[82693] in North American Network Operators' Group
Re: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Gordon Cook)
Wed Jul 27 20:09:41 2005
In-Reply-To: <20050727.165123.3919.155286@webmail29.lax.untd.com>
From: Gordon Cook <cook@cookreport.com>
Date: Wed, 27 Jul 2005 20:09:13 -0400
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
and talk about closing the barn door after the horse has escaped!??
Haven't they just turned those 15 pages scanned as a pdf and
distributed over a p2p file sharing system like bit torrent into
likely one of the the most sought after documents on the planet?
How long before they show up there? If they aren't there already.
=============================================================
The COOK Report on Internet Protocol, 431 Greenway Ave, Ewing, NJ
08618 USA
609 882-2572 (PSTN) 415 651-4147 (Lingo) cook@cookreport.com
Subscription
info: http://cookreport.com/subscriptions.shtml New report: The Only
Sustainable Edge
vs The Oligopoly at: http://cookreport.com/14.06.shtml
=============================================================
On Jul 27, 2005, at 11:50 PM, Fergie (Paul Ferguson) wrote:
>
>
> ...and Wired News is running this story:
>
> "Cisco Security Hole a Whopper"
>
> Excerpt:
>
> [snip]
>
> A bug discovered in an operating system that runs the majority of
> the world's computer networks would, if exploited, allow an
> attacker to bring down the nation's critical infrastructure, a
> computer security researcher said Wednesday against threat of a
> lawsuit.
>
> Michael Lynn, a former research analyst with Internet Security
> Solutions, quit his job at ISS Tuesday morning before disclosing
> the flaw at Black Hat Briefings, a conference for computer security
> professionals held annually here.
>
> [snip]
>
> http://www.wired.com//privacy/0,1848,68328,00.html
>
> - ferg
>
> -- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote:
>
>
> For what ot's worth, this story is running in the
> popular trade press:
>
> "Cisco nixes conference session on hacking IOS router code"
> http://www.networkworld.com/news/2005/072705-cisco-ios.html
>
> - ferg
>
>
> -- "Hannigan, Martin" <hannigan@verisign.com> wrote:
>
>
>>
>> For those who like to keep abreast of security issues, there are
>> interesting developments happening at BlackHat with regards to Cisco
>> IOS and its vulnerability to arbitrary code executions.
>>
>> I apologize for the article itself being brief and lean on technical
>> details, but allow me to say that it does represent a real problem
>> (as in practical and confirmed):
>>
>> http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
>> hole_.html
>>
>>
>
>
> Yes, practical _and_ confirmed, but you'll never get $vendor to
> admit it, which is the problem to begin with.
>
>
> -M<
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg@netzero.net or fergdawg@sbcglobal.net
> ferg's tech blog: http://fergdawg.blogspot.com/
>
>
>
