasibility of 
code execution against Cisco routers."

This things are not published and prepared one day before the 
conference, its hard to think that ISS didnt have a clue 
about what was going to happen. 



On Thu, 28 Jul 2005, Steve Lord wrote:


Mordy Ovits wrote:


On Thursday 28 July 2005 09:14 am, Thor Larholm wrote:
 


While Lynn worked at ISS he was doing a source code analysis for 
Cisco.
   



If that's true, than the biggest loser in this incident is 

ISS.  Lynn 

may suffer, but ISS is ruined.

Mordy
 


I'm not sure I agree with that last sentence Mordy. 

Depending upon how 

they handle it they may never see Cisco again, but there's 

a world of 

difference between X-Force losing major clients and ISS worldwide 
going down the pan, at least that's how I see it (not that 

I'd shed a 

tear for ISS if they did go down the pan, but that's beside 

the point).


If ISS were doing a source code analysis, I do hope they have the 
right to sue the bejesus out of the guy. I'd also suggest 

that Cisco 

point the finger at ISS, rather than Lynn as he was under 

ISS's employ 

at the time he wrote the talk, even though he wasn't when 

he gave it 

and ultimately ISS is liable for his breach of NDA.

However, if this turns into a DMCA job or a wacky 
piracy/terrorist-type criminal issue, it just gives me 

another reason 

not to return to the U.S. and remain in my undersea lair with my 
home-grown PVR, open-source systems and TOR-ified tin-foil-covered 
Internet connection ;)

Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: