Dailydave mailing list archives

RE: Lynn / Cisco shellcode

From: "Dennis Cox" <dcox () tippingpoint com>
Date: Thu, 28 Jul 2005 22:50:13 -0500

Rodney brings up a good point. I've heard a number of items regarding the government being involved etc,etc. I really 
don't buy it personally. Meaning I don't think the government was the one's that told Cisco to suppress the 
information. Maybe they did - but I just don't buy into a lot of conspiracy theories personally. I've meet too many 
government employees and the majority of the them just can't move that quickly and aren't good at keeping secrets :) 
Cisco may have called them...
 
So does that mean that perhaps the government (or a government type agency (e.g. UN)) should become a notification 
point for vulnerabilities in the future? I realize it's got ton's of downsides (too numerous to list) but the upside is 
pressure. They can put ton's of pressure on Cisco and Oracle (700 day's was mentioned before which is an ungodly amount 
of time) to fix the vulnerability by denying government purchases of that vendors equipment until such a time as the 
vulnerability is resolved. 
 
I realize this is a bit taboo - and I don't mean it that way but in reality maybe just a note saying "Cisco's being a 
bad boy regarding security" can go a long way to the right person somewhere.
 

________________________________

From: Rodney Thayer [mailto:rodney () canola-jones com]
Sent: Thu 7/28/2005 7:57 PM
To: Dennis Cox
Cc: dailydave () lists immunitysec com
Subject: Re: [Dailydave] Lynn / Cisco shellcode



Dennis Cox wrote:


I think deep down he spent so long on it and he got something he thought
was really neat he didn't want to see it squashed so he broke the rules
of employment and presented it anyway. Then again where's the filter for
this protection?


There's a word for this situation.

It's "whistleblower".

He played the whistleblower card.

Now I don't think there was really a whistleblower card in the
poker game he was playing in.  And of course there's some conflicting
info on whether or not he should have done it.  I do hear that all the
feds think he did the right thing because they'd rather know than have
it suppressed.





_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Lynn / Cisco shellcode, (continued)
- - Re: Lynn / Cisco shellcode Mordy Ovits (Jul 28)
    - Re: Lynn / Cisco shellcode Steve Lord (Jul 28)
    - Re: Lynn / Cisco shellcode ET LoWNOISE (Jul 28)
    - Re: Lynn / Cisco shellcode Alex Stamos (Jul 28)
    - Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 28)
    - Re: Lynn / Cisco shellcode Michael Silk (Jul 28)
    - Re: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
    - Re: Lynn / Cisco shellcode Pukhraj Singh (Jul 29)
- RE: Lynn / Cisco shellcode Todd Towles (Jul 28)
- RE: Lynn / Cisco shellcode Dowd, Mark (ISS Atlanta) (Jul 28)
- RE: Lynn / Cisco shellcode Dennis Cox (Jul 28)
- RE: Lynn / Cisco shellcode Dennis Cox (Jul 28)
  - RE: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
- RE: Lynn / Cisco shellcode Thor Larholm (Jul 29)
- RE: Lynn / Cisco shellcode surreal (Jul 29)
  - Re: Lynn / Cisco shellcode Ron Guerin (Jul 29)
  - Re: Lynn / Cisco shellcode Anthony Zboralski (Jul 29)
- Re: Lynn / Cisco shellcode Thor Larholm (Jul 29)
- RE: Lynn / Cisco shellcode surreal (Jul 29)
  - Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 30)
    - Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 30)

(Thread continues...)