[82765] in North American Network Operators' Group
Re: Cisco cover up
daemon@ATHENA.MIT.EDU (Randy Bush)
Thu Jul 28 20:08:50 2005
From: Randy Bush <randy@psg.com>
Date: Fri, 29 Jul 2005 09:08:21 +0900
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
> I suspect there was something slightly more than just giving information
> about the vulnerabilities.. the inference is that they demonstrated
> executing arbitrary code from buffer overflows.. perhaps for example they
> developed ways of opening up privilege vty which I dont think has been
> shown before
we can suspect a lot of things. but, as long as information is
suppressed, all we can do is suspect and be victims of those who
have the time to develop exploits. this is why open disclosure
is soooo important. security through obscurity is a well-known
failure mode.
randy
