Re: Lynn / Cisco shellcode

["Thor Larholm" <thor () pivx com>]

Thanks for the clarification :)

Perhaps you can clarify this as well:
Cisco just released a security advisory (http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml) which 
patches a code execution vulnerability in pretty much all IOS systems. They credit Michael Lynn for disclosing this 
vulnerability at Blackhat, before the patch was created.

Did Lynn disclose an unpatched IOS vulnerability during his presentation?

Thor


--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: dailydave-bounces () lists immunitysec com <dailydave-bounces () lists immunitysec com>
To: dailydave () lists immunitysec com <dailydave () lists immunitysec com>
Sent: Fri Jul 29 07:57:11 2005
Subject: RE: [Dailydave] Lynn / Cisco shellcode

Mike stated clearly and more than once that he didn't have access to
source. You can choose to believe whatever you want, and unfortunately,
there's no record to refute all the BS out now.

He mentioned that the source *had* been stolen twice in recent history,
but he didn't have any source code.  He also explained how you can
google up instructions (in Chinese) on hooking a debugger to the
router, and how handy the 'dump memory' command is - he asked if anyone
had legitimately used "dump memory" in their work and one (1) person in
the audience raised his hand.

It's unfortunate that the talk has been censored out of existence. He
had generally complimentary things to say about Cisco coders and ISS,
and nothing you could walk away with and 0wn the internet without
months of work *and* a time machine.  Well, he touched on how Cisco is
poised to lower the bar for future attackers by virtualizing the ...
(memory error) so that all offsets will be identical across their
hardware line; that doesn't bode well.

If people could watch the video and see what he *actually* said and did,
they'd chill.

I gotta go stand in line in the heat now ;-)

Surreal
> From: "Thor Larholm" <thor () pivx com>
> > > While Lynn worked at ISS he was doing a source code analysis for
> Cisco.
>
> > uh, no he didn't. where did you pull this idea from?
>
> > From the press, from the rumour mill, from everybody who was actually
> talking about it.
>
> It made a lot of sense that Lynn would have done a source code analysis
> and thus simply have broken his NDA. I choose to believe this as it
> would mean Cisco and ISS were not trying to silence security research,
> especially considering that the people attending the show did not talk
> about any new vulnerabilities being disclosed, just OIS system
> internals. In other words, I'm giving you the benefit of doubt, trusting
> that you simply handled the press situation badly.
>
> Cisco and ISS didn't talk about any specifics, but I would love to hear
> you explain what actually happened. Or at least point us to copies of
> the lawsuit. We're all just curious about what could necessitate the
> need for silence.
>
>
>
> Regards
>
> Thor Larholm
> Senior Security Researcher
> PivX Solutions
> 23 Corporate Plaza #280
> Newport Beach, CA 92660
> http://www.pivx.com
> thor () pivx com
> Stock symbol: (PIVX.OB)
> Phone: +1 (949) 231-8496
> PGP: 0x4207AEE9
> B5AB D1A4 D4FD 5731 89D6  20CD 5BDB 3D99 4207 AEE9
>
> PivX defines a new genre in Desktop Security: Proactive Threat
> Mitigation.
> <http://www.pivx.com/qwikfix>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> https://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave