[59708] in North American Network Operators' Group
Re: Cisco IOS Vulnerability
daemon@ATHENA.MIT.EDU (Daniel Karrenberg)
Fri Jul 18 03:05:16 2003
Date: Fri, 18 Jul 2003 09:04:43 +0200
From: Daniel Karrenberg <daniel.karrenberg@ripe.net>
To: Andy Dills <andy@xecu.net>
Cc: Jack Bates <jbates@brightok.net>,
Sean Donelan <sean@donelan.com>,
Mikael Abrahamsson <swmike@swm.pp.se>, nanog@merit.edu
Mail-Followup-To: Andy Dills <andy@xecu.net>,
Jack Bates <jbates@brightok.net>, Sean Donelan <sean@donelan.com>,
Mikael Abrahamsson <swmike@swm.pp.se>, nanog@merit.edu
In-Reply-To: <Pine.BSF.4.44.0307171558130.35444-100000@thunder.xecu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On 17.07 15:59, Andy Dills wrote:
> Sendmail is open source, IOS is not.
>
> Knowing where the problem is and knowing how to exploit it are two
> entirely different situations.
You are naive: Security through obscurity has never worked.
You need secrecy if you go down this road; and that is hard to do.
We are extremely lucky that Cisco managed to keep this under wraps for more
than two months.
The luck will not stretch to noone having the source code to a version of
IOS with the probelm or the imagination necessary to find it without source.
Daniel
