http://www.eweek.com/article2/0,1759,1841669,00.asp
- ferg
Fergie (Paul Ferguson) wrote:
Cisco still seems to be spinning it, though. The important part of Lynn's presentation wasn't the IPv6 exploit, but how future exploits can be used to execute arbitrary code on Cisco equipment. By making a big deal about the "IPv6 exploit" they are in effect trying to reassure people that run IPv4-only networks that this is not a big problem, and that it doesn't effect them.
Like I said, PR disaster.
As more information comes out, the levels of misbehavior on behalf of
Cisco and ISS are reaching comical levels. I mean really, someone at ISS
filed a _criminal complaint_ over the _presentation_?
ISS' integrity has been questioned before, and this only seems to confirm
peoples' worst fears.
-Dan
>http://www.eweek.com/article2/0,1759,1841669,00.asp
Cisco still seems to be spinning it, though. The important part of
Lynn's presentation wasn't the IPv6 exploit, but how future exploits can
be used to execute arbitrary code on Cisco equipment. By making a big
deal about the "IPv6 exploit" they are in effect trying to reassure
people that run IPv4-only networks that this is not a big problem, and
that it doesn't effect them.
Important part of Lynn's presentation is that there will be buffer
overflows and they can be exploited, this is vendor independent. And the
threat was there 10 years ago and the threat will be there 10 years from
now.
Some people were also surprised by the 'late' ICMP 'vulnerabilities' and
some even found time to bash $vendor about it.
I guess someone has to yell wolf every now and then to interest people
in maintaining their systems.