RE: Cisco IOS Exploit Cover Up

["Fergie (Paul Ferguson)" <fergdawg () netzero net>]

...and Wired News is running this story:

"Cisco Security Hole a Whopper"

Excerpt:

[snip]

A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, 
allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday 
against threat of a lawsuit. 

Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before 
disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. 

[snip]

http://www.wired.com/news/privacy/0,1848,68328,00.html

- ferg

-- "Fergie (Paul Ferguson)" <fergdawg () netzero net> wrote:


For what ot's worth, this story is running in the
popular trade press:

"Cisco nixes conference session on hacking IOS router code"
http://www.networkworld.com/news/2005/072705-cisco-ios.html

- ferg


-- "Hannigan, Martin" <hannigan () verisign com> wrote:

> For those who like to keep abreast of security issues, there are  
> interesting developments happening at BlackHat with regards to Cisco  
> IOS and its vulnerability to arbitrary code executions.
>
> I apologize for the article itself being brief and lean on technical  
> details, but allow me to say that it does represent a real problem  
> (as in practical and confirmed):
>
> http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
> hole_.html


Yes, practical _and_ confirmed, but you'll never get $vendor to 
admit it, which is the problem to begin with. 
  

-M<

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/