[167830] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Dec 30 17:52:03 2013
Date: Mon, 30 Dec 2013 12:51:38 -1000
From: Randy Bush <randy@psg.com>
To: Clay Kossmeyer <ckossmey@cisco.com>
In-Reply-To: <CCED13A5-3270-491A-97DE-819279492BE3@cisco.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Clay Kossmeyer here from the Cisco PSIRT.
shoveling kitty litter as fast as you can, eh?
> http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel
"The article does not discuss or disclose any Cisco product vulnerabilities."
this is disengenuous at best. from the nsa document copied in der
spiegel and now many other places:
"JETPLOW is a firmware persistence implant for Cisco PIX series and
ASA firewalls ..."
so in cisco kitty litter lingo, what would be "discuss[ing] or
disclos[ing] any Cisco product vulnerabilities? the exploit code
itself?
randy
