RE: Cisco IOS Exploit Cover Up

..and of course:

"Cisco Denies Router Vulnerability Claims"


Cisco Systems is downplaying a news story that suggests new security flaws may have been discovered in some of its routers.


So, until the _facts_ come out, this appears to be spin vs. spin
(a play on spy v. spy, for all you Alfred E. Newman fans)...

- ferg

...and Wired News is running this story:

"Cisco Security Hole a Whopper"



A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.

Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.


- ferg

For what ot's worth, this story is running in the
popular trade press:

"Cisco nixes conference session on hacking IOS router code"

- ferg

Cisco's response thus far:


Since the talk was actually delivered - does anyone have a transcript or a
torrent for audio/video?

- Dan

I have been searching the net since this morning, for �The Holy Grail: Cisco IOS Shellcode Remote Execution�, or variations of such. This seems to be - at the moment - the most thought after torrent ...

Network Fortius, LLC

More fuel on the fire... Cisco and ISS are suing Lynn now...,39020375,39211011,00.htm

Not the first time Cisco has had a highly questionable attitude toward
security issues, even recently:
(cisco, lawyers, and patents).

Is this the start of a new pattern of behavior for cisco, or just more of
the same?