[82951] in North American Network Operators' Group
RE: "Cisco gate" and "Meet the Fed" at Defcon....
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Aug 2 09:06:14 2005
Date: Tue, 02 Aug 2005 13:05:07 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <20050802125005.47802398C3@equinox.DOMINO.ORG>
To: "Neil J. McRae" <neil@DOMINO.ORG>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Tue, 2 Aug 2005, Neil J. McRae wrote:
>
> > no, but I'd like to... since I'm upgrading and all (for
> > security reasons and ipv6 is so much better for security, right? :) )
>
> ok so your issue is totally irrelvant to the recent "ciscogate"
> paranoia?
no... not really, not originally, it got morphed into something different
:( So, the ciscogate paranoia, as near as I saw, got down to: "cisco wont
tell people about vulns as soon as they know about them" (or some version
of I don't get to know fast enough about vulns from a vendor, while we
currently bash on cisco)
With that in mind, the example 2500 above is a cisco box, running old code
because it can't be upgraded to current code. Cisco is reluctant to tell
folks in public about vulnerabilities without there beig fixes for the
problem in as much running code as possible.
-Chris
