North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Cisco IOS Exploit Cover Up

  • From: Fergie (Paul Ferguson)
  • Date: Wed Jul 27 19:53:57 2005

...and Wired News is running this story:

"Cisco Security Hole a Whopper"



A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. 

Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here. 


- ferg

-- "Fergie (Paul Ferguson)" <[email protected]> wrote:

For what ot's worth, this story is running in the
popular trade press:

"Cisco nixes conference session on hacking IOS router code"

- ferg

-- "Hannigan, Martin" <[email protected]> wrote:

> For those who like to keep abreast of security issues, there are  
> interesting developments happening at BlackHat with regards to Cisco  
> IOS and its vulnerability to arbitrary code executions.
> I apologize for the article itself being brief and lean on technical  
> details, but allow me to say that it does represent a real problem  
> (as in practical and confirmed):
> hole_.html

Yes, practical _and_ confirmed, but you'll never get $vendor to 
admit it, which is the problem to begin with. 


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [email protected] or [email protected]
 ferg's tech blog: