Re: furor over Cisco IOS router exploit erupts at Black Hat

[Steve Bernard <sbernard () GMU EDU>]

Good points.  From what I have read, the underlying vulnerabilities
have been fixed in the latest versions of IOS, although this may just
be PR talk.  In any case, it highlights the need to stay abreast of
current developments with your critical infrastructure components and
to patch/upgrade your hardware's software/firmware, not just your
Windows boxes ;-)


Steve


On Jul 28, 2005, at 4:32 PM, Randy Marchany wrote:

> > Based upon Cisco's reaction, I'm rather concerned about this
> > material that
> has >been shared with the hacker community.
>
> While I completely agree with Cisco's reaction to this, let's not
> forget a
> couple of things:
>
> 1. Black Hat is NOT the only venue that hackers use to exchange info.
> 2. By the time it gets to Black Hat, it's been in the "underground"
> hacker
> forums for quite some time. The word was out already. This wasn't a
> "i just
> discovered this hole the day before Black Hat!" situation. Black
> Hat is like
> any other conference nowadays --- you have submission deadlines in
> advance of
> the event. So, we're talking a 2-6 month window where the exploit
> was known
> already.
> 3. Would we have heard of the problem any earlier if it hadn't been
> for the
> flap over this disclosure?
>
>     -r.