North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Cisco IOS Exploit Cover Up

  • From: Fergie (Paul Ferguson)
  • Date: Wed Jul 27 19:53:57 2005


...and Wired News is running this story:

"Cisco Security Hole a Whopper"

Excerpt:

[snip]

A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. 

Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. 

[snip]

http://www.wired.com/news/privacy/0,1848,68328,00.html

- ferg

-- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote:


For what ot's worth, this story is running in the
popular trade press:

"Cisco nixes conference session on hacking IOS router code"
http://www.networkworld.com/news/2005/072705-cisco-ios.html

- ferg


-- "Hannigan, Martin" <hannigan@verisign.com> wrote:

> 
> For those who like to keep abreast of security issues, there are  
> interesting developments happening at BlackHat with regards to Cisco  
> IOS and its vulnerability to arbitrary code executions.
> 
> I apologize for the article itself being brief and lean on technical  
> details, but allow me to say that it does represent a real problem  
> (as in practical and confirmed):
> 
> http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
> hole_.html
> 


Yes, practical _and_ confirmed, but you'll never get $vendor to 
admit it, which is the problem to begin with. 
  

-M<

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg@netzero.net or fergdawg@sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/