From: Victor Chapela (victorsm4rt.com)
Date: Tue Aug 02 2005 - 11:43:04 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I did attend Lynn's talk and I do not remember him saying anything about
Cisco getting sued, quite the opposite.

Lynn did imply that there were many other non-patched problems and that he
decided to talk about this when he learnt that the source code for IOS had
been stolen. He said that what took him 6 months of research would take far
less for anyone with access to the source code. At a certain point he
emphasised by repeating three times "install the latest patch and you MAY be
ok". I understand the problem is a lot larger then just disabling IPv6.

Another thing he did say though, and that I have seen no comments on, is
that by mistake he overwrote the boot sector of his roommate's Cisco Router
rendering it useless until the EPROM was replaced. I do not know if this was
already a known attack vector but it most definitely gives a whole new
dimension to the impact of an orchestrated DoS attack.

-Victor

-----Original Message-----
Subject: [Dailydave] Tech reporting...

" Joseph Klein, senior security analyst at the aerospace electronic systems
division for Honeywell Technology Solutions, said he helped arrange a
meeting between government IT professionals and Lynn after the talk. Klein
said he was furious that Cisco had been unwilling to disclose the
buffer-overflow vulnerability in unpatched routers. "I can see a
class-action lawsuit against Cisco coming out of this," Klein said. "

(source:http://www.computerworld.com/securitytopics/security/story/0,10801,1
03539p2,00.html)

So does this imply Cisco silently fixed bugs, and Lynn scorned them for that
? For all I see, the story is getting more and more confusing.

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]