Dailydave mailing list archives
RE: Lynn / Cisco shellcode
From: "Dennis Cox" <dcox () tippingpoint com>
Date: Thu, 28 Jul 2005 22:50:13 -0500
Rodney brings up a good point. I've heard a number of items regarding the government being involved etc,etc. I really don't buy it personally. Meaning I don't think the government was the one's that told Cisco to suppress the information. Maybe they did - but I just don't buy into a lot of conspiracy theories personally. I've meet too many government employees and the majority of the them just can't move that quickly and aren't good at keeping secrets :) Cisco may have called them... So does that mean that perhaps the government (or a government type agency (e.g. UN)) should become a notification point for vulnerabilities in the future? I realize it's got ton's of downsides (too numerous to list) but the upside is pressure. They can put ton's of pressure on Cisco and Oracle (700 day's was mentioned before which is an ungodly amount of time) to fix the vulnerability by denying government purchases of that vendors equipment until such a time as the vulnerability is resolved. I realize this is a bit taboo - and I don't mean it that way but in reality maybe just a note saying "Cisco's being a bad boy regarding security" can go a long way to the right person somewhere. ________________________________ From: Rodney Thayer [mailto:rodney () canola-jones com] Sent: Thu 7/28/2005 7:57 PM To: Dennis Cox Cc: dailydave () lists immunitysec com Subject: Re: [Dailydave] Lynn / Cisco shellcode Dennis Cox wrote:
I think deep down he spent so long on it and he got something he thought was really neat he didn't want to see it squashed so he broke the rules of employment and presented it anyway. Then again where's the filter for this protection?
There's a word for this situation. It's "whistleblower". He played the whistleblower card. Now I don't think there was really a whistleblower card in the poker game he was playing in. And of course there's some conflicting info on whether or not he should have done it. I do hear that all the feds think he did the right thing because they'd rather know than have it suppressed. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lynn / Cisco shellcode, (continued)
- Re: Lynn / Cisco shellcode Mordy Ovits (Jul 28)
- Re: Lynn / Cisco shellcode Steve Lord (Jul 28)
- Re: Lynn / Cisco shellcode ET LoWNOISE (Jul 28)
- Re: Lynn / Cisco shellcode Alex Stamos (Jul 28)
- Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 28)
- Re: Lynn / Cisco shellcode Michael Silk (Jul 28)
- Re: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
- Re: Lynn / Cisco shellcode Mordy Ovits (Jul 28)
- Re: Lynn / Cisco shellcode Pukhraj Singh (Jul 29)
- RE: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
- Re: Lynn / Cisco shellcode Ron Guerin (Jul 29)
- Re: Lynn / Cisco shellcode Anthony Zboralski (Jul 29)
- Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 30)
- Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 30)