|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Dailydave] Lynn / Cisco shellcode
From: Todd Towles (toddtowles
brookshires.com)
Date: Thu Jul 28 2005 - 16:19:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is true, but right before the conference Cisco changed their mind
(a Cisco person was going to co-present the information even) and didn't
want the information released (because they were still working on the
problem, so they say). All the pages were removed from the bulk
information given to attendees and he was told to talk about another
subject. He then decided he wasn't going to do this...it would seem.
This is how I understand it anyways.
> -----Original Message-----
> From: dailydave-bounceslists.immunitysec.com
> [mailto:dailydave-bounceslists.immunitysec.com] On Behalf Of
> ET LoWNOISE
> Sent: Thursday, July 28, 2005 3:35 PM
> To: Steve Lord
> Cc: dailydavelists.immunitysec.com
> Subject: Re: [Dailydave] Lynn / Cisco shellcode
>
>
> I dont know but this issue isnt something like someone
> sending an email to everybody with propietary information.
> Even the bh-usa-05-speakers list specified what Lynn was going to do.
>
> "Michael Lynn will provide an
> architectural overview of IOS and explore the feasibility of
> code execution against Cisco routers."
>
> This things are not published and prepared one day before the
> conference, its hard to think that ISS didnt have a clue
> about what was going to happen.
>
>
>
> On Thu, 28 Jul 2005, Steve Lord wrote:
>
> > Mordy Ovits wrote:
> >
> > >On Thursday 28 July 2005 09:14 am, Thor Larholm wrote:
> > >
> > >
> > >>While Lynn worked at ISS he was doing a source code analysis for
> > >>Cisco.
> > >>
> > >>
> > >
> > >If that's true, than the biggest loser in this incident is
> ISS. Lynn
> > >may suffer, but ISS is ruined.
> > >
> > >Mordy
> > >
> > >
> > I'm not sure I agree with that last sentence Mordy.
> Depending upon how
> > they handle it they may never see Cisco again, but there's
> a world of
> > difference between X-Force losing major clients and ISS worldwide
> > going down the pan, at least that's how I see it (not that
> I'd shed a
> > tear for ISS if they did go down the pan, but that's beside
> the point).
> >
> > If ISS were doing a source code analysis, I do hope they have the
> > right to sue the bejesus out of the guy. I'd also suggest
> that Cisco
> > point the finger at ISS, rather than Lynn as he was under
> ISS's employ
> > at the time he wrote the talk, even though he wasn't when
> he gave it
> > and ultimately ISS is liable for his breach of NDA.
> >
> > However, if this turns into a DMCA job or a wacky
> > piracy/terrorist-type criminal issue, it just gives me
> another reason
> > not to return to the U.S. and remain in my undersea lair with my
> > home-grown PVR, open-source systems and TOR-ified tin-foil-covered
> > Internet connection ;)
> >
> > Steve
> > _______________________________________________
> > Dailydave mailing list
> > Dailydavelists.immunitysec.com
> > https://lists.immunitysec.com/mailman/listinfo/dailydave
> >
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> https://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]