Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: [Dailydave] Tech reporting...
From: Victor Chapela (victorsm4rt.com)
Date: Tue Aug 02 2005 - 11:43:04 CDT
I did attend Lynn's talk and I do not remember him saying anything about
Cisco getting sued, quite the opposite.
Lynn did imply that there were many other non-patched problems and that he
decided to talk about this when he learnt that the source code for IOS had
been stolen. He said that what took him 6 months of research would take far
less for anyone with access to the source code. At a certain point he
emphasised by repeating three times "install the latest patch and you MAY be
ok". I understand the problem is a lot larger then just disabling IPv6.
Another thing he did say though, and that I have seen no comments on, is
that by mistake he overwrote the boot sector of his roommate's Cisco Router
rendering it useless until the EPROM was replaced. I do not know if this was
already a known attack vector but it most definitely gives a whole new
dimension to the impact of an orchestrated DoS attack.
Subject: [Dailydave] Tech reporting...
" Joseph Klein, senior security analyst at the aerospace electronic systems
division for Honeywell Technology Solutions, said he helped arrange a
meeting between government IT professionals and Lynn after the talk. Klein
said he was furious that Cisco had been unwilling to disclose the
buffer-overflow vulnerability in unpatched routers. "I can see a
class-action lawsuit against Cisco coming out of this," Klein said. "
So does this imply Cisco silently fixed bugs, and Lynn scorned them for that
? For all I see, the story is getting more and more confusing.
Dailydave mailing list