nanog mailing list archives

RE: Cisco IOS Exploit Cover Up

From: "Hannigan, Martin" <hannigan () verisign com>
Date: Thu, 28 Jul 2005 00:22:37 -0400

..and of course:

"Cisco Denies Router Vulnerability Claims"

[snip]



Of course. That's how a broken vuln system works. :-)

The major flaw is that the vendor decides who gets to know
about a vulnerability. This causes an insecurity in "the system"
because $vendor is dealing with people usually more qualified than
themselves to make a decision on who needs to know and make one
independant of revenue<-- .

$vendor is probably not the best person to decide who
gets on the secret-15 lists et. al.

-M<

Current thread:

Re: Cisco IOS Exploit Cover Up, (continued)
- - - Re: Cisco IOS Exploit Cover Up Jared Mauch (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Stephen Sprunk (Jul 28)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
  - Re: Cisco IOS Exploit Cover Up Gordon Cook (Jul 27)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
  - Re: Cisco IOS Exploit Cover Up Jeff Kell (Jul 27)
    - Re: Cisco IOS Exploit Cover Up Daniel Golding (Jul 27)
    - Re: Cisco IOS Exploit Cover Up Network Fortius (Jul 27)
    - Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Dan Hollis (Jul 28)
- RE: Cisco IOS Exploit Cover Up Hannigan, Martin (Jul 27)
- RE: Cisco IOS Exploit Cover Up Hank Nussbacher (Jul 27)
- Re: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 28)
- Re: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 28)
  - Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
    - RE: Cisco IOS Exploit Cover Up Geo. (Jul 28)
    - RE: Cisco IOS Exploit Cover Up Randy Bush (Jul 28)
    - RE: Cisco IOS Exploit Cover Up John A. Kilpatrick (Jul 28)
    - Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Randy Bush (Jul 28)
    - Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)

(Thread continues...)