nanog mailing list archives

Re: Cisco cover up

From: Randy Bush <randy () psg com>
Date: Fri, 29 Jul 2005 09:08:21 +0900

I suspect there was something slightly more than just giving information
about the vulnerabilities.. the inference is that they demonstrated
executing arbitrary code from buffer overflows.. perhaps for example they
developed ways of opening up privilege vty which I dont think has been
shown before


we can suspect a lot of things.  but, as long as information is
suppressed, all we can do is suspect and be victims of those who
have the time to develop exploits.  this is why open disclosure
is soooo important.  security through obscurity is a well-known
failure mode.

randy

Current thread:

Cisco cover up J. Oquendo (Jul 27)
- Re: Cisco cover up James Baldwin (Jul 27)
  - Re: Cisco cover up Stephen J. Wilcox (Jul 28)
    - Re: Cisco cover up Randy Bush (Jul 28)
- Re: Cisco cover up Mark Owen (Jul 28)
  - Re: Cisco cover up Mikael Abrahamsson (Jul 28)
    - Re: Cisco cover up james edwards (Jul 28)
    - RE: Cisco cover up Robert Crowe (Jul 28)
    - RE: Cisco cover up James Edwards (Jul 28)
    - Re: Cisco cover up Stephen Sprunk (Jul 28)
  - Re: Cisco cover up Chris Adams (Jul 28)
- <Possible follow-ups>
- RE: Cisco cover up Olsen, Jason (Jul 27)
  - Re: Cisco cover up Joseph S D Yao (Jul 28)
    - Re: Cisco cover up James Baldwin (Jul 28)

(Thread continues...)