New cisco exploit published in the media today

Henry_Linneweh · March 29, 2004, 8:11pm

Cisco warns of new hacking toolkit
http://www.infoworld.com/article/04/03/29/HNhackingtoolkit_1.html

exploit location
http://www.blackangels.it/

-Henry

Scott_Call1 · March 29, 2004, 10:21pm

Forgive the not panicing, but none of the exploits utilized by this tool
are new, the newest being a year old, most being 2-3 years old, judging by
the dates on the cisco pages.

-S

Bruce_Pinsky · March 29, 2004, 10:29pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Call wrote:

Forgive the not panicing, but none of the exploits utilized by this tool
are new, the newest being a year old, most being 2-3 years old, judging by
the dates on the cisco pages.

Yes, but the toolkit and the simplicity with which these exploits can now
be executed IS new. This notification serves as a reminder to those who
may not have addressed these vulnerabilities in their networks even where
there have been fixes for several years.

- --

Ariel_Biener · March 29, 2004, 10:37pm

Forgive the not panicing, but none of the exploits utilized by this tool
are new, the newest being a year old, most being 2-3 years old, judging by
the dates on the cisco pages.

Which brings to mind the question of when will reporters be able to
"objectively" report something, and not "attenuate" certain aspects for
the benefit of creating a "scoop".

I perfectly understand the need to make public the availability of this
new cracking tool, but I do not understand why there was no mention of
the fact it exploits bugs that are 1.5-3 years old, which would have put
matters in the proper perspective, instead of trying to create commotion
as if some immediate danger was hanging above our enterprise LANs.

*sigh*

--Ariel

Chris_Brookes1 · March 30, 2004, 12:43am

Ariel Biener wrote:

Which brings to mind the question of when will reporters be able to
"objectively" report something, and not "attenuate" certain aspects for
the benefit of creating a "scoop".

Not to mention driving traffic to their site which they wouldn't of seen had they mentioned certain key facts.

Chris

Valdis_Kletnieks · March 30, 2004, 12:50am

Compare the potential eyeball count:

"Exploit for 3 year old hole available"

"Death of Internet Predicted. MPEGs at 11 (10:30 in Newfoundland)".

Martin_J_Levy · March 30, 2004, 12:59am

"Death of Internet Predicted. MPEGs at 11 (10:30 in Newfoundland)".

I think it's 11:30 (Newfoundland does have DST). I'm not a Canadian (and I don't play one on the Internet), so don't quote me.

Martin